PC infecté par Trojan-Downloader.Win32.Tiny.i

Greg185 -  
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
PC infecté par Trojan-Downloader.Win32.Tiny.id

Bonjour , voila je n'arrive pas a me débarasser de ce virus qui revient tout le temp , donc je me tourne vers vous , de plus j'ai sans cesse des pub d'antivirus qui s'affiche et çe que quand j'utuise les pages internet ... j'ai kaspersky internet sécurity 2007 mais rien n'y fait ... le pc est devenu tres lent au demarage que sur le net .... que dois-je faire pour faire rentrer ça dans l'ordre ? merçi beaucoup .



Coordialement Greg .
A voir également:

53 réponses

Réponse 1 / 53
tribun Messages postés 73052 Date d'inscription   Statut Membre Dernière intervention   12 551
 
bonjour

fait une analyse avec SPYBOT, gratuit ici sur le site
et supprime,

ainsi que CCleaner , et nettoye ton pc

fait un scan en ligne

http://pandasoftware.fr
0
Réponse 2 / 53
franckccm Messages postés 9114 Date d'inscription   Statut Contributeur Dernière intervention   334
 
Bonjour,

La procédure complète pour se débarrasser de Trojan-Downloader.Win32.Tiny.id.

Bien suivre les procédure pas à pas, bon courage, @+
0
Réponse 3 / 53
Greg185
 
voiçi le rapport de HijackThis apres le scan complet de Bitdefender , que dois-je cocher ? et ensuite que dois-je faire ? merçi d'avance

j'ai suivi le tuto jusqu'a apres bitdefender maintenant je suis bloquer .





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:21:44, on 13/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\oli2\Local Settings\Temp\Rar$EX00.921\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\kbgkcgaf.dll",forkonce
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Bandook] C:\WINDOWS\system32\AlgLayer.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-be\msntabres.dll.mui/229?38cd651561ed4b479eb49c0d111fd699
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-be\msntabres.dll.mui/230?38cd651561ed4b479eb49c0d111fd699
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\CarbonPoker\Poker.exe (HKCU)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\tuxtytac.exe (file missing)
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
0
Réponse 4 / 53
Greg185
 
tjr personne ?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 53
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
Double-clique VundoFix.exe afin de le lancer.

Clique sur le bouton Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
Démarre ton PC à nouveau.
Copie/colle le rapport (c:\vundofix.txt) dans ta réponse

Mets aussi un nouveau log Hijackthis.

@+
0
Réponse 6 / 53
Greg185
 
bsr , voiçi le rapport de VundoFix ,


VundoFix V6.5.8

Checking Java version...

Scan started at 2:27:59 14/09/2007

Listing files found while scanning....

C:\windows\system32\admwboce.ini
C:\windows\system32\coedtkmq.dll
C:\windows\system32\ecobwmda.dll
C:\windows\system32\fagckgbk.ini
C:\windows\system32\gaxjrxaj.ini
C:\windows\system32\jaxrjxag.dll
C:\windows\system32\kbgkcgaf.dll
C:\WINDOWS\system32\mwwadftk.dll
C:\windows\system32\ouknyhhp.ini
C:\windows\system32\phhynkuo.dll
C:\windows\system32\qmktdeoc.ini
C:\windows\system32\qoyyffis.ini
C:\WINDOWS\system32\siffyyoq.dll
C:\windows\system32\wkqhfjjy.exe
C:\windows\system32\xwuggwsf.exe

Beginning removal...

Attempting to delete C:\windows\system32\admwboce.ini
C:\windows\system32\admwboce.ini Has been deleted!

Attempting to delete C:\windows\system32\coedtkmq.dll
C:\windows\system32\coedtkmq.dll Has been deleted!

Attempting to delete C:\windows\system32\ecobwmda.dll
C:\windows\system32\ecobwmda.dll Has been deleted!

Attempting to delete C:\windows\system32\fagckgbk.ini
C:\windows\system32\fagckgbk.ini Has been deleted!

Attempting to delete C:\windows\system32\gaxjrxaj.ini
C:\windows\system32\gaxjrxaj.ini Has been deleted!

Attempting to delete C:\windows\system32\jaxrjxag.dll
C:\windows\system32\jaxrjxag.dll Could not be deleted.

Attempting to delete C:\windows\system32\kbgkcgaf.dll
C:\windows\system32\kbgkcgaf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mwwadftk.dll
C:\WINDOWS\system32\mwwadftk.dll Has been deleted!

Attempting to delete C:\windows\system32\ouknyhhp.ini
C:\windows\system32\ouknyhhp.ini Has been deleted!

Attempting to delete C:\windows\system32\phhynkuo.dll
C:\windows\system32\phhynkuo.dll Has been deleted!

Attempting to delete C:\windows\system32\qmktdeoc.ini
C:\windows\system32\qmktdeoc.ini Has been deleted!

Attempting to delete C:\windows\system32\qoyyffis.ini
C:\windows\system32\qoyyffis.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\siffyyoq.dll
C:\WINDOWS\system32\siffyyoq.dll Has been deleted!

Attempting to delete C:\windows\system32\wkqhfjjy.exe
C:\windows\system32\wkqhfjjy.exe Has been deleted!

Attempting to delete C:\windows\system32\xwuggwsf.exe
C:\windows\system32\xwuggwsf.exe Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\windows\system32\jaxrjxag.dll
C:\windows\system32\jaxrjxag.dll Has been deleted!

Performing Repairs to the registry.
Done!

et voiçi le log de HijackThis ,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:07:50, on 14/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\oli2\Local Settings\Temp\Rar$EX00.329\HijackThis.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\torbwxca.dll",forkonce
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Bandook] C:\WINDOWS\system32\AlgLayer.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-be\msntabres.dll.mui/229?38cd651561ed4b479eb49c0d111fd699
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-be\msntabres.dll.mui/230?38cd651561ed4b479eb49c0d111fd699
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\CarbonPoker\Poker.exe (HKCU)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\tuxtytac.exe (file missing)
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
0
Réponse 7 / 53
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

1) Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur parcourir et cherche ce fichier : C:\WINDOWS\system32\torbwxca.dll
Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse.

2) Recommence avec :

C:\WINDOWS\system32\AlgLayer.exe

3) Ouvre ce lien : http://secubox.gateweb.org/mad.php

clique sur parcourir

Cherche : C:\WINDOWS\system32\AlgLayer.exe

Dans la fenêtre commentaire tu écris :
Bonjour,
à la demande de Lyonnais92.
Merci.

Tu cliques sur envoyer.

4) Télécharge OAD http://sosvirus.changelog.fr/OAD.exe
- Enregistre le sur ton bureau

Double clique sur le OAD pour le lancer

- nom de fichier à rechercher tape ou fais un copier coller de : tuxtytac.exe
- Type de recherche : sélectionne l'option 6 puis valide [entree]

OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ai terminé.
Le rapport de recherche s'affichera automatiquement à dès qu'il en aura terminé.

- Fais un copier / coller de ce rapport dans ton prochain post.

Note importante : Suivant la taille des disques dur cette recherche peut prendre plusieurs minutes. Sois patient(e)

5) Arrête ce service

DomainService

pour ça fais cette manip :

Démarrer -> executer tape services.msc clic droit sur le service cité - > propriétés et dans "type de démarrage" et mets le sur « arrêté » et « désactivé ».

6) Ton installation d'Hijackthis est incorrecte : les backup risquent d'être éffacés.

Désinstalles la version actuelle par : panneau de configuration, ajout/suppression de programmes, Hijackthis.

Ensuite, clique sur ce lien
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
pour télécharger le fichier d'installation d'HijackThis.

Enregistre HJTInstall.exe sur ton bureau.

Double-clique sur HJTInstall.exe pour lancer le programme

Par défaut, il s'installera là :
C:\Program Files\Trend Micro\HijackThis

Accepte la license en cliquant sur le bouton "I Accept"


Tutoriaux : http://pageperso.aol.fr/balltrap34/demohijack.htm (ne fixe rien pour le moment !!)
http://cybersecurite.xooit.com/t138-HijackThis-2-0-2.htm Relance HijackThis.

Choisis Do a scan only

Coche la case devant les lignes suivantes

O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\torbwxca.dll",forkonce
O4 - HKCU\..\Run: [Bandook] C:\WINDOWS\system32\AlgLayer.exe

Ferme toutes les fenêtres (hormis HijackThis), y compris ton navigateur.

Clique sur fix checked.

Ferme Hijackthis.

7) Remets un log Hijackthis;

Bon courage. Fais les manips une par une, ça va aller tout seul.

@+


0
Réponse 8 / 53
Greg185
 
bonjour je n'ai pas su arretter AOD r raison que je n'ai pas trouver " le service cité " , je n'ai pas su désinstaller l'ancien HijackThis pour raison que mes programmes ne s'ouvres plus normlement depuis ces infection dans mon pc , c'est à dire que je dois faire click droit sur le pgramme et faire " xecuter en tant que alors la un fichier .exe s'ouvre sous " l'aperçu des images et des téléscopies windows " alors une autre fenetre s'ouvre je décoche une case et la seulement le programme s'ouvre , seulement voila , les fichiers rundll32.exe , eux s'ouvre pas tout court , donc je l'ai supprimer manullement , a la corbeille koi . ( merçi encore de ton aide )

Voiçi le rapport de torbwxca ,

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2007.9.14.0 2007.09.14 -
AntiVir 7.6.0.10 2007.09.14 TR/Vundo.DMP.27
Authentium 4.93.8 2007.09.14 -
Avast 4.7.1043.0 2007.09.13 Win32:Vundo-gen46
AVG 7.5.0.485 2007.09.14 Lop.CV
BitDefender 7.2 2007.09.14 Trojan.Vundo.DMP
CAT-QuickHeal 9.00 2007.09.13 -
ClamAV 0.91.2 2007.09.14 -
DrWeb 4.33 2007.09.14 Trojan.Virtumod
eSafe 7.0.15.0 2007.09.13 Suspicious Trojan/Worm
eTrust-Vet 31.1.5135 2007.09.14 Win32/Vundo!generic
Ewido 4.0 2007.09.13 -
FileAdvisor 1 2007.09.14 -
Fortinet 3.11.0.0 2007.09.14 -
F-Prot 4.3.2.48 2007.09.13 W32/VmondeP.AK
F-Secure 6.70.13030.0 2007.09.14 W32/Vundo.dam
Ikarus T3.1.1.12 2007.09.14 Trojan.Virtumod
Kaspersky 4.0.2.24 2007.09.14 -
McAfee 5119 2007.09.13 -
Microsoft 1.2803 2007.09.14 Trojan:Win32/Virtumonde.O
NOD32v2 2529 2007.09.13 a variant of Win32/Adware.Virtumonde
Norman 5.80.02 2007.09.13 W32/Vundo.dam
Panda 9.0.0.4 2007.09.13 Suspicious file
Prevx1 V2 2007.09.14 Trojan.Vundo
Rising 19.40.42.00 2007.09.14 -
Sophos 4.21.0 2007.09.14 Virtumundo
Sunbelt 2.2.907.0 2007.09.13 VIPRE.Suspicious
Symantec 10 2007.09.14 -
TheHacker 6.2.5.059 2007.09.14 -
VBA32 3.12.2.4 2007.09.13 -
VirusBuster 4.3.26:9 2007.09.13 Adware.Vundo.P.Gen
Webwasher-Gateway 6.0.1 2007.09.14 Trojan.Vundo.DMP.27
Information additionnelle
File size: 125504 bytes
MD5: 3aca480f19f8b60c017b0af23bcd5f25
SHA1: ac116badad0c3d13213fec6d1f7ff26cad406cfa
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=D7E0D98C40E38C7AEAD1019BBD590800D9DAC01D
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.


Voiçi le second rapport de tuxtytac ,

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2007.9.14.0 2007.09.14 -
AntiVir 7.6.0.10 2007.09.14 TR/Vundo.DMP.27
Authentium 4.93.8 2007.09.14 -
Avast 4.7.1043.0 2007.09.13 Win32:Vundo-gen46
AVG 7.5.0.485 2007.09.14 Lop.CV
BitDefender 7.2 2007.09.14 Trojan.Vundo.DMP
CAT-QuickHeal 9.00 2007.09.13 -
ClamAV 0.91.2 2007.09.14 -
DrWeb 4.33 2007.09.14 Trojan.Virtumod
eSafe 7.0.15.0 2007.09.13 Suspicious Trojan/Worm
eTrust-Vet 31.1.5135 2007.09.14 Win32/Vundo!generic
Ewido 4.0 2007.09.13 -
FileAdvisor 1 2007.09.14 -
Fortinet 3.11.0.0 2007.09.14 -
F-Prot 4.3.2.48 2007.09.13 W32/VmondeP.AK
F-Secure 6.70.13030.0 2007.09.14 W32/Vundo.dam
Ikarus T3.1.1.12 2007.09.14 Trojan.Virtumod
Kaspersky 4.0.2.24 2007.09.14 -
McAfee 5119 2007.09.13 -
Microsoft 1.2803 2007.09.14 Trojan:Win32/Virtumonde.O
NOD32v2 2529 2007.09.13 a variant of Win32/Adware.Virtumonde
Norman 5.80.02 2007.09.13 W32/Vundo.dam
Panda 9.0.0.4 2007.09.13 Suspicious file
Prevx1 V2 2007.09.14 Trojan.Vundo
Rising 19.40.42.00 2007.09.14 -
Sophos 4.21.0 2007.09.14 Virtumundo
Sunbelt 2.2.907.0 2007.09.13 VIPRE.Suspicious
Symantec 10 2007.09.14 -
TheHacker 6.2.5.059 2007.09.14 -
VBA32 3.12.2.4 2007.09.13 -
VirusBuster 4.3.26:9 2007.09.13 Adware.Vundo.P.Gen
Webwasher-Gateway 6.0.1 2007.09.14 Trojan.Vundo.DMP.27
Information additionnelle
File size: 125504 bytes
MD5: 3aca480f19f8b60c017b0af23bcd5f25
SHA1: ac116badad0c3d13213fec6d1f7ff26cad406cfa
Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5=D7E0D98C40E38C7AEAD1019BBD590800D9DAC01D
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

Et voiçi pour finir le log de HijackThis ,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:39:20, on 14/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-be\msntabres.dll.mui/229?38cd651561ed4b479eb49c0d111fd699
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-be\msntabres.dll.mui/230?38cd651561ed4b479eb49c0d111fd699
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\CarbonPoker\Poker.exe (HKCU)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\tuxtytac.exe (file missing)
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
0
Réponse 9 / 53
Greg185 Messages postés 3 Statut Membre
 
Dsl du bs post mais j'ai oublier d'y glisser le rapport de alg.exe ,

le voiçi ,

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2007.9.14.0 2007.09.14 -
AntiVir 7.6.0.10 2007.09.14 -
Authentium 4.93.8 2007.09.14 -
Avast 4.7.1043.0 2007.09.13 -
AVG 7.5.0.485 2007.09.14 -
BitDefender 7.2 2007.09.14 -
CAT-QuickHeal 9.00 2007.09.13 -
ClamAV 0.91.2 2007.09.14 -
DrWeb 4.33 2007.09.14 -
eSafe 7.0.15.0 2007.09.13 -
eTrust-Vet 31.1.5135 2007.09.14 -
Ewido 4.0 2007.09.13 -
FileAdvisor 1 2007.09.14 -
Fortinet 3.11.0.0 2007.09.14 -
F-Prot 4.3.2.48 2007.09.13 -
F-Secure 6.70.13030.0 2007.09.14 -
Ikarus T3.1.1.12 2007.09.14 -
Kaspersky 4.0.2.24 2007.09.14 -
McAfee 5119 2007.09.13 -
Microsoft 1.2803 2007.09.14 -
NOD32v2 2529 2007.09.13 -
Norman 5.80.02 2007.09.13 -
Panda 9.0.0.4 2007.09.13 -
Prevx1 V2 2007.09.14 -
Rising 19.40.42.00 2007.09.14 -
Sophos 4.21.0 2007.09.14 -
Sunbelt 2.2.907.0 2007.09.13 -
Symantec 10 2007.09.14 -
TheHacker 6.2.5.059 2007.09.14 -
VBA32 3.12.2.4 2007.09.13 -
VirusBuster 4.3.26:9 2007.09.13 -
Webwasher-Gateway 6.0.1 2007.09.14 -
Information additionnelle
File size: 44544 bytes
MD5: b43cc0f07752d456038cd0268e4d84e9
SHA1: 6d02f5def2e1b74539e4825a4661363e19530266
0
Réponse 10 / 53
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

seulement voila , les fichiers rundll32.exe , eux s'ouvre pas tout court

Tu as mis le fichier rundll32.exe à la corbeille ?

Si oui, ouvre la corbeille et restaure ce fichier en urgence.

tu as mis un rapport alg.exe. J'avais demandé un rapport sur C:\WINDOWS\system32\AlgLayer.exe . raccourci de frapppe ?


Double-clique VundoFix.exe afin de le lancer
NE clique PAS sur le bouton Scan for Vundo
Clique Droit dans la fenêtre blanche, choisis Add more files ?
Rajoute dans la première ligne :
C:\WINDOWS\system32\torbwxca.dll
Dans la deuxième ligne :
C:\WINDOWS\system32\tuxtytac.exe


Clique successivement sur :
- Add Files
- Close Windows
- Remove Vundo


Si l'outil te demande de redémarrer, accepte.
Copie/Colle ensuite le rapport C:\vundofix.txt

Remets un log Hijackthis
@+
0
Réponse 11 / 53
Greg185 Messages postés 3 Statut Membre
 
non lol pas le fichier a la corbeille lol , l'ancien HijackThis , et je n'ai pas trouver dans system32 AlgLayer.exe , j'ai juste trouver alg.exe , je fais ce que tu demande , a bientot et merçi
0
Réponse 12 / 53
Greg185 Messages postés 3 Statut Membre
 
voiçi ce qu'il dit dans le rapport de VundoFix,

Beginning removal...

Performing Repairs to the registry.
Done!

et voiçi le log HijackThis ,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:59:32, on 14/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-be\msntabres.dll.mui/229?38cd651561ed4b479eb49c0d111fd699
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-be\msntabres.dll.mui/230?38cd651561ed4b479eb49c0d111fd699
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\CarbonPoker\Poker.exe (HKCU)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\tuxtytac.exe (file missing)
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
0
Réponse 13 / 53
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

je déteste ces fichiers qui disparaissent sans qu'on ait "rien fait".

Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.

Précise les ennuis qui restent. Merci.

@+
0
Réponse 14 / 53
Greg185
 
ennuis restant ,

- UC à 100%
- Processeur inactif 00 au lieu de 99
-AOD tjr par arreter (toujour pas trouver )
-Virus , Trojan , Cheval de Troie qui reviennent , avec kaspersky je dois les mettre manuellement en quarantaine ,je le fais , et le trojan downloader revient sur un autre nom.exe , a chaque redémarage ils sont la à me pomper le pc ..

en attendant voiçi le rapport Virtumundo ,

[09/14/2007, 21:17:21] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\oli2\Bureau\VirtumundoBeGone.exe" )
[09/14/2007, 21:17:27] - Detected System Information:
[09/14/2007, 21:17:27] - Windows Version: 5.1.2600, Service Pack 2
[09/14/2007, 21:17:27] - Current Username: oli2 (Admin)
[09/14/2007, 21:17:28] - Windows is in NORMAL mode.
[09/14/2007, 21:17:28] - Searching for Browser Helper Objects:
[09/14/2007, 21:17:28] - BHO 1: {49E0E0F0-5C30-11D4-945D-000000000003} (IE PopUp-Killer ; Neikeisoft)
[09/14/2007, 21:17:28] - BHO 2: {4AA49418-D47E-47EB-AAD9-3FA5155F3025} ()
[09/14/2007, 21:17:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/14/2007, 21:17:28] - Checking for HKLM\...\Winlogon\Notify\pmnkklm
[09/14/2007, 21:17:28] - Key not found: HKLM\...\Winlogon\Notify\pmnkklm, continuing.
[09/14/2007, 21:17:28] - BHO 3: {4AB0E26E-C444-436F-910F-A7B132479B97} ()
[09/14/2007, 21:17:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/14/2007, 21:17:28] - Checking for HKLM\...\Winlogon\Notify\awtss
[09/14/2007, 21:17:28] - Key not found: HKLM\...\Winlogon\Notify\awtss, continuing.
[09/14/2007, 21:17:28] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[09/14/2007, 21:17:28] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[09/14/2007, 21:17:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/14/2007, 21:17:29] - No filename found. Continuing.
[09/14/2007, 21:17:29] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[09/14/2007, 21:17:29] - BHO 7: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[09/14/2007, 21:17:29] - BHO 8: {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} ()
[09/14/2007, 21:17:29] - WARNING: BHO has no default name. Checking for Winlogon reference.
[09/14/2007, 21:17:29] - Checking for HKLM\...\Winlogon\Notify\qhnxtqml
[09/14/2007, 21:17:29] - Key not found: HKLM\...\Winlogon\Notify\qhnxtqml, continuing.
[09/14/2007, 21:17:29] - Finished Searching Browser Helper Objects
[09/14/2007, 21:17:29] - Finishing up...
[09/14/2007, 21:17:29] - Nothing found! Exiting...


voiçi ensuite le log de HijackThis ,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:35:44, on 14/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\oli2\Local Settings\Temp\Rar$EX03.422\Proxy_Checker.exe
C:\Documents and Settings\oli2\Local Settings\Temp\Rar$EX04.672\Kriptonite v2.0b.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\wubdgweu.dll",forkonce
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-be\msntabres.dll.mui/229?38cd651561ed4b479eb49c0d111fd699
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-be\msntabres.dll.mui/230?38cd651561ed4b479eb49c0d111fd699
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\CarbonPoker\Poker.exe (HKCU)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\tuxtytac.exe (file missing)
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
0
Réponse 15 / 53
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonsoir,

renomme hijackthis.exe en scanner.exe

exécute le à nouveau et poste le nouveau rapport.

@+
0
Réponse 16 / 53
Greg185
 
Bonsoir voiçi le log de HijackThis renommer en scanne.exe , merçi encore



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:40:35, on 14/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\oli2\Local Settings\Temp\Rar$EX04.672\Kriptonite v2.0b.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CarbonPoker\client.cor
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\wubdgweu.dll",forkonce
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-be\msntabres.dll.mui/229?38cd651561ed4b479eb49c0d111fd699
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-be\msntabres.dll.mui/230?38cd651561ed4b479eb49c0d111fd699
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\CarbonPoker\Poker.exe (HKCU)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\tuxtytac.exe (file missing)
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
0
Réponse 17 / 53
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

Télécharge SREng (de Smallfrogs) : http://www.kztechs.com/eng/download.html
Dézippe tout son contenu sur ton bureau (clic droit puis Extraire ici).
Ouvre le dossier SReng2 et double-clique sur SREng.exe.
Clique sur "smart scan".
Clique sur le bouton "scan".
Quand l'analyse est terminée, clique sur le bouton "save reports".
Sauvegarde alors le rapport sur ton bureau.
Copie/colle le contenu du rapport SREnglLOG.log dans ta prochaine réponse.

@+
0
Réponse 18 / 53
Greg185
 
Bonjour , voiçi le rapport de sreng ,

[CODE]

2007-09-15,14:17:12

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<CTFMON.EXE><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<msnmsgr><"C:\Program Files\MSN Messenger\msnmsgr.exe" /background> [(Verified)Microsoft Corporation]
<MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Windows XP Publisher]
<Shareaza><"C:\Program Files\Shareaza\Shareaza.exe" -tray> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<SigmatelSysTrayApp><stsystra.exe> [SigmaTel, Inc.]
<SunJavaUpdateSched><"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."]
<PCSuiteTrayApplication><C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray> [Nokia]
<avgnt><"C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min> [N/A]
<!AVG Anti-Spyware><"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized> [(Verified)GRISOFT LTD]
<MP10_EnsureFileVer><C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions> [(Verified)Microsoft Windows Component Publisher]
<AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"> [(Verified)Kaspersky Lab]
<SystemOptimizer><rundll32.exe "C:\WINDOWS\system32\rwpfbqsf.dll",forkonce> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll> [(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<GinaDLL><C:\WINDOWS\system32\BCMLogon.dll> [Broadcom Corporation]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll> [(Verified)GRISOFT LTD]
<{4AA49418-D47E-47EB-AAD9-3FA5155F3025}><C:\WINDOWS\system32\pmnkklm.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
<WinlogonNotify: igfxcui><igfxdev.dll> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
<WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll> [(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{423702KJY0-YKN5OK-D1KOW-F49T8-TVUI81RWM117}]
<N/A><netconfig.exe> [TCU]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{B6A807N6-42DF-4W02-93E5-B156B3FA8AL1}]
<N/A><C:\WINDOWS\system32\AlgLayer.exe> [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Ashampoo PopUpBlocker><; C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUpKiller.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Broadcom Wireless Manager UI><; C:\WINDOWS\System32\WLTRAY.exe> [Dell Inc.]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<CTFMON.EXE><; C:\WINDOWS\System32\ctfmon.exe> [(Verified)Microsoft Windows Component Publisher]
<Google Desktop Search><; "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<igfxhkcmd><; C:\WINDOWS\System32\hkcmd.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<igfxpers><; C:\WINDOWS\System32\igfxpers.exe> [(Verified)Microsoft Windows Publisher]
<igfxtray><; C:\WINDOWS\System32\igfxtray.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Windows XP Publisher]
<MsnMsgr><; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<RemoteControl><; "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"> [Cyberlink Corp.]

==================================
Startup Folders
N/A

==================================
Services
[AntiVir PersonalEdition Classic Scheduler / AntiVirScheduler][Stopped/Auto Start]
<"C:\Program Files\AntiVir PersonalEdition Classic\sched.exe"><N/A>
[AntiVir PersonalEdition Classic Guard / AntiVirService][Stopped/Auto Start]
<"C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe"><N/A>
[Gestion d'applications / AppMgmt][Stopped/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
<C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><GRISOFT s.r.o.>
[Kaspersky Internet Security 7.0 / AVP][Running/Auto Start]
<"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r><Kaspersky Lab>
[DomainService / DomainService][Stopped/Auto Start]
<C:\WINDOWS\system32\tuxtytac.exe /service><N/A>
[Accès du périphérique d'interface utilisateur / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Macromedia Licensing Service / Macromedia Licensing Service][Stopped/Manual Start]
<"C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe"><Macromedia>
[Dell Wireless WLAN Tray Service / wltrysvc][Running/Auto Start]
<C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe><N/A>

==================================
Drivers
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
<\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
<System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[avgio / avgio][Stopped/System Start]
<\??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys><N/A>
[avgntflt / avgntflt][Stopped/Manual Start]
<\??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys><N/A>
[avipbb / avipbb][Running/System Start]
<system32\DRIVERS\avipbb.sys><AVIRA GmbH>
[Pilote de la carte réseau local sans fil Wireless de Dell / BCM43XX][Running/Manual Start]
<System32\DRIVERS\bcmwl5.sys><Broadcom Corporation>
[catchme / catchme][Stopped/Manual Start]
<\??\C:\DOCUME~1\oli2\LOCALS~1\Temp\catchme.sys><N/A>
[driverhardwarev2 / driverhardwarev2][Stopped/Manual Start]
<\??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys><Ma-Config.com>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
<System32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HSFHWAZL / HSFHWAZL][Running/Manual Start]
<System32\DRIVERS\HSFHWAZL.sys><Conexant Systems, Inc.>
[HSF_DPV / HSF_DPV][Running/Manual Start]
<System32\DRIVERS\HSF_DPV.sys><Conexant Systems, Inc.>
[ialm / ialm][Running/Manual Start]
<System32\DRIVERS\ialmnt5.sys><Intel Corporation>
[kl1 / kl1][Running/Boot Start]
<\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[Kaspersky Anti-Virus NDIS Filter / klim5][Running/Manual Start]
<system32\DRIVERS\klim5.sys><Kaspersky Lab>
[mdmxsdk / mdmxsdk][Running/Auto Start]
<System32\DRIVERS\mdmxsdk.sys><Conexant>
[Pilote de liaison parallèle directe / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv][Running/Auto Start]
<System32\DRIVERS\secdrv.sys><N/A>
[ssmdrv / ssmdrv][Running/System Start]
<system32\DRIVERS\ssmdrv.sys><Avira GmbH>
[SigmaTel High Definition Audio CODEC / STHDA][Running/Manual Start]
<system32\drivers\sthda.sys><SigmaTel, Inc.>
[winachsf / winachsf][Running/Manual Start]
<System32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>

==================================
Browser Add-ons
[IE PopUp-Killer ; Neikeisoft]
{49E0E0F0-5C30-11D4-945D-000000000003} <C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUp.dll, N/A>
[]
{4AA49418-D47E-47EB-AAD9-3FA5155F3025} <C:\WINDOWS\system32\pmnkklm.dll, N/A>
[]
{54EAB52B-481E-4F65-B2FC-70BA17314204} <C:\WINDOWS\system32\awtss.dll, N/A>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, Sun Microsystems, Inc.>
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Windows Live Toolbar Helper]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, N/A>
[]
{CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} <C:\WINDOWS\system32\qhnxtqml.dll, N/A>
[Java Plug-in 1.6.0_01]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, Sun Microsystems, Inc.>
[Statistiques d’Anti-Virus Internet]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll, Kaspersky Lab>
[Titan Poker]
{49783ED4-258D-4f9f-BE11-137C18D3E543} <C:\Poker\Titan Poker\casino.exe, >
[]
{85d1f590-48f4-11d9-9669-0800200c9a66} <%windir%\bdoscandel.exe, N/A>
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[CarbonPoker]
{6FDD5236-C9F0-49ef-935D-385F5E21991A} <C:\Program Files\CarbonPoker\Poker.exe, CarbonPoker.com>
[Windows Live Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, N/A>
[SysProWmi Class]
{01A88BB1-1174-41EC-ACCB-963509EAE56B} <C:\WINDOWS\System32\Dell\SystemProfiler\SysPro.ocx, Dell Computer Corp.>
[BDSCANONLINE Control]
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} <C:\WINDOWS\DOWNLO~1\oscan8.ocx, SOFTWIN>
[DivXBrowserPlugin Object]
{67DABFBF-D0AB-41FA-9C46-CC0F21721616} <C:\Program Files\DivX\DivX Web Player\npdivx32.dll, DivX,Inc.>
[Java Plug-in 1.6.0_01]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_01]
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_01]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll, Sun Microsystems, Inc.>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[InformationCardSigninHelper Class]
{19916E01-B44E-4E31-94A4-4696DF46157B} <C:\WINDOWS\system32\icardie.dll, Microsoft Corporation>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[XML DOM Document]
{2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\System32\msxml3.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Fichiers communs\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Tabular Data Control]
{333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\System32\msxml3.dll, N/A>
[IE PopUp-Killer ; Neikeisoft]
{49E0E0F0-5C30-11D4-945D-000000000003} <C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUp.dll, N/A>
[]
{4AA49418-D47E-47EB-AAD9-3FA5155F3025} <C:\WINDOWS\system32\pmnkklm.dll, N/A>
[]
{54EAB52B-481E-4F65-B2FC-70BA17314204} <C:\WINDOWS\system32\awtss.dll, N/A>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[BDSCANONLINE Control]
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} <C:\WINDOWS\DOWNLO~1\oscan8.ocx, SOFTWIN>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[DivXBrowserPlugin Object]
{67DABFBF-D0AB-41FA-9C46-CC0F21721616} <C:\Program Files\DivX\DivX Web Player\npdivx32.dll, DivX,Inc.>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, Sun Microsystems, Inc.>
[HardwareDetection Control]
{867E13F2-7F31-44FB-AC97-CD38E0DC46EF} <C:\PROGRA~1\MA-CON~1.COM\HARDWA~1.OCX, Ma-Config.com>
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Windows Live Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, N/A>
[Windows Live Toolbar Helper]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, N/A>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[]
{CF46BFB3-2ACC-441B-B82B-36B9562C7FF1} <C:\WINDOWS\system32\qhnxtqml.dll, N/A>
[Windows Live Sign-in Control]
{D2517915-48CE-4286-970F-921E881B8C5C} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[]
{E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} <C:\PROGRA~1\MSNMES~1\MSGSC8~1.DLL, Microsoft Corporation>
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\System32\msxml3.dll, N/A>
[XML DOM Document 3.0]
{F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\System32\msxml3.dll, N/A>
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\System32\msxml3.dll, N/A>
[&Windows Live Search]
<res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm, N/A>
[Add to Windows &Live Favorites]
<https://onedrive.live.com/?id=favorites N/A>
[Ajouter à Kaspersky Anti-Bannière]
<C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm, N/A>
[Ouvrir dans un nouvel onglet d'arrière-plan]
<res://C:\Program Files\Windows Live Toolbar\Components\fr-be\msntabres.dll.mui/229?38cd651561ed4b479eb49c0d111fd699, N/A>
[Ouvrir dans un nouvel onglet de premier plan]
<res://C:\Program Files\Windows Live Toolbar\Components\fr-be\msntabres.dll.mui/230?38cd651561ed4b479eb49c0d111fd699, N/A>

==================================
Running Processes
[PID: 804 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 908 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 960 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\BCMLogon.dll] [Broadcom Corporation, 4.10.47.3]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.123]
[C:\WINDOWS\system32\klogon.dll] [Kaspersky Lab, 7.0.0.123]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1004 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1016 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\awtss.dll] [N/A, ]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16512 (vista_gdr.070625-1522)]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.123]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.123]
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll] [N/A, ]
[PID: 1208 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1308 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.123]
[PID: 1352 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.123]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16512 (vista_gdr.070625-1522)]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll] [Kaspersky Lab, 7.0.0.123]
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.123]
[PID: 1492 / SERVICE RÉSEAU][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.123]
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll] [N/A, ]
[PID: 1520 / SERVICE LOCAL][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16512 (vista_gdr.070625-1522)]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.123]
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll] [N/A, ]
[PID: 1712 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.123]
[PID: 216 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 236 / SYSTEM][C:\WINDOWS\System32\WLTRYSVC.EXE] [N/A, ]
[C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[PID: 320 / SYSTEM][C:\WINDOWS\System32\bcmwltry.exe] [Dell Inc., 4.10.47.3]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16512 (vista_gdr.070625-1522)]
[C:\WINDOWS\System32\bcm1xsup.dll] [N/A, ]
[C:\WINDOWS\System32\bcmwlpkt.dll] [CACE Technologies, 3, 1, 0, 27]
[C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\System32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\System32\atl71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\System32\wltrynt.dll] [Broadcom Corporation, 4.10.47.3]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.123]
[PID: 796 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll] [N/A, ]
[PID: 1752 / oli2][C:\WINDOWS\system32\wscntfy.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2336 / oli2][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.123]
[PID: 2560 / oli2][C:\Program Files\internet explorer\iexplore.exe] [Microsoft Corporation, 7.00.6000.16512 (vista_gdr.070625-1522)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16512 (vista_gdr.070625-1522)]
[C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.0.123]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.123]
[C:\WINDOWS\system32\IEFRAME.dll] [Microsoft Corporation, 7.00.6000.16512 (vista_gdr.070625-1522)]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll] [Kaspersky Lab, 7.0.0.123]
[C:\WINDOWS\system32\IEUI.dll] [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
[C:\WINDOWS\system32\xmllite.dll] [Microsoft Corporation, 1.00.1018.0]
[C:\Program Files\Internet Explorer\ieproxy.dll] [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUp.dll] [N/A, ]
[C:\WINDOWS\system32\awtss.dll] [N/A, ]
[C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll] [Sun Microsystems, Inc., 6.0.10.6]
[C:\Program Files\Java\jre1.6.0_01\bin\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll] [Microsoft Corporation, 4.100.313.1]
[C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\msidcrl40.dll] [Microsoft Corporation, 4.100.313.1]
[C:\WINDOWS\system32\qhnxtqml.dll] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.123]
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\klscav.dll] [Kaspersky Lab, 7.0.0.123]
[C:\WINDOWS\System32\Macromed\Flash\Flash9c.ocx] [Adobe Systems, Inc., 9,0,45,0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\msfeeds.dll] [Microsoft Corporation, 7.00.6000.16512 (vista_gdr.070625-1522)]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\prloader.dll] [Kaspersky Lab, 7.0.0.123]
[C:\WINDOWS\system32\MFPlat.DLL] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
[PID: 2628 / oli2][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16512 (vista_gdr.070625-1522)]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.123]
[PID: 2688 / oli2][C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe] [Microsoft Corporation, 4.100.313.1]
[C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\msidcrl40.dll] [Microsoft Corporation, 4.100.313.1]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16512 (vista_gdr.070625-1522)]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.123]
[PID: 3436 / oli2][C:\WINDOWS\explorer.exe] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16512 (vista_gdr.070625-1522)]
[C:\WINDOWS\system32\awtss.dll] [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.123]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16512 (vista_gdr.070625-1522)]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll] [Kaspersky Lab, 7.0.0.123]
[C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll] [Nokia, 6, 60, 15, 3]
[C:\WINDOWS\system32\ConnAPI.DLL] [Nokia., 6, 60, 27, 2]
[C:\Program Files\Nokia\Nokia PC Suite 6\PCSCM.dll] [Nokia, 6, 60, 45, 4]
[C:\Program Files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_fre.nlr] [Nokia, 6, 60, 5, 0]
[C:\Program Files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr] [Nokia, 6, 60, 1, 1]
[C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll] [Kaspersky Lab, 7.0.0.123]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.123]
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll] [N/A, ]
[C:\WINDOWS\System32\mscoree.dll] [Microsoft Corporation, 2.0.50727.253 (QFE.050727-2500)]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll] [Microsoft Corporation, 1.1.4322.2407]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll] [Microsoft Corporation, 1.1.4322.2407]
[C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll] [GRISOFT s.r.o., 7, 5, 1, 36]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll] [GRISOFT s.r.o., 7, 5, 1, 36]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ShellEx.dll] [Kaspersky Lab, 7.0.0.123]
[PID: 4004 / oli2][C:\Documents and Settings\oli2\Bureau\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16512 (vista_gdr.070625-1522)]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.0.123]
[C:\Documents and Settings\oli2\Bureau\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll] [Kaspersky Lab, 7.0.0.123]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.0.123]
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll] [N/A, ]

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
Google Desktop over [MSAFD Tcpip [TCP/IP]]
C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll(, N/A)
Google Desktop over [MSAFD Tcpip [UDP/IP]]
C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll(, N/A)
Google Desktop
C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll(, N/A)

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1 localhost

==================================
Process Privileges Scan
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 320, C:\WINDOWS\SYSTEM32\BCMWLTRY.EXE]

==================================
API HOOK
RVA Error: LoadLibraryA (Dangerous Level: High, Hooked by Module: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA Error: LoadLibraryExA (Dangerous Level: High, Hooked by Module: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA Error: LoadLibraryExW (Dangerous Level: High, Hooked by Module: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA Error: LoadLibraryW (Dangerous Level: High, Hooked by Module: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA Error: GetProcAddress (Dangerous Level: High, Hooked by Module: \??\C:\WINDOWS\system32\drivers\klif.sys)

==================================
Hidden Process
N/A

==================================


[/CODE]
0
Réponse 19 / 53
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur parcourir et cherche ce fichier : C:\WINDOWS\system32\drivers\klif.sys

Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse.

Télécharge OAD http://sosvirus.changelog.fr/OAD.exe
- Enregistre le sur ton bureau

Double clique sur le OAD pour le lancer

- nom de fichier à rechercher tape ou fais un copier coller de : awtss.dll
- Type de recherche : sélectionne l'option 6 puis valide [entree]

OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ai terminé.
Le rapport de recherche s'affichera automatiquement à dès qu'il en aura terminé.

- Fais un copier / coller de ce rapport dans ton prochain post.

Note importante : Suivant la taille des disques dur cette recherche peut prendre plusieurs minutes. Sois patient(e)

@+

0
Réponse 20 / 53
Greg185
 
bonjour ,


voiçi le rapport de drivers/klif.sys ,

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2007.9.14.0 2007.09.14 -
AntiVir 7.6.0.10 2007.09.14 -
Authentium 4.93.8 2007.09.15 -
Avast 4.7.1043.0 2007.09.14 -
AVG 7.5.0.485 2007.09.14 -
BitDefender 7.2 2007.09.15 -
CAT-QuickHeal 9.00 2007.09.15 -
ClamAV 0.91.2 2007.09.15 -
DrWeb 4.33 2007.09.15 -
eSafe 7.0.15.0 2007.09.13 -
eTrust-Vet 31.1.5136 2007.09.14 -
Ewido 4.0 2007.09.15 -
FileAdvisor 1 2007.09.15 -
Fortinet 3.11.0.0 2007.09.15 -
F-Prot 4.3.2.48 2007.09.15 -
F-Secure 6.70.13030.0 2007.09.15 -
Ikarus T3.1.1.12 2007.09.15 -
Kaspersky 4.0.2.24 2007.09.15 -
McAfee 5120 2007.09.14 -
Microsoft 1.2803 2007.09.15 -
NOD32v2 2531 2007.09.15 -
Norman 5.80.02 2007.09.14 -
Panda 9.0.0.4 2007.09.15 -
Prevx1 V2 2007.09.15 -
Rising 19.40.52.00 2007.09.15 -
Sophos 4.21.0 2007.09.15 -
Sunbelt 2.2.907.0 2007.09.15 -
Symantec 10 2007.09.15 -
TheHacker 6.2.5.060 2007.09.14 -
VBA32 3.12.2.4 2007.09.15 -
VirusBuster 4.3.26:9 2007.09.14 -
Webwasher-Gateway 6.0.1 2007.09.14 -


et voiçi le rapport effectuer avec OAD (awtss.dll ) , ( il a l'air de pas avoir trouver je comprend pas bien tout a , peut etre ces parce que j'éteind le pc (portable) a cause de blocage , que le fichier disparait et sans doute reviens sous un autre nom ?)


sam. 15/09/2007 ---- 17:26:53,20

----------------------------------
§§§§§§ [awtss.dll ] §§§§§§
----------------------------------
[X] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete


********************
[Registre]
********************


*******************
[Fichier]
*******************



*********************
[Même date]
*********************

Aucun fichier créé à la même date détecté


Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------
0