Rapport mauvais ?

Résolu
Pancho -  
 g!rly -
Bonjour,
est ce que quelqu'un peut me dire ce que le rapport de mon scan raconte?
Configuration: Windows XP
Internet Explorer 6.0

166 réponses

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
Résumé de la discussion

Interpréter un rapport de scan et déterminer les actions de désinfection adaptées sur un système Windows XP est le sujet central des échanges, centrés sur HijackThis, The Avenger et les outils antivirus.
Plusieurs contributions proposent des instructions pratiques pour nettoyer l’ordinateur, incluant des étapes de scan, la suppression manuelle de composants suspects et des avertissements sur les scripts et les risques éventuels.
Des éléments récurrents évoquent l’importance des sauvegardes, des mises à jour Windows et les limites des outils gratuits, tout en présentant des rapports HijackThis variés et des résultats antivirus.
En dernier lieu, une nuance utile apparaît: les échanges mêlent des méthodes classiques et des solutions techniques comme l’exécution de scripts, sans aboutir à une conclusion unique.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Xg Messages postés 168 Statut Membre 42
     
    Tu pourras nous montre le rapport sinon on peu pas du tout t'aider !
    0
  2. Pancho
     
    desolé je suis un peu tete en l'air
    test.exe Logfile of HijackThis v1.99.1
    Scan saved at 22:33:49, on 05/10/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\System32\printer.exe
    C:\Program Files\Online Add-on\icthis.exe
    C:\Program Files\Online Add-on\isfmntr.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Online Add-on\icmntr.exe
    C:\Program Files\VIDAL\Communs\VIDAL.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\PROGRA~1\FICHIE~1\VIRUSG~1\ugcw.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Online Add-on\isfmm.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Shareaza\Shareaza.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Ultimate Cleaner\UltimateCleaner.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wdfmgr.exe
    C:\Program Files\Zapu\Zapu\wDivi.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\test.exe.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Share_Accelerator toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbSha0.dll
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\printer.exe
    O2 - BHO: (no name) - {91AD9DC2-523A-47E2-A598-6C277F16CC50} - c:\windows\system32\aadcaad.dll
    O2 - BHO: IEHlprObj Class - {ABCDECF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\System32\vtr.dll (file missing)
    O2 - BHO: (no name) - {CFE15135-C591-4000-A55E-A50E5F9F82BC} - C:\Program Files\Online Add-on\isfmdl.dll
    O3 - Toolbar: Share_Accelerator toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbSha0.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: IE Custom Tools - {41F6170D-6AF8-4188-8D92-9DDAB3C71A78} - C:\Program Files\Online Add-on\ictmdl.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMnt
    O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
    O4 - HKLM\..\Run: [ocxloader.exe] C:\WINDOWS\System32\ocxloader.exe
    O4 - HKLM\..\Run: [vdlDeamon] C:\Program Files\VIDAL\Communs\VIDAL.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\System32\_svchost.exe
    O4 - HKLM\..\Run: [smgr] mgrs.exe
    O4 - HKLM\..\Run: [VirusGarde] C:\Program Files\VirusGarde\pgs.exe
    O4 - HKLM\..\Run: [ugcw] "C:\PROGRA~1\FICHIE~1\VIRUSG~1\ugcw.exe" -start
    O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\System32\WinAvXX.exe
    O4 - HKLM\..\Run: [rtasks] C:\Program Files\VirusGarde\rtasks.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Ultimate Cleaner] "C:\Program Files\Ultimate Cleaner\UltimateCleaner.exe" hide
    O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\System32\WinAvXX.exe
    O4 - Startup: system.exe
    O4 - Startup: Zapu Acceleration Engine.lnk = C:\Program Files\Zapu\Zapu\wincm.exe
    O4 - Startup: Zapu.lnk = C:\Program Files\Zapu\Zapu\wDivi.exe
    O4 - Global Startup: autorun.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/02084dfa22d225efae05/netzip/RdxIE601_fr.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: C:\WINDOWS\System32\sulimo.dat
    O20 - Winlogon Notify: tgttprbz - C:\WINDOWS\SYSTEM32\aadcaad.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Microsoft Internet Explorer - Unknown owner - C:\WINDOWS\System32\_svchost.exe (file missing)
    0
  3. Pancho
     
    merci apres avoir evaluer mon rapport dont je ne comprend pas qu'est ce ke je fais ?
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. pancho
     
    bonsoir, desolé du temps de reponse mais je n'arrivai plus a allumer mon pc. je te remets le rapport de hijackthis car vundofix n'a rien trouvé... es ce que je continue a faire la 3eme etape ? merci de me repondre je te remet le rapport merci.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:29:56, on 14/10/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\printer.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Gigabyte\ET5\GUI.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\VIDAL\Communs\VIDAL.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Documents and Settings\maison\Bureau\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\maison\Bureau\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Shareaza\Shareaza.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\Program Files\Zapu\Zapu\wDivi.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Share_Accelerator toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbSha0.dll
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\printer.exe
    O2 - BHO: (no name) - {91AD9DC2-523A-47E2-A598-6C277F16CC50} - c:\windows\system32\aadcaad.dll
    O3 - Toolbar: Share_Accelerator toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbSha0.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: IE Custom Tools - {41F6170D-6AF8-4188-8D92-9DDAB3C71A78} - C:\Program Files\Online Add-on\ictmdl.dll (file missing)
    O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMnt
    O4 - HKLM\..\Run: [vdlDeamon] C:\Program Files\VIDAL\Communs\VIDAL.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [VirusGarde] C:\Program Files\VirusGarde\pgs.exe
    O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\System32\WinAvXX.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\maison\Bureau\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\System32\WinAvXX.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: system.exe
    O4 - Startup: Zapu Acceleration Engine.lnk = C:\Program Files\Zapu\Zapu\wincm.exe
    O4 - Startup: Zapu.lnk = C:\Program Files\Zapu\Zapu\wDivi.exe
    O4 - Global Startup: autorun.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/02084dfa22d225efae05/netzip/RdxIE601_fr.cab
    O20 - AppInit_DLLs: C:\WINDOWS\System32\sulimo.dat
    O20 - Winlogon Notify: tgttprbz - C:\WINDOWS\SYSTEM32\aadcaad.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\maison\Bureau\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    0
  6. pancho
     
    ok je te remercie. il y avait avast comme anti virus quand j'ai recuperé ce PC mais il n'etait plus valide mais je n'avait pas fait attention alors il y'ya eu une periode sans anti virus et pour le SP2 je ne sais pas ce que c'est .
    0
  7. pancho
     
    bon j'ai fait ce que tu ma di et le rapport de virtu c'est celui la

    [10/14/2007, 21:33:15] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\maison\Bureau\VirtumundoBeGone.exe" )
    [10/14/2007, 21:33:23] - Detected System Information:
    [10/14/2007, 21:33:23] - Windows Version: 5.1.2600, Service Pack 1
    [10/14/2007, 21:33:23] - Current Username: maison (Admin)
    [10/14/2007, 21:33:23] - Windows is in NORMAL mode.
    [10/14/2007, 21:33:23] - Searching for Browser Helper Objects:
    [10/14/2007, 21:33:23] - BHO 1: {91AD9DC2-523A-47E2-A598-6C277F16CC50} ()
    [10/14/2007, 21:33:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [10/14/2007, 21:33:23] - Checking for HKLM\...\Winlogon\Notify\aadcaad
    [10/14/2007, 21:33:23] - Key not found: HKLM\...\Winlogon\Notify\aadcaad, continuing.
    [10/14/2007, 21:33:24] - Finished Searching Browser Helper Objects
    [10/14/2007, 21:33:24] - Finishing up...
    [10/14/2007, 21:33:24] - Nothing found! Exiting...

    ensuite hijackthis donne cela

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:34:30, on 14/10/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\printer.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Gigabyte\ET5\GUI.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\VIDAL\Communs\VIDAL.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Documents and Settings\maison\Bureau\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\maison\Bureau\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Shareaza\Shareaza.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\Program Files\Zapu\Zapu\wDivi.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Share_Accelerator toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbSha0.dll
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\printer.exe
    O2 - BHO: (no name) - {91AD9DC2-523A-47E2-A598-6C277F16CC50} - c:\windows\system32\aadcaad.dll
    O3 - Toolbar: Share_Accelerator toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbSha0.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: IE Custom Tools - {41F6170D-6AF8-4188-8D92-9DDAB3C71A78} - C:\Program Files\Online Add-on\ictmdl.dll (file missing)
    O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMnt
    O4 - HKLM\..\Run: [vdlDeamon] C:\Program Files\VIDAL\Communs\VIDAL.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [VirusGarde] C:\Program Files\VirusGarde\pgs.exe
    O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\System32\WinAvXX.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\maison\Bureau\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\System32\WinAvXX.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: system.exe
    O4 - Startup: Zapu Acceleration Engine.lnk = C:\Program Files\Zapu\Zapu\wincm.exe
    O4 - Startup: Zapu.lnk = C:\Program Files\Zapu\Zapu\wDivi.exe
    O4 - Global Startup: autorun.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/02084dfa22d225efae05/netzip/RdxIE601_fr.cab
    O20 - AppInit_DLLs: C:\WINDOWS\System32\sulimo.dat
    O20 - Winlogon Notify: tgttprbz - C:\WINDOWS\SYSTEM32\aadcaad.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\maison\Bureau\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    0
  8. pancho
     
    ok j'ai fait la 3eme etape avec le telechargement de smit... et le rapport je te le colle. merci

    SmitFraudFix v2.240

    Rapport fait à 21:39:52,92, 14/10/2007
    Executé à partir de C:\Documents and Settings\maison\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\printer.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Gigabyte\ET5\GUI.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\VIDAL\Communs\VIDAL.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Documents and Settings\maison\Bureau\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\maison\Bureau\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Shareaza\Shareaza.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\Program Files\Zapu\Zapu\wDivi.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    Fichier hosts corrompu !

    192.168.200.3 download.microsoft.com
    192.168.200.3 downloads.microsoft.com
    192.168.200.3 go.microsoft.com
    192.168.200.3 microsoft.com
    192.168.200.3 msdn.microsoft.com
    192.168.200.3 office.microsoft.com
    192.168.200.3 support.microsoft.com
    192.168.200.3 windowsupdate.microsoft.com
    192.168.200.3 www.microsoft.com
    192.168.200.3 pandasoftware.com
    192.168.200.3 www.pandasoftware.com

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    C:\WINDOWS\system32\printer.exe PRESENT !
    C:\WINDOWS\system32\WinAvXX.exe PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\maison

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\maison\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    C:\DOCUME~1\maison\MENUDM~1\PROGRA~1\DMARRA~1\system.exe PRESENT !
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\autorun.exe PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\maison\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    C:\Program Files\Online Add-on\ PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"="C:\\WINDOWS\\System32\\sulimo.dat"

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Rustock

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: NVIDIA nForce Networking Controller - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 192.168.1.1
    DNS Server Search Order: 0.0.0.0

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{AD62D0E4-1941-41A0-8513-E63CB3FCC2B0}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{AD62D0E4-1941-41A0-8513-E63CB3FCC2B0}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{AD62D0E4-1941-41A0-8513-E63CB3FCC2B0}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  9. pancho
     
    desolé mais je n'arrive pas a ouvrir le lien ça ne marche pas.
    0
  10. pancho
     
    re, a chaque fois que je clik sur un de tes liens mon anti virus avast me previen qu'un cheval de troie a infecté mon pc. tu pense que c'es en rapport avec la non ouverture des liens.
    0
  11. pancho
     
    bon je ne tiens plus devan l'ordi et demain le bboulot est tot 6h alors je revien sur le forum soi demain entre 6 et 7h du mat sinon le soir mais c'est pas sur sinon mardi soir. merci.
    0
  12. pancho
     
    Bonsoir,
    Desolé pour le temps mais je ne suis pas rentré depuis lundi matin. Merci de t'occuper de mon cas. Je vais faire ce que tu ma demandé au dernier post. je te mettrai le rapport.
    0
  13. pancho
     
    je te mets le rapport pour commencer.

    SmitFraudFix v2.240

    Rapport fait à 21:31:16,93, 16/10/2007
    Executé à partir de C:\Documents and Settings\maison\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    192.168.200.3 ad.doubleclick.net
    192.168.200.3 ad.fastclick.net
    192.168.200.3 ads.fastclick.net
    192.168.200.3 ar.atwola.com
    192.168.200.3 atdmt.com
    192.168.200.3 avp.ch
    192.168.200.3 avp.com
    192.168.200.3 avp.ru
    192.168.200.3 awaps.net
    192.168.200.3 banner.fastclick.net
    192.168.200.3 banners.fastclick.net
    192.168.200.3 ca.com
    192.168.200.3 click.atdmt.com
    192.168.200.3 clicks.atdmt.com
    192.168.200.3 customer.symantec.com
    192.168.200.3 dispatch.mcafee.com
    192.168.200.3 download.mcafee.com
    192.168.200.3 downloads-us1.kaspersky-labs.com
    192.168.200.3 downloads-us2.kaspersky-labs.com
    192.168.200.3 downloads-us3.kaspersky-labs.com
    192.168.200.3 downloads1.kaspersky-labs.com
    192.168.200.3 downloads2.kaspersky-labs.com
    192.168.200.3 downloads3.kaspersky-labs.com
    192.168.200.3 downloads4.kaspersky-labs.com
    192.168.200.3 engine.awaps.net
    192.168.200.3 f-secure.com
    192.168.200.3 fastclick.net
    192.168.200.3 ftp.avp.ch
    192.168.200.3 ftp.downloads1.kaspersky-labs.com
    192.168.200.3 ftp.downloads2.kaspersky-labs.com
    192.168.200.3 ftp.downloads3.kaspersky-labs.com
    192.168.200.3 ftp.f-secure.com
    192.168.200.3 ftp.kasperskylab.ru
    192.168.200.3 ftp.sophos.com
    192.168.200.3 ids.kaspersky-labs.com
    192.168.200.3 kaspersky-labs.com
    192.168.200.3 kaspersky.com
    192.168.200.3 liveupdate.symantec.com
    192.168.200.3 liveupdate.symantecliveupdate.com
    192.168.200.3 mast.mcafee.com
    192.168.200.3 mcafee.com
    192.168.200.3 media.fastclick.net
    192.168.200.3 my-etrust.com
    192.168.200.3 nai.com
    192.168.200.3 networkassociates.com
    192.168.200.3 norton.com
    192.168.200.3 phx.corporate-ir.net
    192.168.200.3 rads.mcafee.com
    192.168.200.3 secure.nai.com
    192.168.200.3 securityresponse.symantec.com
    192.168.200.3 service1.symantec.com
    192.168.200.3 sophos.com
    192.168.200.3 spd.atdmt.com
    192.168.200.3 symantec.com
    192.168.200.3 trendmicro.com
    192.168.200.3 update.symantec.com
    192.168.200.3 updates.symantec.com
    192.168.200.3 updates1.kaspersky-labs.com
    192.168.200.3 updates2.kaspersky-labs.com
    192.168.200.3 updates3.kaspersky-labs.com
    192.168.200.3 updates4.kaspersky-labs.com
    192.168.200.3 updates5.kaspersky-labs.com
    192.168.200.3 us.mcafee.com
    192.168.200.3 vil.nai.com
    192.168.200.3 viruslist.com
    192.168.200.3 viruslist.ru
    192.168.200.3 virusscan.jotti.org
    192.168.200.3 virustotal.com
    192.168.200.3 www.avp.ch
    192.168.200.3 www.avp.com
    192.168.200.3 www.avp.ru
    192.168.200.3 www.awaps.net
    192.168.200.3 www.ca.com
    192.168.200.3 www.f-secure.com
    192.168.200.3 www.fastclick.net
    192.168.200.3 www.grisoft.com
    192.168.200.3 www.kaspersky-labs.com
    192.168.200.3 www.kaspersky.com
    192.168.200.3 www.kaspersky.ru
    192.168.200.3 www.mcafee.com
    192.168.200.3 www.my-etrust.com
    192.168.200.3 www.nai.com
    192.168.200.3 www.networkassociates.com
    192.168.200.3 www.sophos.com
    192.168.200.3 www.symantec.com
    192.168.200.3 www.symantec.com
    192.168.200.3 www.trendmicro.com
    192.168.200.3 www.viruslist.com
    192.168.200.3 www.viruslist.ru
    192.168.200.3 www.virustotal.com
    192.168.200.3 www3.ca.com

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    C:\WINDOWS\system32\printer.exe supprimé
    C:\WINDOWS\system32\WinAvXX.exe supprimé
    C:\DOCUME~1\maison\MENUDM~1\PROGRA~1\DMARRA~1\system.exe supprimé
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\autorun.exe supprimé
    C:\Program Files\Online Add-on\ supprimé

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{AD62D0E4-1941-41A0-8513-E63CB3FCC2B0}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{AD62D0E4-1941-41A0-8513-E63CB3FCC2B0}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{AD62D0E4-1941-41A0-8513-E63CB3FCC2B0}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  14. pancho
     
    le rapport hijackthis donne cela

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:43:34, on 16/10/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Gigabyte\ET5\GUI.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\VIDAL\Communs\VIDAL.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Documents and Settings\maison\Bureau\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Shareaza\Shareaza.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Zapu\Zapu\wDivi.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\Documents and Settings\maison\Bureau\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\maison\Local Settings\Temp\wzf4d7\HostsXpert\HostsXpert.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Share_Accelerator toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbSha0.dll
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\printer.exe
    O2 - BHO: (no name) - {91AD9DC2-523A-47E2-A598-6C277F16CC50} - c:\windows\system32\aadcaad.dll
    O3 - Toolbar: Share_Accelerator toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbSha0.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: IE Custom Tools - {41F6170D-6AF8-4188-8D92-9DDAB3C71A78} - C:\Program Files\Online Add-on\ictmdl.dll (file missing)
    O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMnt
    O4 - HKLM\..\Run: [vdlDeamon] C:\Program Files\VIDAL\Communs\VIDAL.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [VirusGarde] C:\Program Files\VirusGarde\pgs.exe
    O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\System32\WinAvXX.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\maison\Bureau\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\System32\WinAvXX.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Zapu Acceleration Engine.lnk = C:\Program Files\Zapu\Zapu\wincm.exe
    O4 - Startup: Zapu.lnk = C:\Program Files\Zapu\Zapu\wDivi.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/02084dfa22d225efae05/netzip/RdxIE601_fr.cab
    O20 - AppInit_DLLs: C:\WINDOWS\System32\sulimo.dat
    O20 - Winlogon Notify: tgttprbz - C:\WINDOWS\SYSTEM32\aadcaad.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\maison\Bureau\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    0
  15. pancho
     
    smit en mode normal..
    SmitFraudFix v2.240

    Rapport fait à 22:34:57,34, 16/10/2007
    Executé à partir de C:\Documents and Settings\maison\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Gigabyte\ET5\GUI.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Documents and Settings\maison\Bureau\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Shareaza\Shareaza.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Zapu\Zapu\wDivi.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\Documents and Settings\maison\Bureau\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\maison

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\maison\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\maison\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"="C:\\WINDOWS\\System32\\sulimo.dat"

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Rustock

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: NVIDIA nForce Networking Controller - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 192.168.1.1
    DNS Server Search Order: 0.0.0.0

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{AD62D0E4-1941-41A0-8513-E63CB3FCC2B0}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{AD62D0E4-1941-41A0-8513-E63CB3FCC2B0}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{AD62D0E4-1941-41A0-8513-E63CB3FCC2B0}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  16. pancho
     
    smit en mode sans echec prog 2
    SmitFraudFix v2.240

    Rapport fait à 21:31:16,93, 16/10/2007
    Executé à partir de C:\Documents and Settings\maison\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    192.168.200.3 ad.doubleclick.net
    192.168.200.3 ad.fastclick.net
    192.168.200.3 ads.fastclick.net
    192.168.200.3 ar.atwola.com
    192.168.200.3 atdmt.com
    192.168.200.3 avp.ch
    192.168.200.3 avp.com
    192.168.200.3 avp.ru
    192.168.200.3 awaps.net
    192.168.200.3 banner.fastclick.net
    192.168.200.3 banners.fastclick.net
    192.168.200.3 ca.com
    192.168.200.3 click.atdmt.com
    192.168.200.3 clicks.atdmt.com
    192.168.200.3 customer.symantec.com
    192.168.200.3 dispatch.mcafee.com
    192.168.200.3 download.mcafee.com
    192.168.200.3 downloads-us1.kaspersky-labs.com
    192.168.200.3 downloads-us2.kaspersky-labs.com
    192.168.200.3 downloads-us3.kaspersky-labs.com
    192.168.200.3 downloads1.kaspersky-labs.com
    192.168.200.3 downloads2.kaspersky-labs.com
    192.168.200.3 downloads3.kaspersky-labs.com
    192.168.200.3 downloads4.kaspersky-labs.com
    192.168.200.3 engine.awaps.net
    192.168.200.3 f-secure.com
    192.168.200.3 fastclick.net
    192.168.200.3 ftp.avp.ch
    192.168.200.3 ftp.downloads1.kaspersky-labs.com
    192.168.200.3 ftp.downloads2.kaspersky-labs.com
    192.168.200.3 ftp.downloads3.kaspersky-labs.com
    192.168.200.3 ftp.f-secure.com
    192.168.200.3 ftp.kasperskylab.ru
    192.168.200.3 ftp.sophos.com
    192.168.200.3 ids.kaspersky-labs.com
    192.168.200.3 kaspersky-labs.com
    192.168.200.3 kaspersky.com
    192.168.200.3 liveupdate.symantec.com
    192.168.200.3 liveupdate.symantecliveupdate.com
    192.168.200.3 mast.mcafee.com
    192.168.200.3 mcafee.com
    192.168.200.3 media.fastclick.net
    192.168.200.3 my-etrust.com
    192.168.200.3 nai.com
    192.168.200.3 networkassociates.com
    192.168.200.3 norton.com
    192.168.200.3 phx.corporate-ir.net
    192.168.200.3 rads.mcafee.com
    192.168.200.3 secure.nai.com
    192.168.200.3 securityresponse.symantec.com
    192.168.200.3 service1.symantec.com
    192.168.200.3 sophos.com
    192.168.200.3 spd.atdmt.com
    192.168.200.3 symantec.com
    192.168.200.3 trendmicro.com
    192.168.200.3 update.symantec.com
    192.168.200.3 updates.symantec.com
    192.168.200.3 updates1.kaspersky-labs.com
    192.168.200.3 updates2.kaspersky-labs.com
    192.168.200.3 updates3.kaspersky-labs.com
    192.168.200.3 updates4.kaspersky-labs.com
    192.168.200.3 updates5.kaspersky-labs.com
    192.168.200.3 us.mcafee.com
    192.168.200.3 vil.nai.com
    192.168.200.3 viruslist.com
    192.168.200.3 viruslist.ru
    192.168.200.3 virusscan.jotti.org
    192.168.200.3 virustotal.com
    192.168.200.3 www.avp.ch
    192.168.200.3 www.avp.com
    192.168.200.3 www.avp.ru
    192.168.200.3 www.awaps.net
    192.168.200.3 www.ca.com
    192.168.200.3 www.f-secure.com
    192.168.200.3 www.fastclick.net
    192.168.200.3 www.grisoft.com
    192.168.200.3 www.kaspersky-labs.com
    192.168.200.3 www.kaspersky.com
    192.168.200.3 www.kaspersky.ru
    192.168.200.3 www.mcafee.com
    192.168.200.3 www.my-etrust.com
    192.168.200.3 www.nai.com
    192.168.200.3 www.networkassociates.com
    192.168.200.3 www.sophos.com
    192.168.200.3 www.symantec.com
    192.168.200.3 www.symantec.com
    192.168.200.3 www.trendmicro.com
    192.168.200.3 www.viruslist.com
    192.168.200.3 www.viruslist.ru
    192.168.200.3 www.virustotal.com
    192.168.200.3 www3.ca.com

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    C:\WINDOWS\system32\printer.exe supprimé
    C:\WINDOWS\system32\WinAvXX.exe supprimé
    C:\DOCUME~1\maison\MENUDM~1\PROGRA~1\DMARRA~1\system.exe supprimé
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\autorun.exe supprimé
    C:\Program Files\Online Add-on\ supprimé

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{AD62D0E4-1941-41A0-8513-E63CB3FCC2B0}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{AD62D0E4-1941-41A0-8513-E63CB3FCC2B0}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{AD62D0E4-1941-41A0-8513-E63CB3FCC2B0}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    la c smit en mode normal prog 1
    SmitFraudFix v2.240

    Rapport fait à 22:46:11,14, 16/10/2007
    Executé à partir de C:\Documents and Settings\maison\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Gigabyte\ET5\GUI.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Documents and Settings\maison\Bureau\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Shareaza\Shareaza.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Zapu\Zapu\wDivi.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\Documents and Settings\maison\Bureau\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\maison

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\maison\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\maison\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"="C:\\WINDOWS\\System32\\sulimo.dat"

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Rustock

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: NVIDIA nForce Networking Controller - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 192.168.1.1
    DNS Server Search Order: 0.0.0.0

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{AD62D0E4-1941-41A0-8513-E63CB3FCC2B0}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{AD62D0E4-1941-41A0-8513-E63CB3FCC2B0}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{AD62D0E4-1941-41A0-8513-E63CB3FCC2B0}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    et enfin hijackthis
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:49:58, on 16/10/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Gigabyte\ET5\GUI.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Documents and Settings\maison\Bureau\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Shareaza\Shareaza.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Zapu\Zapu\wDivi.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\Documents and Settings\maison\Bureau\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Share_Accelerator toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbSha0.dll
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\printer.exe
    O2 - BHO: (no name) - {91AD9DC2-523A-47E2-A598-6C277F16CC50} - c:\windows\system32\aadcaad.dll
    O3 - Toolbar: Share_Accelerator toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbSha0.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: IE Custom Tools - {41F6170D-6AF8-4188-8D92-9DDAB3C71A78} - C:\Program Files\Online Add-on\ictmdl.dll (file missing)
    O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMnt
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [VirusGarde] C:\Program Files\VirusGarde\pgs.exe
    O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\System32\WinAvXX.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\maison\Bureau\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\System32\WinAvXX.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Zapu Acceleration Engine.lnk = C:\Program Files\Zapu\Zapu\wincm.exe
    O4 - Startup: Zapu.lnk = C:\Program Files\Zapu\Zapu\wDivi.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/02084dfa22d225efae05/netzip/RdxIE601_fr.cab
    O20 - AppInit_DLLs: C:\WINDOWS\System32\sulimo.dat
    O20 - Winlogon Notify: tgttprbz - C:\WINDOWS\SYSTEM32\aadcaad.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\maison\Bureau\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    0
  17. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    on va hausser le ton.

    télécharge combofix (par sUBs)ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le bureau et pas ailleurs.

    2 double-clique sur combofix.exe et suis les instructions

    3 à la fin, il va produire un rapport C:\ComboFix.txt

    4 copie/colle ce rapport dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
    0
  18. pancho
     
    voila le rapport combo

    ComboFix 07-10-16.1 - maison 2007-10-16 22:56:45.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.127 [GMT 2:00]
    Running from: C:\Documents and Settings\maison\Bureau\ComboFix.exe
    * Created a new restore point
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\maison\Application Data.\Ultimate Cleaner
    C:\Documents and Settings\maison\Application Data.\Ultimate Cleaner\settings.dat
    C:\Documents and Settings\maison\Application Data\Ultimate Cleaner\settings.dat
    C:\Documents and Settings\maison\Application Data\Ultimate Cleaner\settings.dat
    C:\Documents and Settings\maison\ResErrors.log
    C:\WINDOWS\Casino.ico
    C:\WINDOWS\Free Online Dating.ico
    C:\WINDOWS\mraerea.exe
    C:\WINDOWS\Spyware Remover.ico
    C:\WINDOWS\system32\7_exception.nls
    C:\WINDOWS\system32\drivers\KPWW81.sys
    C:\WINDOWS\system32\drivers\miqvzwcl.sys
    C:\WINDOWS\system32\drivers\pzgfqhae.sys
    C:\WINDOWS\system32\iepref32.dll
    C:\WINDOWS\system32\qmopt.dll
    C:\WINDOWS\system32\RunOnce3.t__
    C:\WINDOWS\system32\RunOnce3.tmp
    C:\WINDOWS\system32\aadcaad.dll . . . . Echec de suppression

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_EBPQWMWP
    -------\LEGACY_KPWW81
    -------\LEGACY_LANMANDRV
    -------\LEGACY_MICROSOFT_INTERNET_EXPLORER
    -------\LEGACY_NDNET1
    -------\LEGACY_RUNTIME
    -------\LEGACY_RUNTIME2
    -------\ebpqwmwp
    -------\Microsoft Internet Explorer
    -------\RpcApi

    ((((((((((((((((((((((((((((( Fichiers créés 2007-09-16 to 2007-10-16 ))))))))))))))))))))))))))))))))))))
    .

    2007-10-16 22:56 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-10-16 22:45 81,408 --a------ C:\WINDOWS\system32\aadcaad.dll
    2007-10-14 21:39 2,346 --a------ C:\WINDOWS\system32\tmp.reg
    2007-10-14 21:38 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2007-10-14 21:38 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-10-14 21:38 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-10-14 21:38 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-10-14 21:38 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2007-10-14 20:21 <REP> d-------- C:\VundoFix Backups
    2007-10-14 20:16 <REP> d-------- C:\Program Files\Trend Micro
    2007-10-14 19:28 <REP> d-------- C:\Documents and Settings\maison\Application Data\Grisoft
    2007-10-14 19:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-10-14 19:28 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-10-14 08:41 41,728 --a------ C:\WINDOWS\system32\apmrwkrf.dat
    2007-10-14 08:41 17,792 C:\WINDOWS\system32\drivers\miqvzwcl.dat
    2007-10-12 19:19 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
    2007-10-12 19:19 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2007-10-12 19:19 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-10-12 19:19 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2007-10-12 19:19 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-10-12 19:19 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-10-12 19:19 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-10-08 23:24 <REP> d-------- C:\Documents and Settings\maison\Contacts
    2007-10-06 01:22 <REP> d-------- C:\Program Files\Fichiers communs\G DATA
    2007-10-06 01:06 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2007-10-05 21:40 <REP> d-------- C:\Documents and Settings\maison\Application Data\cv=2.4&pn=&pv=&pt=&sn=&sna=&sns=&sne=&snr=&snb=&us=sxmea
    2007-10-05 21:35 <REP> dr------- C:\Documents and Settings\All Users\Application Data\cv=2.4&pn=&pv=&pt=&sn=&sna=&sns=&sne=&snr=&snb=&us=sxmea
    2007-10-05 20:16 <REP> d--hs---- C:\UGA6PV
    2007-10-05 20:15 <REP> d-------- C:\Documents and Settings\maison\Application Data\VirusGarde
    2007-10-05 20:01 22,697 --------- C:\WINDOWS\pdoakac.exe
    2007-10-04 23:34 <REP> d-------- C:\Program Files\Fichiers communs\VirusGarde
    2007-10-04 23:34 46,592 --a------ C:\WINDOWS\system32\drivers\FMTR.sys.ren
    2007-10-04 22:31 <REP> d-------- C:\Documents and Settings\maison\Application Data\AVG7
    2007-10-04 22:30 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
    2007-10-04 22:30 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
    2007-10-04 22:30 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
    2007-10-04 22:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
    2007-10-04 19:06 7,680 --a------ C:\WINDOWS\system32\printer.exe.ren
    2007-09-30 20:54 741,632 --a------ C:\WINDOWS\system32\zgnlkjga.dat
    2007-09-30 20:54 118,528 --a------ C:\WINDOWS\system32\mgeuyetp.dat
    2007-09-30 20:54 35,584 --a------ C:\WINDOWS\system32\gcorzrxy.dat
    2007-09-30 20:54 34,560 --a------ C:\WINDOWS\system32\snnzbzqu.dat

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-16 21:01 --------- d-----w C:\Program Files\Wanadoo
    2007-10-12 16:50 --------- d-----w C:\Documents and Settings\maison\Application Data\Lavasoft
    2007-10-05 23:24 52,602 ----a-w C:\WINDOWS\system32\interceptor.sys
    2007-10-05 23:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-10-05 20:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
    2007-09-29 18:50 124,416 ----a-w C:\WINDOWS\system32\dniyzblg.dll
    2007-09-29 14:19 --------- d-----w C:\Program Files\Everest Poker
    2007-09-02 10:26 --------- d-----w C:\Program Files\Fichiers communs\xing shared
    2007-09-02 10:25 --------- d-----w C:\Program Files\Real
    2007-09-02 10:25 --------- d-----w C:\Program Files\Fichiers communs\Real
    2007-08-27 04:33 --------- d-----w C:\Documents and Settings\maison\Application Data\MSN6
    2007-08-22 20:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
    2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-07-22 14:59 5,160 ----a-w C:\WINDOWS\system32\ielog.dll
    2007-07-16 14:26 147,729 ----a-w C:\WINDOWS\system32\libssl32.dll
    2007-06-25 11:49 2,526 ----a-w C:\Documents and Settings\maison\Application Data\wklnhst.dat
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91AD9DC2-523A-47E2-A598-6C277F16CC50}]
    2007-10-16 22:55 81408 --a------ c:\windows\system32\aadcaad.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "@"="" []
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2005-07-13 04:37 C:\WINDOWS\RTHDCPL.EXE]
    "EasyTuneV"="C:\Program Files\Gigabyte\ET5\GUI.exe" [2004-06-14 11:54]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55]
    "M1000Mnt"="M1000Rmv.exe" []
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-02 12:25]
    "VirusGarde"="C:\Program Files\VirusGarde\pgs.exe" []
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
    "!AVG Anti-Spyware"="C:\Documents and Settings\maison\Bureau\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 11:45]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-11 16:33]
    "Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2007-02-05 04:05]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "<NO NAME>"=

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=0 (0x0)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoControlPanel"=1 (0x1)
    "NoWindowsUpdate"=1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=C:\WINDOWS\System32\sulimo.dat

    R0 ndisrd;ndisrd;C:\WINDOWS\System32\drivers\ndisrd.sys
    R0 nvrfhgrt;Microsoft RPC API Helper;C:\WINDOWS\System32\drivers\miqvzwcl.dat
    S3 gdrv;gdrv;\??\C:\WINDOWS\gdrv.sys
    S3 M1000Srv;M5603C USB2.0 Camera Driver;C:\WINDOWS\System32\Drivers\M1000KNT.sys

    .
    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-16 23:00:32
    Windows 5.1.2600 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-10-16 23:02:09 - machine was rebooted
    .
    --- E O F ---
    0
  19. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    remets un log Hijackthis.
    0
  20. pancho
     
    re, je pense qu'il ya du changement non ?

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:28:07, on 16/10/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Documents and Settings\maison\Bureau\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Shareaza\Shareaza.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Zapu\Zapu\wDivi.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Documents and Settings\maison\Bureau\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Wanadoo\GestionnaireInternet.exe
    C:\Program Files\Wanadoo\ComComp.exe
    C:\Program Files\Wanadoo\Watch.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Share_Accelerator toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbSha0.dll
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: (no name) - {91AD9DC2-523A-47E2-A598-6C277F16CC50} - c:\windows\system32\aadcaad.dll
    O3 - Toolbar: Share_Accelerator toolbar - {f5c93451-2609-4723-a053-5c19516be1a8} - C:\Program Files\Share_Accelerator\tbSha0.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: (no name) - {41F6170D-6AF8-4188-8D92-9DDAB3C71A78} - (no file)
    O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [M1000Mnt] M1000Rmv.exe /StartStillMnt
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [VirusGarde] C:\Program Files\VirusGarde\pgs.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\maison\Bureau\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Zapu Acceleration Engine.lnk = C:\Program Files\Zapu\Zapu\wincm.exe
    O4 - Startup: Zapu.lnk = C:\Program Files\Zapu\Zapu\wDivi.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/02084dfa22d225efae05/netzip/RdxIE601_fr.cab
    O20 - AppInit_DLLs: C:\WINDOWS\System32\sulimo.dat
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\maison\Bureau\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    0
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9