Sujet Précédent Sujet Suivant

Ntos.exe

Résolu
kawick Messages postés 40 Statut Membre -  
philae83 Messages postés 12854 Statut Contributeur sécurité -
Bonjour,

je suis nouveau sur le forum et mon problème est le suivant :

Quand j'ouvre ma session un programme me demande une clé : ntos.exe ,j'ai vu sur le forum qu'il fallait mettre un rapport d'hijackthis,le voila :

Logfile of HijackThis v1.99.1
Scan saved at 22:15:57, on 30/10/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\AOL\1169115209\ee\AOLSoftware.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\mdm.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\nvsvc86.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\WINDOWS\rundll32.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\AOL 9.0a\waol.exe
C:\Program Files\AOL 9.0a\shellmon.exe
C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\vesier\Mes documents\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dbsarticles.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\System32\ntos.exe,
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [fenaffiche] C:\Program Files\FenAffiche\Fenpowernet.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1169115209\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_S149.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Microsoft Office] C:\WINDOWS\System32\mdm.exe
O4 - HKLM\..\Run: [Network Security XP] C:\WINDOWS\System32\nvsvc86.exe
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\System32\vaujbyso.dll",sitypnow
O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\System32\explorer.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Microsoft Office] C:\WINDOWS\System32\mdm.exe
O4 - HKCU\..\Run: [Microsoft Windows Driver] C:\WINDOWS\rundll32.exe
O4 - HKCU\..\Run: [Network Security XP] C:\WINDOWS\System32\nvsvc86.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/fr/4,0,0,90/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/fr/1,0,0,23/mcgdmgr.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D2C3FC8-77F1-44E8-80E5-4C1FD325A485}: NameServer = 212.27.32.176,212.27.32.177
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1A95983-093D-49BB-8445-E96B05FE2D36}: NameServer = 205.188.146.145
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: FFI - Unknown owner - C:\WINDOWS\System32\svchost.exe:exm.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Microsoft Networking Services (Windows Networking Services) - Unknown owner - C:\WINDOWS\msdlc.exe

pourriez vous me dire ce qu'il faut que je fasse,merci.

30 réponses

Précédent
  • 1
  • 2
Réponse 21 / 30
kawick Messages postés 40 Statut Membre
 
De retour,

***Le rapport avenger :
Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\roiejhe

Script file located at: \??\C:\WINDOWS\cmdaotfq.txt

Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\windows\system32\yayywvt.dll deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

***Le rapport combo fix :

ComboFix 07-11-01.1 - vesier 2007-11-03 16:17:52.1 - NTFSx86
Running from: C:\Documents and Settings\vesier\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\a.exe
C:\WINDOWS\system32\utstv.bak1
C:\WINDOWS\system32\utstv.bak2
C:\WINDOWS\system32\utstv.ini
C:\WINDOWS\System32\vtstu.dll
C:\WINDOWS\system32\wsnpoem
C:\WINDOWS\system32\wsnpoem\audio.dll.cla

.
((((((((((((((((((((((((((((( Fichiers créés 2007-10-03 to 2007-11-03 ))))))))))))))))))))))))))))))))))))
.

2007-11-03 16:16 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-03 12:30 81,472 --a------ C:\WINDOWS\system32\gphqcuhr.dll
2007-11-02 22:51 <REP> d-------- C:\WINDOWS\LastGood.Tmp
2007-11-02 22:51 <REP> d-------- C:\WINDOWS\LastGood
2007-11-01 00:38 <REP> d-------- C:\VundoFix Backups
2007-11-01 00:36 <REP> d-------- C:\Program Files\Trend Micro
2007-10-31 22:49 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-10-31 18:43 <REP> d-------- C:\WINDOWS\ERUNT
2007-10-31 10:29 <REP> d-------- C:\WINDOWS\pss
2007-10-27 10:43 <REP> d-------- C:\Documents and Settings\vesier\Application Data\Apple Computer
2007-10-27 09:34 <REP> d-------- C:\Program Files\splus
2007-10-24 23:16 <REP> d-------- C:\Program Files\MP3 Player Utilities 4.15
2007-10-24 21:55 33,792 --a------ C:\WINDOWS\system32\drivers\disk.sys
2007-10-24 21:55 33,792 --a--c--- C:\WINDOWS\system32\dllcache\disk.sys
2007-10-24 20:27 <REP> d-------- C:\Program Files\MediaCoder
2007-10-23 18:22 90,112 --a------ C:\WINDOWS\system32\crehcjid.dll
2007-10-23 18:22 16,768 --a------ C:\WINDOWS\system32\tcpip_patcher.sys
2007-10-20 15:56 <REP> d-------- C:\WINDOWS\system32\BWKDLogs
2007-10-20 15:56 <REP> d-------- C:\Program Files\QuickTime
2007-10-20 15:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-20 15:55 <REP> d-------- C:\Program Files\Fichiers communs\Kodak
2007-10-20 15:55 150,528 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-10-20 15:52 <REP> d-------- C:\Program Files\Kodak
2007-10-20 15:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kodak
2007-10-17 23:26 <REP> d-------- C:\WINDOWS\ServicePackFiles
2007-10-17 16:56 <REP> d-------- C:\Documents and Settings\vesier\Application Data\Talkback
2007-10-17 14:31 1,006,592 --a------ C:\WINDOWS\system32\esent.dll
2007-10-17 14:31 1,006,592 --a------ C:\WINDOWS\system32\esent(5).dll
2007-10-17 14:31 1,006,592 --a------ C:\WINDOWS\system32\esent(4).dll
2007-10-17 14:31 1,006,592 --a------ C:\WINDOWS\system32\esent(3).dll
2007-10-17 14:12 <REP> d-------- C:\WINDOWS\system32\bits
2007-10-17 14:10 360,960 --a--c--- C:\WINDOWS\system32\dllcache\qmgr.dll
2007-10-17 14:10 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2007-10-17 14:10 331,776 --a------ C:\WINDOWS\system32\winhttp(4).dll
2007-10-17 14:10 331,776 --a------ C:\WINDOWS\system32\winhttp(3).dll
2007-10-17 14:10 331,776 --a--c--- C:\WINDOWS\system32\dllcache\winhttp.dll
2007-10-17 14:10 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-10-17 14:10 17,408 --a--c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2007-10-17 14:10 7,680 -----c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2007-10-17 14:10 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2007-10-17 14:09 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-10-17 13:53 55,812 ---hs---- C:\ntlds.exe
2007-10-17 13:44 541,090 -ra------ C:\WINDOWS\system32\drivers\torususb.sys
2007-10-17 13:44 401,408 -ra------ C:\WINDOWS\stmchart.exe
2007-10-17 13:44 249,856 -ra------ C:\WINDOWS\editadsl.exe
2007-10-17 13:44 180,224 --a------ C:\WINDOWS\system32\stmcfg32.dll
2007-10-17 13:44 94,208 -ra------ C:\WINDOWS\stmtrace.exe
2007-10-17 13:44 60,255 -ra------ C:\WINDOWS\system32\drivers\stmatm.sys
2007-10-16 20:16 40,960 --a------ C:\WINDOWS\system32\exitwx.exe
2007-10-15 19:45 83,712 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-10-15 19:45 18,560 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-10-15 19:45 16,384 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-10-15 19:45 4,992 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-10-15 19:44 3,346,432 --a--c--- C:\WINDOWS\system32\dllcache\msgr3en.dll
2007-10-15 19:44 106,562 --a--c--- C:\WINDOWS\system32\dllcache\srchctls.dll
2007-10-15 19:36 50,048 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-10-15 19:36 5,888 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-10-15 16:31 100,864 --a------ C:\WINDOWS\system32\irftp.exe
2007-10-15 16:31 79,360 --a------ C:\WINDOWS\system32\irmon.dll
2007-10-15 16:31 79,360 --a------ C:\WINDOWS\system32\irmon(3).dll
2007-10-15 16:31 79,360 --a------ C:\WINDOWS\system32\irmon(2).dll
2007-10-15 16:31 55,296 --a------ C:\WINDOWS\system32\drivers\irda.sys
2007-10-15 16:31 7,680 --a------ C:\WINDOWS\system32\wshirda.dll
2007-10-15 16:31 7,680 --a------ C:\WINDOWS\system32\wshirda(3).dll
2007-10-15 16:31 7,680 --a------ C:\WINDOWS\system32\wshirda(2).dll
2007-10-15 15:48 57,728 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-10-15 15:28 18,688 --a------ C:\WINDOWS\system32\drivers\irsir.sys
2007-10-15 15:26 <REP> d-------- C:\WINDOWS\NV780308.TMP
2007-10-15 14:59 38,024 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-10-15 14:59 23,070 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2007-10-15 14:59 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2007-10-15 14:59 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-10-15 14:59 4,096 --a------ C:\WINDOWS\system32\ksuser(3).dll
2007-10-15 14:59 4,096 --a------ C:\WINDOWS\system32\ksuser(2).dll
2007-10-15 14:58 696,320 --a--c--- C:\WINDOWS\system32\dllcache\sapi.dll
2007-10-15 14:58 73,216 --a------ C:\WINDOWS\system32\storprop.dll
2007-10-15 14:58 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-10-15 14:58 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2007-10-15 14:58 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-10-15 14:58 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2007-10-15 14:58 10,496 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-10-15 14:58 10,496 --a--c--- C:\WINDOWS\system32\dllcache\irenum.sys
2007-10-13 15:45 1,458,176 -ra------ C:\WINDOWS\system\SmWizard.exe
2007-10-13 15:45 1,332,544 -ra------ C:\WINDOWS\system32\drivers\cmuda.sys
2007-10-13 15:45 917,504 -ra------ C:\WINDOWS\system\cmids3d.dll
2007-10-13 15:45 712,704 -ra------ C:\WINDOWS\system32\Audio3D.dll
2007-10-13 15:45 712,704 -ra------ C:\WINDOWS\system32\a3d.dll
2007-10-13 15:45 233,472 -ra------ C:\WINDOWS\system32\cmirmdrv.exe
2007-10-13 15:45 167,936 -ra------ C:\WINDOWS\system32\cmuda.dll
2007-10-13 15:45 32,768 -ra------ C:\WINDOWS\system32\udaprop.dll
2007-10-13 15:45 28,672 -ra------ C:\WINDOWS\system32\cmirmdrv.dll
2007-10-13 15:43 297,600 -ra------ C:\WINDOWS\system32\drivers\MRV8K51.sys
2007-10-13 09:29 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-03 15:08 --------- d-----w C:\Documents and Settings\vesier\Application Data\Free Download Manager
2007-10-31 21:33 --------- d-----w C:\Program Files\AOL 9.0a
2007-10-31 09:28 --------- d-----w C:\Program Files\eMule
2007-10-30 17:19 2,266 ----a-w C:\Documents and Settings\vesier\Application Data\wklnhst.dat
2007-10-30 12:56 --------- d-----w C:\Program Files\CDDC-MahJongg
2007-10-16 19:54 --------- d-----w C:\Program Files\D-Tools
2007-10-15 21:46 --------- d-----w C:\Program Files\MSN Messenger
2007-10-15 18:42 --------- d-----w C:\Program Files\Services en ligne
2007-09-25 21:44 --------- d-----w C:\Program Files\Panda Security
2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-05 20:11 --------- d-----w C:\Program Files\Lavalys
2007-09-04 07:26 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\AOL
2007-09-03 20:40 --------- d-----w C:\Program Files\CDex_150
2007-09-03 20:33 --------- d-----w C:\Program Files\WAVmaker
2007-09-03 20:30 --------- d-----w C:\Program Files\MyBuy
2007-09-03 20:26 --------- d-----w C:\Program Files\PeerGuardian2
2005-06-09 08:03 1,365,840 ----a-w C:\Program Files\fdminst.exe
2005-06-09 08:02 11,352 ----a-w C:\Program Files\fdm_fre.zip
2005-06-09 05:47 2,855,080 ----a-w C:\Program Files\aawsepersonal.exe
2005-06-09 05:46 533,574 ----a-w C:\Program Files\pllangs.exe
2005-06-08 06:36 6,856,328 ----a-w C:\Program Files\zlsSetup_51_039_004.exe
2005-06-07 10:01 2,314,920 ----a-w C:\Program Files\LimeWireWin.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{04F2DF67-3DE1-4F37-97F0-1B002D19D8B3}]
C:\WINDOWS\System32\vtutu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c50abc06-b541-457d-9386-780bd65095c0}]
2007-11-03 12:30 81472 --a------ C:\WINDOWS\System32\gphqcuhr.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 18:15]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 C:\WINDOWS\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 17:09 C:\WINDOWS\SOUNDMAN.EXE]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 16:06]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 16:50]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-10-29 16:50]
"AdslTaskBar"="stmctrl.dll" [2003-12-12 15:50 C:\WINDOWS\system32\stmctrl.dll]
"AOLSAV"="C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe" [2004-11-10 16:18]
"AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [2007-06-21 11:01]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"Cmaudio"="cmicnfg.cpl" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2003-04-24 13:00]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-24 23:00]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2006-08-23 15:17]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Microsoft Office"=C:\WINDOWS\System32\mdm.exe
"Microsoft Windows Driver"=C:\WINDOWS\rundll32.exe
"Network Security XP"=C:\WINDOWS\System32\nvsvc86.exe

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 13:12:08]
Logiciel Kodak EasyShare.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-02-20 04:10:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crehcjid]
crehcjid.dll 2007-10-23 18:22 90112 C:\WINDOWS\system32\crehcjid.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\°HØ]
°HØ

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\°Ø]
°Ø

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\°èØ]
°èØ

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\°ðØ]
°ðØ

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\System32\vtstu.dll

R2 ScFBPNT;CanoScan FBP Port Driver;\??\C:\WINDOWS\system32\drivers\ScFBPNT.SYS
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\System32\DRIVERS\stmatm.sys
R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\System32\DRIVERS\torususb.sys
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
S3 Asushwio;Asushwio;\??\C:\WINDOWS\system32\drivers\Asushwio.sys
S3 StMp3Rec;Pilote de périphérique de la restauration de lecteur;C:\WINDOWS\System32\Drivers\StMp3Rec.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\System32\DRIVERS\usbscan.sys
S3 W8100PCI;ASUS 802.11b/g Driver;C:\WINDOWS\System32\DRIVERS\MRV8K51.sys
S4 FFI;FFI;C:\WINDOWS\System32\svchost.exe:exm.exe

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-03 16:25:17
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\FFI]
"ImagePath"="C:\WINDOWS\System32\svchost.exe:exm.exe"
.
Completion time: 2007-11-03 16:28:57 - machine was rebooted
.
--- E O F ---
0
Réponse 22 / 30
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
bonsoir

* Copie les lignes de la citation suivante, d'un trait : 

Files to Delete:
C:\WINDOWS\system32\gphqcuhr.dll 
C:\WINDOWS\system32\crehcjid.dll 
C:\WINDOWS\System32\vtutu.dll


--> Clic droit / "copier"

Maintenant crée un nouveau document texte : clic droit de souris sur le bureau, "Nouveau" > "Document Texte".

* Ouvre-le et colle dedans ce que tu viens de copier précédemment
* Enregistre ce fichier sur ton bureau (nom : mad.txt)

ouble-clique sur le fichier "avenger.exe"
* Clique sur "Ok"
* Sélectionne "Load Script from File" et clique sur l'icône en forme de dossier.
* Sélectionne le fichier mad.txt qui est sur ton bureau
* Clique sur le feu vert pour lancer le script
* Clique sur "Oui"
* Accepte de redémarrer ton pc

après le redémarrage :

* Ouvre le fichier C:\avenger.txt et copie/colle son contenu ici.

0
Réponse 23 / 30
kawick Messages postés 40 Statut Membre
 
Ok

Desolé mais avenger n'a pas reussi à enregistrer de rapport,par contre j'ai vu qu'il avait reussi à effacer tout.

Ayant enfin reussi à installer SP2 je post un rapport hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:32:57, on 04/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Fichiers communs\AOL\1169115209\ee\aolsoftware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dbsarticles.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {04F2DF67-3DE1-4F37-97F0-1B002D19D8B3} - C:\WINDOWS\System32\vtutu.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: {0c59056d-b087-6839-d754-145b60cba05c} - {c50abc06-b541-457d-9386-780bd65095c0} - C:\WINDOWS\System32\gphqcuhr.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Network Security XP] C:\WINDOWS\System32\nvsvc86.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D2C3FC8-77F1-44E8-80E5-4C1FD325A485}: NameServer = 212.27.32.176,212.27.32.177
O20 - Winlogon Notify: crehcjid - crehcjid.dll (file missing)
O20 - Winlogon Notify: ˆ - ˆ (file missing)
O20 - Winlogon Notify: ¸ˆ - ¸ˆ (file missing)
O20 - Winlogon Notify: °HØ - °HØ (file missing)
O20 - Winlogon Notify: °Ø - °Ø (file missing)
O20 - Winlogon Notify: °èØ - °èØ (file missing)
O20 - Winlogon Notify: °ðØ - °ðØ (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
0
Réponse 24 / 30
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
bonjour,

ok pour the avenger, mais es tu sûr qu'il avait supprimé celle ci

C:\WINDOWS\system32\gphqcuhr.dll

* lance hijackthis puis coche ces lignes :

O2 - BHO: (no name) - {04F2DF67-3DE1-4F37-97F0-1B002D19D8B3} - C:\WINDOWS\System32\vtutu.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {0c59056d-b087-6839-d754-145b60cba05c} - {c50abc06-b541-457d-9386-780bd65095c0} - C:\WINDOWS\System32\gphqcuhr.dll
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Network Security XP] C:\WINDOWS\System32\nvsvc86.exe (User 'SYSTEM')
O20 - Winlogon Notify: crehcjid - crehcjid.dll (file missing)
O20 - Winlogon Notify: ˆ - ˆ (file missing)
O20 - Winlogon Notify: ¸ˆ - ¸ˆ (file missing)
O20 - Winlogon Notify: °HØ - °HØ (file missing)
O20 - Winlogon Notify: °Ø - °Ø (file missing)
O20 - Winlogon Notify: °èØ - °èØ (file missing)
O20 - Winlogon Notify: °ðØ - °ðØ (file missing)

* ferme toutes les applications ouvertes et hors connexion, clique sur fix checked

puis

* Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

* Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.

* Redémarre ton ordinateur en mode sans échec

* Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.

* Appuie sur Y pour commencer le processus de nettoyage.

Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.

* Appuie sur une touche pour redémarrer le PC.

Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.

Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.

* Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.

Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum,

avec un nouveau log Hijackthis
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 30
kawick Messages postés 40 Statut Membre
 
Ok

J'ai relancé avanger,resultat :

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\bsjkroat

*******************

Script file located at: \??\C:\Documents and Settings\yckaqpac.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\gphqcuhr.dll deleted successfully.

File C:\WINDOWS\system32\crehcjid.dll not found!
Deletion of file C:\WINDOWS\system32\crehcjid.dll failed!

Could not process line:
C:\WINDOWS\system32\crehcjid.dll
Status: 0xc0000034

File C:\WINDOWS\System32\vtutu.dll not found!
Deletion of file C:\WINDOWS\System32\vtutu.dll failed!

Could not process line:
C:\WINDOWS\System32\vtutu.dll
Status: 0xc0000034

Completed script processing.

*******************

Finished! Terminate.
0
Réponse 26 / 30
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
re

ok pour the avenger, j'attends la suite.
0
Réponse 27 / 30
kawick Messages postés 40 Statut Membre
 
rapport SDFix :

SDFix: Version 1.113

Run by vesier on 04/11/2007 at 15:28

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\vesier\MESDOC~1\Prog\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HKCU HomePage Value

Rebooting...

Normal Mode:
Checking Files:

No Trojan Files Found

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

catchme 0.3.1253 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-04 15:36:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:e6,71,0c,7c,af,99,2f,7e,12,35,65,19,28,5f,e5,dd,3a,c8,49,20,5a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d5,4d,68,43,22,ad,e6,f1,5d,d1,3f,be,73,b7,19,b3,ab,..
"khjeh"=hex:43,d2,66,37,c3,12,8e,69,57,95,26,0e,f8,d0,ce,7e,f2,5f,e4,3e,2f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:17,c2,6e,08,61,bd,f2,67,72,35,0e,7b,89,7c,b4,de,d9,f0,b3,3e,f8,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:60,9f,78,ce,5e,d5,4b,1a,0d,61,ec,26,1d,fc,4a,90,2d,60,94,86,ae,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:8d,e3,07,ab,fb,39,e8,11,a9,c8,a7,bb,b4,df,96,65,f3,11,93,53,ca,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:b7,a5,1b,50,e9,f4,7f,1b,be,5b,31,f8,21,01,4f,95,fb,d7,25,d7,7b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:e6,71,0c,7c,af,99,2f,7e,12,35,65,19,28,5f,e5,dd,3a,c8,49,20,5a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d5,4d,68,43,22,ad,e6,f1,5d,d1,3f,be,73,b7,19,b3,ab,..
"khjeh"=hex:43,d2,66,37,c3,12,8e,69,57,95,26,0e,f8,d0,ce,7e,f2,5f,e4,3e,2f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:17,c2,6e,08,61,bd,f2,67,72,35,0e,7b,89,7c,b4,de,d9,f0,b3,3e,f8,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:60,9f,78,ce,5e,d5,4b,1a,0d,61,ec,26,1d,fc,4a,90,2d,60,94,86,ae,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:8d,e3,07,ab,fb,39,e8,11,a9,c8,a7,bb,b4,df,96,65,f3,11,93,53,ca,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:b7,a5,1b,50,e9,f4,7f,1b,be,5b,31,f8,21,01,4f,95,fb,d7,25,d7,7b,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:e6,71,0c,7c,af,99,2f,7e,12,35,65,19,28,5f,e5,dd,3a,c8,49,20,5a,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d5,4d,68,43,22,ad,e6,f1,5d,d1,3f,be,73,b7,19,b3,ab,..
"khjeh"=hex:43,d2,66,37,c3,12,8e,69,57,95,26,0e,f8,d0,ce,7e,f2,5f,e4,3e,2f,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:17,c2,6e,08,61,bd,f2,67,72,35,0e,7b,89,7c,b4,de,d9,f0,b3,3e,f8,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:60,9f,78,ce,5e,d5,4b,1a,0d,61,ec,26,1d,fc,4a,90,2d,60,94,86,ae,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:8d,e3,07,ab,fb,39,e8,11,a9,c8,a7,bb,b4,df,96,65,f3,11,93,53,ca,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:b7,a5,1b,50,e9,f4,7f,1b,be,5b,31,f8,21,01,4f,95,fb,d7,25,d7,7b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:e6,71,0c,7c,af,99,2f,7e,12,35,65,19,28,5f,e5,dd,3a,c8,49,20,5a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d5,4d,68,43,22,ad,e6,f1,5d,d1,3f,be,73,b7,19,b3,ab,..
"khjeh"=hex:43,d2,66,37,c3,12,8e,69,57,95,26,0e,f8,d0,ce,7e,f2,5f,e4,3e,2f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:17,c2,6e,08,61,bd,f2,67,72,35,0e,7b,89,7c,b4,de,d9,f0,b3,3e,f8,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:60,9f,78,ce,5e,d5,4b,1a,0d,61,ec,26,1d,fc,4a,90,2d,60,94,86,ae,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:8d,e3,07,ab,fb,39,e8,11,a9,c8,a7,bb,b4,df,96,65,f3,11,93,53,ca,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:b7,a5,1b,50,e9,f4,7f,1b,be,5b,31,f8,21,01,4f,95,fb,d7,25,d7,7b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:e6,71,0c,7c,af,99,2f,7e,12,35,65,19,28,5f,e5,dd,3a,c8,49,20,5a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d5,4d,68,43,22,ad,e6,f1,5d,d1,3f,be,73,b7,19,b3,ab,..
"khjeh"=hex:43,d2,66,37,c3,12,8e,69,57,95,26,0e,f8,d0,ce,7e,f2,5f,e4,3e,2f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:17,c2,6e,08,61,bd,f2,67,72,35,0e,7b,89,7c,b4,de,d9,f0,b3,3e,f8,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:60,9f,78,ce,5e,d5,4b,1a,0d,61,ec,26,1d,fc,4a,90,2d,60,94,86,ae,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:8d,e3,07,ab,fb,39,e8,11,a9,c8,a7,bb,b4,df,96,65,f3,11,93,53,ca,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:b7,a5,1b,50,e9,f4,7f,1b,be,5b,31,f8,21,01,4f,95,fb,d7,25,d7,7b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:e6,71,0c,7c,af,99,2f,7e,12,35,65,19,28,5f,e5,dd,3a,c8,49,20,5a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d5,4d,68,43,22,ad,e6,f1,5d,d1,3f,be,73,b7,19,b3,ab,..
"khjeh"=hex:43,d2,66,37,c3,12,8e,69,57,95,26,0e,f8,d0,ce,7e,f2,5f,e4,3e,2f,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:17,c2,6e,08,61,bd,f2,67,72,35,0e,7b,89,7c,b4,de,d9,f0,b3,3e,f8,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:60,9f,78,ce,5e,d5,4b,1a,0d,61,ec,26,1d,fc,4a,90,2d,60,94,86,ae,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:8d,e3,07,ab,fb,39,e8,11,a9,c8,a7,bb,b4,df,96,65,f3,11,93,53,ca,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:b7,a5,1b,50,e9,f4,7f,1b,be,5b,31,f8,21,01,4f,95,fb,d7,25,d7,7b,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

Files with Hidden Attributes:

Wed 17 Oct 2007 55,812 ..SH. --- "C:\ntlds.exe"
Fri 9 Apr 2004 54,384 A..H. --- "C:\Program Files\AOL 9.0\aolphx.exe"
Mon 10 May 2004 156,784 A..H. --- "C:\Program Files\AOL 9.0\aoltray.exe"
Fri 9 Apr 2004 31,344 A..H. --- "C:\Program Files\AOL 9.0\RBM.exe"
Fri 9 Apr 2004 54,384 A..H. --- "C:\Program Files\AOL 9.0a\aolphx.exe"
Mon 10 May 2004 156,784 A..H. --- "C:\Program Files\AOL 9.0a\aoltray.exe"
Fri 9 Apr 2004 31,344 A..H. --- "C:\Program Files\AOL 9.0a\RBM.exe"
Fri 9 Apr 2004 54,384 A..H. --- "C:\Program Files\AOL 9.0b\aolphx.exe"
Fri 9 Apr 2004 156,784 A..H. --- "C:\Program Files\AOL 9.0b\aoltray.exe"
Fri 9 Apr 2004 31,344 A..H. --- "C:\Program Files\AOL 9.0b\RBM.exe"
Fri 9 Apr 2004 54,384 A..H. --- "C:\Program Files\AOL 9.0c\aolphx.exe"
Fri 9 Apr 2004 156,784 A..H. --- "C:\Program Files\AOL 9.0c\aoltray.exe"
Fri 9 Apr 2004 31,344 A..H. --- "C:\Program Files\AOL 9.0c\RBM.exe"
Thu 21 Jun 2007 46,384 A..H. --- "C:\Program Files\AOL 9.0 VR\AOLphx.exe"
Thu 24 May 2007 54,832 A..H. --- "C:\Program Files\AOL 9.0 VR\AOLphxex.exe"
Thu 24 May 2007 33,328 A..H. --- "C:\Program Files\AOL 9.0 VR\rbm.exe"
Thu 16 Jun 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 16 Mar 2007 19,456 ...H. --- "C:\Documents and Settings\vesier\Application Data\Microsoft\Word\~WRL0005.tmp"
Wed 31 Oct 2007 19,456 ...H. --- "C:\Documents and Settings\vesier\Application Data\Microsoft\Word\~WRL0006.tmp"
Fri 16 Mar 2007 19,456 ...H. --- "C:\Documents and Settings\vesier\Application Data\Microsoft\Word\~WRL0385.tmp"
Fri 16 Mar 2007 19,456 ...H. --- "C:\Documents and Settings\vesier\Application Data\Microsoft\Word\~WRL0458.tmp"
Wed 31 Oct 2007 19,456 ...H. --- "C:\Documents and Settings\vesier\Application Data\Microsoft\Word\~WRL0639.tmp"
Fri 16 Mar 2007 19,456 ...H. --- "C:\Documents and Settings\vesier\Application Data\Microsoft\Word\~WRL1377.tmp"
Wed 31 Oct 2007 19,456 ...H. --- "C:\Documents and Settings\vesier\Application Data\Microsoft\Word\~WRL1398.tmp"
Wed 31 Oct 2007 19,456 ...H. --- "C:\Documents and Settings\vesier\Application Data\Microsoft\Word\~WRL1437.tmp"
Wed 31 Oct 2007 19,456 ...H. --- "C:\Documents and Settings\vesier\Application Data\Microsoft\Word\~WRL2919.tmp"
Fri 16 Mar 2007 19,456 ...H. --- "C:\Documents and Settings\vesier\Application Data\Microsoft\Word\~WRL2925.tmp"
Fri 16 Mar 2007 19,456 ...H. --- "C:\Documents and Settings\vesier\Application Data\Microsoft\Word\~WRL4025.tmp"
Fri 16 Mar 2007 19,456 ...H. --- "C:\Documents and Settings\vesier\Application Data\Microsoft\Word\~WRL4029.tmp"
Fri 16 Mar 2007 19,456 ...H. --- "C:\Documents and Settings\vesier\Application Data\Microsoft\Word\~WRL4060.tmp"
Wed 31 Oct 2007 19,456 ...H. --- "C:\Documents and Settings\vesier\Application Data\Microsoft\Word\~WRL4079.tmp"
Thu 23 Aug 2007 96,072 A..H. --- "C:\Program Files\Fichiers communs\AOL\TopSpeed\3.0\WBUnins.exe"

Finished!

Rapport hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:44:52, on 04/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Fichiers communs\AOL\1169115209\ee\aolsoftware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Office] C:\WINDOWS\System32\mdm.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Windows Driver] C:\WINDOWS\rundll32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Microsoft Office] C:\WINDOWS\System32\mdm.exe (User 'Default user')
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D2C3FC8-77F1-44E8-80E5-4C1FD325A485}: NameServer = 212.27.32.176,212.27.32.177
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
0
Réponse 28 / 30
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
re

bon, cela commence à devenir bon.
Rencontres tu encore des problèmes ?
0
Réponse 29 / 30
kawick Messages postés 40 Statut Membre
 
Non,mon pc à l'air d'avoir regagné de la vitesse,surtout au demarrage.

Encore merci de ton aide.
0
Réponse 30 / 30
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
bonsoir,

parfait, je pense que tout doit être rentré dans l'ordre maintenant

Ferme toutes les applications en cours, puis télécharge ToolsCleaner2 sur ton Bureau.
http://perso.orange.fr/AceRothstein/ToolsCleaner2.exe

# Double clique sur ToolsCleaner2.exe > clique sur Extract sans changer la destination initiale.
# Ouvre le Poste de Travail > ouvre le Lecteur C:\
# Ouvre le dossier ToolsCleaner.
# Double clique sur ToolsCleaner2.bat < inclued picture > et suis les directives.
# Fais un copier/coller du rapport qui se trouve dans C:\TCleaner.txt
# Note : ton bureau va disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante :

CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

Tape explorer.exe et valide. Cela fera re-apparaître le Bureau

PUIS IMPORTANT

* démarrer-----------panneau de configuration------------système----------
onglet Restauration système-----------coche la case (Désactiver la restauration système)--------------
redémarre l'ordinateur
réactive la ensuite

* Pour améliorer la sécurité de ton PC prend quelques instants pour lire

CECI

bonne soirée
0