Virus: Vundo+Downloader Help je metrise plus!Résolu/Fermé

Question

Bonjour à tous,

Depuis quelques jour mon pc est infecté solide du virus Vundo, ainsi d'un dowloader auquels je ne peux  m'en défaire.
J'ai revus plusieurs post sur le sujet et effectué sans succès plusieurs tentatives avec entre autres Vundofix, Fixvundo, Avgas, Ad aware, Ccleaner. Mon antivirus ne cesses de les retrouver toujours vivant. Je ne peux que faire appel à votre aide. Aurais t-il quelqu'un qui pourais m'indiquer un remède '' atomique'?  Merci d'avance. Salutations.

nardino · Answer

Bonjour.

Télécharge Combofix de sUBs : 
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

	[*]Ferme toutes les fenêtres
	[*]Double-clique sur combofix.exe (ne clique pas sur la fenêtre qui s'ouvre)
	[*]Appuie sur Y pour lancer le scan
	[*]A la fin du scan (cela peut prendre du temps), un rapport sera créé.
Poste ce rapport dans ton prochain message.

gallipette · Answer

Bonjour nardino, Merci et voilà le log: ComboFix 07-11-01.1 - Sni 2007-11-02 14:29:12.1 - NTFSx86 Running from: C:\Documents and Settings\Sni\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\SystemApp C:\Program Files\SystemApp\bho.dat C:\Program Files\SystemApp\er.dat C:\Program Files\SystemApp\ie-improver.dll C:\Program Files\SystemApp\uninstall.exe C:\WINDOWS\cookies.ini C:\WINDOWS\system32\__c00176A0.dat C:\WINDOWS\system32\__c0031435.dat C:\WINDOWS\system32\__c0034584.dat C:\WINDOWS\system32\__c004CEDE.dat C:\WINDOWS\system32\__c007C8EA.dat C:\WINDOWS\system32\__c00941C4.dat C:\WINDOWS\system32\__c00A87BF.dat C:\WINDOWS\system32\__c00AE964.dat C:\WINDOWS\system32\__c00DA4E4.dat C:\WINDOWS\system32\__c00EF342.dat C:\WINDOWS\system32\~.exe C:\WINDOWS\system32\akfyxgwv.dll C:\WINDOWS\system32\cbnltxce.dll C:\WINDOWS\system32\ecxtlnbc.ini C:\WINDOWS\system32\equbtqux.dll C:\WINDOWS\system32\iiwximgm.dll C:\WINDOWS\system32\kjsbpptm.dll C:\WINDOWS\system32\mtppbsjk.ini C:\WINDOWS\system32 attsihw.dll C:\WINDOWS\system32\sysdl132.exe C:\WINDOWS\system32 evnmxrk.dll C:\WINDOWS\system32 tstv.bak1 C:\WINDOWS\system32 tstv.bak2 C:\WINDOWS\system32 tstv.ini C:\WINDOWS\system32 tstv.ini2 C:\WINDOWS\system32 tstv.tmp C:\WINDOWS\system32\ujfbvmoh.dll C:\WINDOWS\system32\urckxjgg.dll C:\WINDOWS\system32\vtstt.dll C:\WINDOWS\system32\vwgxyfka.ini C:\WINDOWS\system32\whisttan.ini C:\WINDOWS\system32\xrvcexid.dllbox C:\WINDOWS\system32\xuqtbuqe.ini C:\WINDOWS\system32\xxizelrx.dllbox . ((((((((((((((((((((((((( Files Created from 2007-10-02 to 2007-11-02 ))))))))))))))))))))))))))))))) . 2007-11-02 14:25 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-01 10:30 d-------- C:\Documents and Settings\Sni\Application Data\Grisoft 2007-11-01 09:41 d-------- C:\Program Files\Trend Micro 2007-11-01 09:33 d-------- C:\Program Files\CCleaner 2007-11-01 09:30 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-11-01 09:30 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-11-01 09:27 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-01 09:25 d-------- C:\Program Files\Lavasoft 2007-11-01 09:25 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-11-01 09:20 d-------- C:\kav 2007-10-29 13:52 589 --a------ C:\WINDOWS\system32\ihiqamiy.dll 2007-10-28 21:40 1,100 --a------ C:\WINDOWS\system32\d3d8caps.dat 2007-10-28 20:50 589 --a------ C:\WINDOWS\system32\fhklowpg.dll 2007-10-28 13:17 d-------- C:\VundoFix Backups 2007-10-26 23:52 d-------- C:\WINDOWS\pss 2007-10-25 20:14 d-------- C:\WINDOWS\system32\Screen_eng dir 2007-10-25 20:14 202,240 --a------ C:\WINDOWS\system32\Screen_eng.scr 2007-10-25 13:14 19,606 --a------ C:\WINDOWS\system32\instdump.zip 2007-10-06 21:29 d-------- C:\Program Files\Able Staff Scheduler . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-02 13:34 --------- d-----w C:\Program Files\Symantec AntiVirus 2007-11-01 09:01 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2007-11-01 09:01 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-11-01 08:24 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-10-31 14:22 26,624 ----a-w C:\Documents and Settings\Sni sutil.dll 2007-10-27 00:26 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-26 02:06 --------- d-----w C:\Documents and Settings\Sni\Application Data\Skype 2007-10-03 17:33 --------- d-----w C:\Documents and Settings\Sni\Application Data\ICAClient 2007-09-24 11:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd 2007-09-24 11:10 --------- d-----w C:\Program Files\Common Files\logishrd 2007-09-24 00:44 --------- d-----w C:\Program Files\Logitech 2007-09-04 22:08 --------- d-----w C:\Program Files\Astase 2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5B4CA4CE-B386-491B-AB6B-559B08E0B852}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9E96D865-BDAC-4BE0-BE11-84E451B47A29}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC9213C1-8D47-4C31-92A7-A5433A90022E}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 15:01] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 08:11] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-05-06 13:06] "AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 14:00 C:\WINDOWS\AGRSMMSG.exe] "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-02-22 07:03] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 11:30] "PTHOSTTR"="C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.exe" [2006-02-14 10:56] "AccelerometerSysTrayApplet"="C:\WINDOWS\system32\AccelerometerSt.exe" [2006-01-16 21:01] "AClntUsr"="C:\Program Files\Altiris\AClient\AClntUsr.EXE" [2007-11-02 04:15] "AeXAgentLogon"="C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe" [2007-02-19 00:58] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 17:14] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-06-15 01:40] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-08 16:44] "DXDllRegExe"="dxdllreg.exe" [] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 16:11] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 08:07] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 12:42] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 04:50] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 15:06] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25] "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 01:56] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56] "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 09:21] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\DeviceNP] DeviceNP.dll 2006-01-12 13:05 49152 C:\WINDOWS\system32\DeviceNP.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\IfxWlxEN] IfxWlxEN.dll 2006-03-03 14:08 434176 C:\WINDOWS\system32\IfxWlxEN.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\OneCard] C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll 2005-07-25 17:41 40960 C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtstt.dll "Notification Packages"= scecli AsWlnPkg [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance ASChannel [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}] rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\wmactedp.inf,PerUserStub,,4 . Contents of the 'Scheduled Tasks' folder "2007-11-02 03:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job" . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-02 14:37:30 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ???P^??????(?@???????@ scanning hidden files ... ************************************************************************** . Completion time: 2007-11-02 14:39:26 - machine was rebooted . --- E O F ---

nardino · Answer

Bonsoir,


- Ouvre le bloc-note et colles-y les lignes écrites ci-dessous :

Files:
C:\WINDOWS\system32\ihiqamiy.dll
C:\WINDOWS\system32\d3d8caps.dat 
C:\WINDOWS\system32\fhklowpg.dll 
C:\WINDOWS\pss 
C:\WINDOWS\system32\Screen_eng dir 
C:\WINDOWS\system32\Screen_eng.scr 
C:\WINDOWS\system32\instdump.zip 
C:\WINDOWS\system32\vtstt.dll

Registry:
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\DeviceNP] 
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\IfxWlxEN] 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=- 

- Enregistre-le sous CFScript.txt, sur le bureau
- Comme sur l'image présentée ici, fais glisser CFScript.txt dans Combofix.exe
	http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
- Poste le résultat et un nouveau rapport HijackThis !

Télécharge Avira AntiRootkit Tool et dézippe-le sur ton bureau : http://dl.antivir.de/down/windows/antivir_rootkit.zip
 
Ouvre le dossier antivir_rootkit créé, double-clique sur le fichier "setup.exe", et suis les instructions d'installation du programme. 
Lorsque c'est terminé, tu psupprimes le dossier du bureau et tu lances l'outil par le menu Démarrer / Tous les programmes / Avira RootKit Detection / Avira RootKit Detection.
Vérifie que les cases "Scan files", "Scan registry", "Scan processes", "Scan all drives" et "Show progress" soient bien cochées. 
Clique à présent sur "Start scan" et patiente.
Lorsque le scan est terminé, clique sur "View report" et dans ta prochaine réponse, poste le contenu du rapport qui s'est ouvert.

gallipette · Answer

Bonjour nardino, merci du suivi. Je post les logs dans l'ordre demandé: ComboFix 07-11-01.1 - Sni 2007-11-03 5:49:18.2 - NTFSx86 Running from: C:\Documents and Settings\Sni\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Sni\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-10-03 to 2007-11-03 ))))))))))))))))))))))))))))))) . 2007-11-02 14:25 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-01 10:30 d-------- C:\Documents and Settings\Sni\Application Data\Grisoft 2007-11-01 09:41 d-------- C:\Program Files\Trend Micro 2007-11-01 09:33 d-------- C:\Program Files\CCleaner 2007-11-01 09:30 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-11-01 09:30 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-11-01 09:27 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-01 09:25 d-------- C:\Program Files\Lavasoft 2007-11-01 09:25 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-11-01 09:20 d-------- C:\kav 2007-10-29 13:52 589 --a------ C:\WINDOWS\system32\ihiqamiy.dll 2007-10-28 21:40 1,100 --a------ C:\WINDOWS\system32\d3d8caps.dat 2007-10-28 20:50 589 --a------ C:\WINDOWS\system32\fhklowpg.dll 2007-10-28 13:17 d-------- C:\VundoFix Backups 2007-10-26 23:52 d-------- C:\WINDOWS\pss 2007-10-25 20:14 d-------- C:\WINDOWS\system32\Screen_eng dir 2007-10-25 20:14 202,240 --a------ C:\WINDOWS\system32\Screen_eng.scr 2007-10-25 13:14 19,606 --a------ C:\WINDOWS\system32\instdump.zip 2007-10-06 21:29 d-------- C:\Program Files\Able Staff Scheduler . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-02 13:39 --------- d-----w C:\Program Files\Symantec AntiVirus 2007-11-01 09:01 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2007-11-01 09:01 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-11-01 08:24 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-10-31 14:22 26,624 ----a-w C:\Documents and Settings\Sni sutil.dll 2007-10-27 00:26 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-10-26 02:06 --------- d-----w C:\Documents and Settings\Sni\Application Data\Skype 2007-10-03 17:33 --------- d-----w C:\Documents and Settings\Sni\Application Data\ICAClient 2007-09-24 11:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd 2007-09-24 11:10 --------- d-----w C:\Program Files\Common Files\logishrd 2007-09-24 00:44 --------- d-----w C:\Program Files\Logitech 2007-09-04 22:08 --------- d-----w C:\Program Files\Astase 2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll . ((((((((((((((((((((((((((((( snapshot@2007-11-02_14.37.36.15 ))))))))))))))))))))))))))))))))))))))))) . + 2007-11-02 13:38:12 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_258.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5B4CA4CE-B386-491B-AB6B-559B08E0B852}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9E96D865-BDAC-4BE0-BE11-84E451B47A29}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-31 15:01] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 08:11] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-05-06 13:06] "AGRSMMSG"="AGRSMMSG.exe" [2005-12-12 14:00 C:\WINDOWS\AGRSMMSG.exe] "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-02-22 07:03] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 11:30] "PTHOSTTR"="C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.exe" [2006-02-14 10:56] "AccelerometerSysTrayApplet"="C:\WINDOWS\system32\AccelerometerSt.exe" [2006-01-16 21:01] "AClntUsr"="C:\Program Files\Altiris\AClient\AClntUsr.EXE" [2007-11-02 14:37] "AeXAgentLogon"="C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe" [2007-02-19 00:58] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 17:14] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-06-15 01:40] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-08 16:44] "DXDllRegExe"="dxdllreg.exe" [] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 16:11] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 08:07] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 12:42] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 04:50] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 15:06] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25] "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 01:56] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56] "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 09:21] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\DeviceNP] DeviceNP.dll 2006-01-12 13:05 49152 C:\WINDOWS\system32\DeviceNP.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\IfxWlxEN] IfxWlxEN.dll 2006-03-03 14:08 434176 C:\WINDOWS\system32\IfxWlxEN.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\OneCard] C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll 2005-07-25 17:41 40960 C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Notification Packages"= scecli AsWlnPkg [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Cognizance ASChannel [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}] rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\wmactedp.inf,PerUserStub,,4 . Contents of the 'Scheduled Tasks' folder "2007-11-02 19:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job" . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-03 05:52:20 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ???P^??????(?@???????@ scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-03 5:53:15 C:\ComboFix2.txt ... 2007-11-02 14:39 . --- E O F --- ********************************* Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:58:20, on 03/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Citrix\ICA Client\ssonsvr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\HPQ\IAM\bin\asghost.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\AccelerometerSt.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\PrintKey-Pro\PKey_Pro.exe C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Altiris\AClient\AClient.exe C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Altiris\AClient\AClntUsr.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\ccsrvc.exe C:\Program Files\Altiris\Carbon Copy\shellker.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\WINDOWS\system32\IFXSPMGT.exe C:\WINDOWS\system32\IFXTCS.exe C:\Program Files\Reverso\Reverso Translation Server\LogoMedia TranslateDotNet Server.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Altiris\CARBON~1\client.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Common Files\PCSuite\Services\NclBTHandler.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32 otepad.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.es/?gws_rd=ssl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://infocenter.intranet.srt.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.reverso.net/text_translation.aspx?lang=EN R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.195.288.7:8000 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.195.*.* O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\WINDOWS\system32\cgmopenbho.dll O2 - BHO: Plugin Class - {56CD20F0-7C09-11D5-A768-0050042307CE} - C:\Program Files\SAP\SAP Tutor\PlayerIE.dll O2 - BHO: (no name) - {5B4CA4CE-B386-491B-AB6B-559B08E0B852} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: (no name) - {9E96D865-BDAC-4BE0-BE11-84E451B47A29} - (no file) O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll O3 - Toolbar: &Reverso Translator 2 - {44D1E473-D8E8-4630-86DA-09AAB1DDB399} - C:\PROGRA~1\Reverso\REVERS~2\REVERS~1.DLL O3 - Toolbar: (no name) - {995B2B9A-FCC5-4BE8-B98F-E9CD53C514FE} - (no file) O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXE O4 - HKLM\..\Run: [AeXAgentLogon] C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe /logon O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: PrintKey-Pro.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://infocenter.intranet.srt.com O15 - Trusted Zone: *.n0262778 (HKLM) O15 - Trusted Zone: apps.srt.com (HKLM) O15 - Trusted Zone: srtappl.intranet.srt.com (HKLM) O15 - Trusted Zone: srt.srt.intra (HKLM) O15 - Trusted Zone: *.zrhsm0001 (HKLM) O15 - Trusted IP range: 10.195.288.11 (HKLM) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://webmail.ed.fr/iNotes6W.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/... O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/... O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Altiris\AClient\AClient.exe O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Altiris Carbon Copy (CarbonCopy32) - Altiris - C:\WINDOWS\system32\ccsrvc.exe O23 - Service: Carbon Copy Scheduler (CarbonCopyScheduler) - Altiris - C:\WINDOWS\system32\schdsrvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Unknown owner - C:\Program Files\DRoster bis\Firebird\bin\fbguard.exe (file missing) O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Unknown owner - C:\Program Files\DRoster bis\Firebird\bin\fbserver.exe (file missing) O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - c:\WINDOWS\system32\flcdlock.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Program Files\Reverso\Reverso Translation Server\LogoMedia TranslateDotNet Server.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O24 - Desktop Component 0: (no name) - about:blank

nardino · Answer

Bonjour.

Excuse-moi j'ai fait une petite erreur dans le script Combofix
Recommence avec ce qui suit :

Files::
C:\WINDOWS\system32\ihiqamiy.dll
C:\WINDOWS\system32\d3d8caps.dat
C:\WINDOWS\system32\fhklowpg.dll
C:\WINDOWS\pss
C:\WINDOWS\system32\Screen_eng dir
C:\WINDOWS\system32\Screen_eng.scr
C:\WINDOWS\system32\instdump.zip
C:\WINDOWS\system32\vtstt.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\DeviceNP]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\IfxWlxEN]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=- 

Il faut deux fois :: et je ne l'avais mis qu'une seule.  :-(

Télécharge sur ton bureau RHosts (Merci à S!ri)
http://siri.urz.free.fr/Softs/RHosts.exe

Double-clique sur Rhosts.exe et clique sur "restaurer".

Poste un nouveau log Hijackthis.

gallipette · Answer

Bonjour,
Merci et pas de problem pour les :: Je te poste le dernier log HijackThis après avoir relancer Combofix et  double-cliqué  sur Rhosts.exe ainsi sur "restaurer" et ensuite avor confirmé la restauration.( Je sais pas si la restauration Host à été faite en arrière plan car je n'ai pas remarqué de ''process'' en cours, j'espère que ça à fonctionner, car tout c'est passé en une fraction de seconde).

Voici le log ::   @+


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:18:40, on 03/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\PrintKey-Pro\PKey_Pro.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Altiris\AClient\AClient.exe
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\ccsrvc.exe
C:\Program Files\Altiris\Carbon Copy\shellker.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Reverso\Reverso Translation Server\LogoMedia TranslateDotNet Server.exe
C:\Program Files\Altiris\AClient\AClntUsr.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\Altiris\CARBON~1\client.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\PCSuite\Services\NclBTHandler.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.es/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://infocenter.intranet.srt.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.reverso.net/text_translation.aspx?lang=EN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =  10.195.288.7:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.195.*.*
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\WINDOWS\system32\cgmopenbho.dll
O2 - BHO: Plugin Class - {56CD20F0-7C09-11D5-A768-0050042307CE} - C:\Program Files\SAP\SAP Tutor\PlayerIE.dll
O2 - BHO: (no name) - {5B4CA4CE-B386-491B-AB6B-559B08E0B852} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {9E96D865-BDAC-4BE0-BE11-84E451B47A29} - (no file)
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: &Reverso Translator 2 - {44D1E473-D8E8-4630-86DA-09AAB1DDB399} - C:\PROGRA~1\Reverso\REVERS~2\REVERS~1.DLL
O3 - Toolbar: (no name) - {995B2B9A-FCC5-4BE8-B98F-E9CD53C514FE} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXE
O4 - HKLM\..\Run: [AeXAgentLogon] C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe /logon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: PrintKey-Pro.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://infocenter.intranet.srt.com
O15 - Trusted Zone: *.n0262778 (HKLM)
O15 - Trusted Zone: apps.srt.com (HKLM)
O15 - Trusted Zone: srtappl.intranet.srt.com (HKLM)
O15 - Trusted Zone: srt.srt.intra (HKLM)
O15 - Trusted Zone: *.zrhsm0001 (HKLM)
O15 - Trusted IP range: 10.195.288.11 (HKLM)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://webmail.ed.fr/iNotes6W.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Altiris\AClient\AClient.exe
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Altiris Carbon Copy (CarbonCopy32) - Altiris - C:\WINDOWS\system32\ccsrvc.exe
O23 - Service: Carbon Copy Scheduler (CarbonCopyScheduler) - Altiris - C:\WINDOWS\system32\schdsrvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Unknown owner - C:\Program Files\DRoster bis\Firebird\bin\fbguard.exe (file missing)
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Unknown owner - C:\Program Files\DRoster bis\Firebird\bin\fbserver.exe (file missing)
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - c:\WINDOWS\system32\flcdlock.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Program Files\Reverso\Reverso Translation Server\LogoMedia TranslateDotNet Server.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O24 - Desktop Component 0: (no name) - about:blank

nardino · Answer

Bonsoir 
Tu vas appliquer ce qui suit:
1°-Télécharge Antivir

-Antivir de Avira : https://www.avira.com/

Clique sur "download here" en bas de la colonne Classic et dans la fenêtre suivante clique sur la version de ton système. 
(Attention pas disponible pour Vista 64 bits.)

Enregistre le fichier (16.4 Mo) et installe le programme.
Voici un tutoriel pour ce faire et bien paramétrer le programme.

http://speedweb1.free.fr/frames2.php?page=tuto5
Merci à Tesgaz.

Mets-le à jour et referme-le.

2°-Démarrage en mode sans échec 

Important de faire la procédure sous ce mode.
Il faut choisir la même session que celle qui est infectée et non pas la session Administrateur qui apparaît.

Après la fermeture de la première fenêtre, au tout début de la phase de démarrage du PC (boot), appuie sur F8.
Une fenêtre de type DOS s'ouvre, sélectionne [b]Mode sans échec[/b] à l'aide des flèches du clavier et clique sur Entrée (Enter).
Ne t'inquiète pas de l'aspect, Windows démarre avec le minimum nécessaire et peut prendre quelque minutes pour démarrer.

3°-Scan antivirus

Tu cliques sur l'icône du bureau pour lancer Antivir.
Dans l'onglet Scanner,; tu cliques sur la croix devant Manual Selection et tu coches Poste de travail.
Tu laisses tout coché pour la première analyse.
Tu cliques sur l'icône en forme de loupe en-dessous de Status pour lancer l'analyse qui peut durée une heure.
Il est préférable de ne pas s'éloigner pour répondre aux messages en cas d'alerte.
Tu choisis "Moved to quarantine" pour tout ce qu'il trouve.
Quand le scan est terminé, tu clique sur End.

4°-Redémarrage en mode normal

Tu postes le rapport Antivir.
Tu ouvres le programme et dans l'onglet Reports, choisi Scan avec la date correspondante, double-clique dessus et ensuite sur Report file 
Fais un copier-coller de la totalité du rapport ici.
Ce programme sera désinstallé ou remplacera ton antivirus existant selon tes souhaits car il ne faut pas garder deux antivirus actifs en même temps.

gallipette · Answer

Bonjour,

Merci du super suivi et voici le rapport AntiVir @+

AntiVir PersonalEdition Classic
Report file date: lunes, 05 de noviembre de 2007  14:38

Scanning for 916338 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (Service Pack 2)  [5.1.2600]
Username:         Sni
Computer name:    NB0001

Version information:
BUILD.DAT    : 270           15603 Bytes  19.09.2007 13:32:00
AVSCAN.EXE   : 7.0.6.1      290856 Bytes  23.08.2007 13:16:29
AVSCAN.DLL   : 7.0.6.0       49192 Bytes  16.08.2007 12:23:51
LUKE.DLL     : 7.0.5.3      147496 Bytes  14.08.2007 15:32:47
LUKERES.DLL  : 7.0.6.1       10280 Bytes  21.08.2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0    11030528 Bytes  18.07.2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0     1640448 Bytes  13.09.2007 14:26:55
ANTIVIR2.VDF : 7.0.0.140    940544 Bytes  26.10.2007 13:17:33
ANTIVIR3.VDF : 7.0.0.171    164352 Bytes  05.11.2007 13:17:33
AVEWIN32.DLL : 7.6.0.30    3056128 Bytes  05.11.2007 13:17:33
AVWINLL.DLL  : 1.0.0.7       14376 Bytes  26.02.2007 10:36:26
AVPREF.DLL   : 7.0.2.2       25640 Bytes  18.07.2007 07:39:17
AVREP.DLL    : 7.0.0.1      155688 Bytes  16.04.2007 13:16:24
AVPACK32.DLL : 7.3.0.15     360488 Bytes  03.08.2007 08:46:00
AVREG.DLL    : 7.0.1.6       30760 Bytes  18.07.2007 07:17:06
AVARKT.DLL   : 1.0.0.20     278568 Bytes  28.08.2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20      86056 Bytes  18.07.2007 07:10:18
NETNT.DLL    : 7.0.0.0        7720 Bytes  08.03.2007 11:09:42
RCIMAGE.DLL  : 7.0.1.30    2342952 Bytes  07.08.2007 12:38:13
RCTEXT.DLL   : 7.0.62.0      86056 Bytes  21.08.2007 12:50:37
SQLITE3.DLL  : 3.3.17.1     339968 Bytes  23.07.2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: E:, 
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, 
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: lunes, 05 de noviembre de 2007  14:38

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
10 processes with 10 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
      [NOTE]      No virus was found!
Boot sector 'E:\'
      [NOTE]      In the drive 'E:\' no data medium is inserted!

Starting to scan the registry.
The registry was scanned ( '40' files ).


Starting the file scan:

Begin scan in 'C:\' <SYSTEM>
C:\pagefile.sys
      [WARNING]   The file could not be opened!
C:\qoobox\Quarantine\catchme2007-11-02_143643.85.zip
  [0] Archive type: ZIP
  --> vtstt.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [INFO]      The file was moved to '47a3259d.qua'!
C:\qoobox\Quarantine\C\Program Files\SystemApp\ie-improver.dll.vir
      [DETECTION] Is the Trojan horse TR/Dldr.BHO.A.2
      [INFO]      The file was moved to '475c25a9.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\sysdl132.exe.vir
      [DETECTION] Is the Trojan horse TR/Drop.BHO.A.1
      [INFO]      The file was moved to '47a225c7.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32	evnmxrk.dll.vir
      [DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
      [INFO]      The file was moved to '47a525b8.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\urckxjgg.dll.vir
      [DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
      [INFO]      The file was moved to '479225cb.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\vtstt.dll.vir
      [DETECTION] Is the Trojan horse TR/Trash.Gen
      [INFO]      The file was moved to '47a225d3.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\~.exe.vir
      [DETECTION] Is the Trojan horse TR/Dldr.BHO.A.1.A
      [INFO]      The file was moved to '47942595.qua'!
Begin scan in 'D:\'
Search path D:\ could not be opened!
The device is not ready.

Begin scan in 'E:\'
Search path E:\ could not be opened!
The device is not ready.



End of the scan: lunes, 05 de noviembre de 2007  15:28
Used time: 50:13 min

The scan has been done completely.

   9033 Scanning directories
 457741 Files were scanned
      7 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      7 files were moved to quarantine
      0 files were renamed
      1 Files cannot be scanned
 457734 Files not concerned
   9942 Archives were scanned
      1 Warnings
      0 Notes

Salutations

nardino · Answer

Bonsoir.
Vide la quarantine de Antivir et donne des infos sur tes problèmes.
Poste un rapport Hijackthis de contrôle.

gallipette · Answer

Bonjour,
Avant de faire la procedure AntiVir, symantec trouvais constament le virus Vundo et le bloquais, nettoyais le virus par suppresion et me demandais de rebooter le pc pour terminer le procedé. je n'ai plus eu alors de pop up et tout paraisait en ordre sauf les detections Vundo de symantec.
Je crois que AntiVir à fait maintenant son boulot et trouvé, éliminé les trojan. Maintenant malheureusement après avoir vider la quarantaine de Antivir, j'ai depuis ce matin  perdu une bonne partie des settings de mon PC, plus aucune imprimante installée, résolution de l'écran plus adaptée à mon écran ( trop Grand) et ne peu pas être ajustée. les fenêtres Iexplorer ne se minimisent plus et se ferme ( toujours active dans task manager ) certain documents office à l'ouverture me donne des message ''can not use object linking and embedding'' un écran Jaune à droite de la barre des tâches est apparues 2 fois en me disant que symantec est disabled, la fonction search windows et Iexploer ne s'ouvre plus... voilà un peu la situation actuel que je rencontre :-(
Je suis en train de me demander si je devrais pas lancer une reconfiguration total avec un cd preload que j'ai pour arrêter les frais ??
si nous en arrivons là, je ne sais pas si il y à un risque que j'enregistre des malwares en sauvant les documents  sur un disque dur externe avant.

C'est grave docteur  ??  y à t-il encore quelque chose a faire ? je poste le log Hyjackthis:

Salutations

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:14:29, on 06/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Altiris\AClient\AClient.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\Altiris\AClient\AClntUsr.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\PrintKey-Pro\PKey_Pro.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.es/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://infocenter.intranet.srt.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.reverso.net/text_translation.aspx?lang=EN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =  10.195.288.7:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.195.*.*
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\WINDOWS\system32\cgmopenbho.dll
O2 - BHO: Plugin Class - {56CD20F0-7C09-11D5-A768-0050042307CE} - C:\Program Files\SAP\SAP Tutor\PlayerIE.dll
O2 - BHO: (no name) - {5B4CA4CE-B386-491B-AB6B-559B08E0B852} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {9E96D865-BDAC-4BE0-BE11-84E451B47A29} - (no file)
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: &Reverso Translator 2 - {44D1E473-D8E8-4630-86DA-09AAB1DDB399} - C:\PROGRA~1\Reverso\REVERS~2\REVERS~1.DLL
O3 - Toolbar: (no name) - {995B2B9A-FCC5-4BE8-B98F-E9CD53C514FE} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXE
O4 - HKLM\..\Run: [AeXAgentLogon] C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe /logon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-2496635599-136742246-1834580906-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2496635599-136742246-1834580906-1008\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User '?')
O4 - HKUS\S-1-5-21-2496635599-136742246-1834580906-1008\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: PrintKey-Pro.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://infocenter.intranet.srt.com
O15 - Trusted Zone: *.n0262778 (HKLM)
O15 - Trusted Zone: apps.srt.com (HKLM)
O15 - Trusted Zone: srtappl.intranet.srt.com (HKLM)
O15 - Trusted Zone: srt.srt.intra (HKLM)
O15 - Trusted Zone: *.zrhsm0001 (HKLM)
O15 - Trusted IP range: 10.195.288.11 (HKLM)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://webmail.ed.fr/iNotes6W.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Altiris\AClient\AClient.exe
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Altiris Carbon Copy (CarbonCopy32) - Altiris - C:\WINDOWS\system32\ccsrvc.exe
O23 - Service: Carbon Copy Scheduler (CarbonCopyScheduler) - Altiris - C:\WINDOWS\system32\schdsrvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Unknown owner - C:\Program Files\DRoster bis\Firebird\bin\fbguard.exe (file missing)
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Unknown owner - C:\Program Files\DRoster bis\Firebird\bin\fbserver.exe (file missing)
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - c:\WINDOWS\system32\flcdlock.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Program Files\Reverso\Reverso Translation Server\LogoMedia TranslateDotNet Server.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O24 - Desktop Component 0: (no name) - about:blank

nardino · Answer

Bonjour.

Bonjour,

A l'aide de Hijackthis lancé sans autre application par Scan only, tu coches ces lignes:

O2 - BHO: (no name) - {5B4CA4CE-B386-491B-AB6B-559B08E0B852} - (no file) 
O2 - BHO: (no name) - {9E96D865-BDAC-4BE0-BE11-84E451B47A29} - (no file) 
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe 
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe 
O4 - HKUS\S-1-5-21-2496635599-136742246-1834580906-1008\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User '?') 

Puis tu cliques sur Fix checked.

Si tu n'utlises pas la fonction Riad pour tes disques durs, tu peux aussi cocher celle-ci:
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe 

Dans Spybot S&D mode avancé, Outils, Démarrage du système, tu décoches :

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe 
O4 - HKLM\..\Run: [AeXAgentLogon] C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe /logon 
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime 
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe 
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" 
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe 
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" 
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog 

Tous ces processus sont lancés inutilement au démarrage.

Comment es-tu connectée à Internet ?
Matériel et fournisseur d'accès.

gallipette · Answer

Bonsoir et merci,

Je suis connecté adsl au net de plusieurs manières.
Soit 1/ Maison avec WIFI,  2/ bureau avec une connection LAN.
Expatrié en espagne j'ai un fourniseur d'accès telefonica local.

@+

gallipette · Answer

Bonjour,

Je crois etre sur le  point de non retour et pense bien reformater la becane... La, elle se porte de moins en moins bien... snif
Encore un merci pour les tentatives mais la, je desespere...

@+

nardino · Answer

Bonjour
Avant d'en arriver là, applique ce qui suit.
Lance Hijackthis par Scan only et coche si cela n'a pas été installé par ta connexion à titre professionnel:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.195.288.7:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.195.*.* 
O15 - Trusted Zone: *.n0262778 (HKLM)
O15 - Trusted Zone: apps.srt.com (HKLM)
O15 - Trusted Zone: srtappl.intranet.srt.com (HKLM)
O15 - Trusted Zone: srt.srt.intra (HKLM)
O15 - Trusted Zone: *.zrhsm0001 (HKLM)
O15 - Trusted IP range: 10.195.288.11 (HKLM) 
Puis tu cliques sur Fix cheked.

Télécharge FixWareout.exe :
http://downloads.subratam.org/Fixwareout.exe
ou
http://download.bleepingcomputer.com/lonny/Fixwareout.exe
Enregistrer le fichier sur le Bureau.

Fermer tous les programmes en cours..
Double-clic sur FixWareout.exe pour le lancer.
Clic sur Next, puis sur Install
Vérifier que la case Run fixit est cochée et clic sur Finish.
Suivre les messages affichés dans la fenêtre type DOS:

"Appuyer sur une touche pour continuer ...", appuyer n'importe quelle touche du clavier.

Il est demandé de redémarrer l'ordinateur:
A l'affichage d'une fenêtre 'BFU', "Please allow your system to reboot ...": cliquer sur OK.
A l'affichage d'une fenêtre 'System Settings Change', "You must restart your computer before the new settings ...": cliquer sur Oui/Yes.

Le système va mettre plus de temps que d'habitude pour démarrer: c'est normal.

Après le redémarrage, suivre les invites des messages:
-Affichage d'une fenêtre 'BFU', "Beginning fix;", cliquer sur OK.
-Affichage d'une fenêtre 'BFU', "Still working. Please be patient.", cliquer sur OK.
-Affichage d'une fenêtre 'BFU', "Finished!", cliquer sur OK. 

Un rapport C:\fixwareout\report.txt sera créé, copier-coller ce dernier dans la prochaine réponse avec un nouveau rapport Hijackthis établi en mode normal.

Si nécessaire
Aller dans Démarrer - Panneau de configuration - Connexions, clic droit sur la connexion - Propriétés - onglet Gestion de réseau
Mettre en surbrillance Protocole Internet (TCP/IP) puis cliquer sur le bouton Propriétés.

gallipette · Answer

Bonjour, 

Quel bonheur de retrouver un pc qui tourne comme un horloge !

Nardino je voudrais te remercier pour ton support.
 Je n'avais plus rien qui tournais droit, perdu la plupart des fonctions...
Plus possible de recréer de connection au net, nis de télecharger sur un autre pc les appliques car le pc ne trouvais même plus les disques externe.Devenus trop le bronx j'ai finalement lancer une reconfiguration totale avec un preload pour arrêter les frais.
Apres 1 heure ai retrouvé toute mes applications. Plus de temps perdu a grailler les entrailles de la machine...

Ceci se temine par une résucitation.

Salutations

nardino · Answer

Bonsoir,
Serait-il possible de voir le rapport Combofix, s'il te plait ?
Merci

Virus: Vundo+Downloader Help je metrise plus!

16 réponses

Discussions similaires

Newsletters