Prob spyware secure and co

faabhyo Messages postés 37 Statut Membre -  
clownface Messages postés 1490 Statut Membre -
Bonjour,
depuis 3 jours j'ai de gros problème d'affichage de fenêtres avec spyware secure et probablement d'autres.
Quelqu'un peut-ilm'aider à résoudre cela ?
voici mon rapport hijack this.
Merci d'avance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:18:39, on 08/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\mrofinu1000106.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\xmjvfevx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Admin\Mes documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\oycxqiur.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [90a8fffe] rundll32.exe "C:\WINDOWS\system32\cqorfjld.dll",b
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0030399.dat
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\xmjvfevx.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
A voir également:

49 réponses

Précédent
Réponse 21 / 49
clownface Messages postés 1490 Statut Membre 73
 
je viens de regarder ton locussoftware correspond à un malware... superantispyware pourra s'en charger si avg ne le fait pas..
mais tu as déjà pas mal de logiciel antispy donc on verra ça demain.

bon courage à toi,
A+
0
Réponse 22 / 49
faabhyo Messages postés 37 Statut Membre
 
Salut clownface, je ne sais pas si tu es connecté ce soir, mais j'ai bien suivi ton conseil avec superantispyware et locussoftware a bien disparu.
J'ai refais un scan en ligne avec bitdefender, un avec a-squared free et un hijackthis.

Je te mets les 3 rapports si tu as le temps dis-moi si toutes les manips ont été bénefiques.

En tout cas plus de fenêtres intempestives !! ouf...

Ya pas a dire apparement tu as été drôlement (ahahah marrant pour un clownface) efficace !!

Bonne contiuation, j'hésiterais pas à faire appel à toi si j'ai de nouveaux soucis de ce genre.

Merci de ta réactivité et continu sur cette voie ...

Faabhyo.

En espérant que les rapports ne soient pas trop indigestes.

Je te mets les rapports dans l'orde suivant :
1- hijackthis
2- a-squared free
3- bitdefender.

1-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:07:45, on 09/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Admin\Mes documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {491E7725-E304-45FE-B185-305708BCDBC6} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {58EC40FE-F687-4338-8362-675DB0ABFEDF} - (no file)
O2 - BHO: (no name) - {6BC1E5A1-66EC-4A10-B6D5-8613267C621E} - (no file)
O2 - BHO: (no name) - {73A6C36C-2DE9-4C74-80BE-76376EA46F7A} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: (no name) - {A23E8655-61ED-4FE9-AF75-886B72915DA7} - (no file)
O2 - BHO: (no name) - {B60028C3-8774-4446-8DBC-727AA62CE784} - (no file)
O2 - BHO: (no name) - {D2C8BDCD-C436-4EBC-A6DE-A7C422DB3F28} - (no file)
O2 - BHO: (no name) - {E07DC0F6-C621-4E33-8B77-8BB5C5C95A9D} - (no file)
O2 - BHO: (no name) - {FE55E42B-53B1-4D8C-9FE5-AEF550581F38} - (no file)
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [90a8fffe] rundll32.exe "C:\WINDOWS\system32\cqorfjld.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\hjalydxg.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
0
Réponse 23 / 49
clownface Messages postés 1490 Statut Membre 73
 
Bonsoir,

redemarres en mode sans echec,
relances hijackthis, et coches ces lignes :

O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - C:\Program Files\ContextTool\ContextTool-2.dll
O2 - BHO: (no name) - {491E7725-E304-45FE-B185-305708BCDBC6} - (no file)
O2 - BHO: (no name) - {58EC40FE-F687-4338-8362-675DB0ABFEDF} - (no file)
O2 - BHO: (no name) - {6BC1E5A1-66EC-4A10-B6D5-8613267C621E} - (no file)
O2 - BHO: (no name) - {73A6C36C-2DE9-4C74-80BE-76376EA46F7A} - (no file)
O2 - BHO: (no name) - {A23E8655-61ED-4FE9-AF75-886B72915DA7} - (no file)
O2 - BHO: (no name) - {B60028C3-8774-4446-8DBC-727AA62CE784} - (no file)
O2 - BHO: (no name) - {D2C8BDCD-C436-4EBC-A6DE-A7C422DB3F28} - (no file)
O2 - BHO: (no name) - {E07DC0F6-C621-4E33-8B77-8BB5C5C95A9D} - (no file)
O2 - BHO: (no name) - {FE55E42B-53B1-4D8C-9FE5-AEF550581F38} - (no file)
O4 - HKLM\..\Run: [90a8fffe] rundll32.exe "C:\WINDOWS\system32\cqorfjld.dll",b
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\hjalydxg.exe (file missing)

cliques sur fix checked

supprimes ensuite ces fichiers / dossiers (en gras) :

C:\Program Files\ContextTool
C:\WINDOWS\system32\cqorfjld.dll

redemarres en mode normal, refais un scan bitdefender.. j'veux voir s'il en reste.
0
Réponse 24 / 49
faabhyo Messages postés 37 Statut Membre
 
voila le dernier rapport bitdefender et je mets un rapport hijack au cous où.



BitDefender Online Scanner







Rapport d'analyse généré à: Fri, Nov 09, 2007 - 23:50:03









Voie d'analyse: A:\;C:\;D:\;E:\;F:\;















Statistiques

Temps


01:42:11

Fichiers


380515

Directoires


6022

Secteurs de boot


4

Archives


1753

Paquets programmes


20126







Résultats

Virus identifiés


1

Fichiers infectés


1

Fichiers suspects


0

Avertissements


0

Désinfectés


0

Fichiers effacés


1







Info sur les moteurs

Définition virus


860818

Version des moteurs


AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Analyse des plugins


14

Archive des plugins


38

Unpack des plugins


7

E-mail plugins


6

Système plugins


1







Paramètres d'analyse

Première action


Désinfecté

Seconde Action


Supprimé

Heuristique


Oui

Acceptez les avertissements


Oui

Extensions analysées


*;

Excludez les extensions




Analyse d'emails


Oui

Analyse des Archives


Oui

Analyser paquets programmes


Oui

Analyse des fichiers


Oui

Analyse de boot


Oui








Fichier analysé


Statut

C:\System Volume Information\_restore{DB71B960-C923-49EB-AEA5-668180EE695A}\RP2\A0002464.exe


Infecté par: Trojan.Generic.64484

C:\System Volume Information\_restore{DB71B960-C923-49EB-AEA5-668180EE695A}\RP2\A0002464.exe


Echec de la désinfection

C:\System Volume Information\_restore{DB71B960-C923-49EB-AEA5-668180EE695A}\RP2\A0002464.exe


Supprimé










Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:52:14, on 09/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Admin\Mes documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 49
clownface Messages postés 1490 Statut Membre 73
 
on va faire un sdfix : http://mickael.barroux.free.fr/securite/sdfix.php
il y a encore des petites choses qui me chiffonnent...
0
Réponse 26 / 49
faabhyo Messages postés 37 Statut Membre
 
SDFix: Version 1.114

Run by Administrateur on 10/11/2007 at 00:10

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\n.bat - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-10 00:16:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\hjalydxg.exe"="C:\\WINDOWS\\system32\\hja"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sun 7 Jan 2007 1,835,008 A..H. --- "C:\Documents and Settings\Admin\NTUSER.DAT.bak_jv16pt"
Sun 7 Jan 2007 5 A.SH. --- "C:\WINDOWS\system32\accee9_s.dll"
Fri 9 Nov 2007 20,640 ..SH. --- "C:\WINDOWS\system32\olorcarx.dllbox"
Fri 9 Nov 2007 12,148 ..SH. --- "C:\WINDOWS\system32\rtvwa.tmp"
Thu 8 Nov 2007 6,505 ..SH. --- "C:\WINDOWS\system32\rtvwa.bak1"
Thu 8 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico1.tmp"
Thu 8 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico12.tmp"
Thu 8 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico13.tmp"
Thu 8 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico14.tmp"
Thu 8 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico15.tmp"
Thu 8 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico16.tmp"
Fri 9 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico17.tmp"
Fri 9 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico18.tmp"
Fri 9 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico19.tmp"
Fri 9 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico1A.tmp"
Fri 9 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico1B.tmp"
Thu 8 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico2.tmp"
Thu 8 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico2F.tmp"
Thu 8 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico3.tmp"
Thu 8 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico30.tmp"
Thu 8 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico31.tmp"
Thu 8 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico32.tmp"
Thu 8 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico33.tmp"
Fri 9 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico34.tmp"
Fri 9 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico35.tmp"
Fri 9 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico36.tmp"
Fri 9 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico37.tmp"
Fri 9 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico38.tmp"
Fri 9 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico39.tmp"
Fri 9 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico3A.tmp"
Fri 9 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico3B.tmp"
Fri 9 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico3C.tmp"
Fri 9 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico3D.tmp"
Thu 8 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico4.tmp"
Fri 9 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico42.tmp"
Fri 9 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico43.tmp"
Fri 9 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico44.tmp"
Fri 9 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico45.tmp"
Fri 9 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico46.tmp"
Thu 8 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico5.tmp"
Fri 9 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico51.tmp"
Fri 9 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico52.tmp"
Fri 9 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico53.tmp"
Fri 9 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico54.tmp"
Fri 9 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico55.tmp"
Fri 9 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico58.tmp"
Fri 9 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico59.tmp"
Fri 9 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico5A.tmp"
Fri 9 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico5B.tmp"
Fri 9 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico5C.tmp"
Thu 8 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico6.tmp"
Thu 8 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico7.tmp"
Thu 8 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico8.tmp"
Thu 8 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\ico9.tmp"
Thu 8 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\icoA.tmp"
Fri 9 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\icoB.tmp"
Fri 9 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\icoC.tmp"
Fri 9 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\icoD.tmp"
Fri 9 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\icoE.tmp"
Fri 9 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\icoF.tmp"
Thu 8 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\icoF5.tmp"
Thu 8 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\icoF6.tmp"
Thu 8 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\icoF7.tmp"
Thu 8 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\icoF8.tmp"
Thu 8 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Temp\icoF9.tmp"
Wed 24 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 5 Jan 2007 262,144 A..H. --- "C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.bak_jv16pt"
Fri 22 Dec 2006 262,144 A..H. --- "C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.bak_jv16pt"
Fri 22 Dec 2006 262,144 A..H. --- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.bak_jv16pt"

Finished!
0
Réponse 27 / 49
faabhyo Messages postés 37 Statut Membre
 
Clownface tu penses qu'on est arrivé au bout de cette désinfection ou bien il y a encore des anomalies.

Quoi qu'il en soit heureusement que t'es là parce que sinon je ne sais vraiment pas comment j'aurais fait pour m'en sortir.
0
Réponse 28 / 49
clownface Messages postés 1490 Statut Membre 73
 
en ce qui me concerne je file pour ce soir.
on ferra ensuite un scan f-secure : https://www.malekal.com/tutorial-f-secure-blacklight/
0
Réponse 29 / 49
faabhyo Messages postés 37 Statut Membre
 
ok merci pour ta patience et pour le temps passé à me donner tes explications.

Passe une bonne soirée.
A bientôt.
0
Réponse 30 / 49
faabhyo Messages postés 37 Statut Membre
 
salut clownface, je n'ai pas réussi à récupérer f-secure blacklight (url n'existe plus) mais j'ai fait un scan en ligne, je te joins le rapport et je refais un hijackthis.
Dis-moi ce que tu en penses.

Merci d'avance.

Scanning Report
Saturday, November 10, 2007 10:03:43 - 11:12:38

Computer name: XPSP2-62B04009C
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\
Result: 3 malware found
Tracking Cookie (spyware)

* System (Disinfected)
* System
* System

Statistics
Scanned:

* Files: 61622
* System: 4477
* Not scanned: 6

Actions:

* Disinfected: 1
* Renamed: 0
* Deleted: 0
* None: 2
* Submitted: 0

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

Options
Scanning engines:

* F-Secure Libra: 2.4.2, 2007-11-09
* F-Secure AVP: 7.0.171, 2007-11-09
* F-Secure Orion: 1.2.37, 2007-11-09
* F-Secure Blacklight: 1.0.64
* F-Secure Draco: 1.0.35, 2007-10-30
* F-Secure Pegasus: 1.19.0, 2007-10-06

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
* Use Advanced heuristics


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:50:13, on 10/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Admin\Mes documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
0
Réponse 31 / 49
clownface Messages postés 1490 Statut Membre 73
 
Bonjour,

Computer name: XPSP2-62B04009C
Scanning type: Scan system for viruses, rootkits, spyware

Result: 3 malware found

Actions:

* Disinfected: 1

* None: 2 <-- nulle part on te dit quels sont ces fichiers ??

O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL') <-- il y a toujours ça qui ne me plait pas..

peux-tu refaire un combofix ? http://www.commentcamarche.net/faq/sujet 6862 supprimer le trojan vundo virtumonde#3 me m thode combofix
0
Réponse 32 / 49
faabhyo Messages postés 37 Statut Membre
 
voila le hijackthis après combofix

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:01:06, on 10/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Admin\Mes documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [combofix] "C:\WINDOWS\system32\cmd.exe" /c "cd /d C:\ComboFix\ & Combobatch.bat"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
0
Réponse 33 / 49
clownface Messages postés 1490 Statut Membre 73
 
montres moi le rapport de combofix
0
Réponse 34 / 49
faabhyo Messages postés 37 Statut Membre
 
ComboFix 07-11-08.1 - Administrateur 2007-11-10 17:39:45.3 - NTFSx86 MINIMAL
Running from: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Admin\Bureau\Live Safety Center.lnk
C:\Documents and Settings\Admin\Bureau\Online Security Guide.lnk
C:\Documents and Settings\Admin\Favoris\Online Security Guide.lnk
C:\Documents and Settings\Administrateur\Bureau\Live Safety Center.lnk
C:\Documents and Settings\Administrateur\Bureau\Online Security Guide.lnk
C:\Documents and Settings\Administrateur\Favoris\Online Security Guide.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
C:\WINDOWS\system32\olorcarx.dllbox

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE




((((((((((((((((((((((((((((( Fichiers créés 2007-10-10 to 2007-11-10 ))))))))))))))))))))))))))))))))))))
.

2007-11-10 00:07 <REP> d-------- C:\WINDOWS\ERUNT
2007-11-09 08:38 12,148 ---hs---- C:\WINDOWS\system32\rtvwa.ini2
2007-11-09 08:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-09 08:22 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-09 08:22 <REP> d-------- C:\Documents and Settings\Admin\Application Data\SUPERAntiSpyware.com
2007-11-09 00:17 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Grisoft
2007-11-09 00:15 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2007-11-09 00:15 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-11-09 00:15 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2007-11-09 00:15 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2007-11-09 00:15 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2007-11-09 00:15 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2007-11-09 00:15 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2007-11-08 23:42 6,505 ---hs---- C:\WINDOWS\system32\rtvwa.bak1
2007-11-08 22:46 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Grisoft
2007-11-08 22:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-08 22:40 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-08 22:26 128 --a------ C:\winlogon.exe
2007-11-08 22:11 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-08 21:50 <REP> d-------- C:\VundoFix Backups
2007-11-08 19:49 <REP> d-------- C:\Program Files\CCleaner
2007-11-08 19:45 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-08 19:22 <REP> d-------- C:\Program Files\a-squared Free
2007-11-08 18:34 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-11-08 18:34 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-11-08 18:34 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-11-08 18:34 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-11-08 18:34 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-11-08 18:34 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-11-08 18:34 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-11-08 18:34 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-11-08 18:31 <REP> d-------- C:\WINDOWS\system32\fr-fr
2007-11-08 18:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-11-07 21:24 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-11-07 21:06 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-11-07 20:47 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2007-11-07 20:47 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2007-11-07 20:47 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2007-11-07 20:47 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2007-11-07 20:47 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2007-11-07 20:47 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2007-11-07 20:47 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2007-11-07 18:45 <REP> d-------- C:\WINDOWS\10B446B34DF44489A1688A98F7CD807E.TMP
2007-11-06 23:02 <REP> d-------- C:\Program Files\Spyware Doctor
2007-11-06 20:29 <REP> d-------- C:\Program Files\Evariste
2007-11-05 20:07 <REP> d-------- C:\Program Files\Sygate
2007-11-05 17:25 <REP> d-------- C:\Program Files\Codemasters
2007-11-05 08:29 786 --a------ C:\7664.bat
2007-11-05 08:29 0 --a------ C:\z.dat
2007-11-04 21:22 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-11-04 21:22 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-11-04 21:22 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-11-04 21:22 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-11-04 21:22 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-11-04 21:22 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-11-04 21:22 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-11-04 21:22 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-11-04 21:02 <REP> d-------- C:\Program Files\THQ
2007-11-02 15:49 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-02 15:46 <REP> d-------- C:\WINDOWS\system32\Mz18r
2007-11-02 15:46 <REP> d-------- C:\Temp\mZOr
2007-11-02 15:46 <REP> d-------- C:\Temp
2007-10-26 21:36 <REP> d-------- C:\Program Files\Ubisoft
2007-10-25 22:58 <REP> d-------- C:\WINDOWS\system32\Data
2007-10-25 22:58 24,576 --a------ C:\WINDOWS\INRES.DLL
2007-10-24 18:23 <REP> d-------- C:\Program Files\Windows Media Connect 2
2007-10-24 07:59 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-10-23 22:36 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Reasonable Software House Ltd
2007-10-23 22:35 <REP> d-------- C:\Program Files\Reasonable NoClone 2007 Home
2007-10-22 18:27 <REP> d-------- C:\Program Files\Micro Application
2007-10-22 18:26 <REP> d-------- C:\Documents and Settings\Admin\Application Data\InstallShield
2007-10-22 17:19 <REP> d-------- C:\Program Files\AML Products
2007-10-22 17:19 2,535,424 --a------ C:\WINDOWS\system32\agsaamj.dll
2007-10-22 17:19 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2007-10-22 17:19 610,304 --a------ C:\WINDOWS\system32\agsaamg.dll
2007-10-22 17:19 372,736 --a------ C:\WINDOWS\system32\agsaamc.dll
2007-10-22 17:19 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll
2007-10-22 17:19 90,112 --a------ C:\WINDOWS\system32\agsaami.dll
2007-10-22 17:19 53,760 --a------ C:\WINDOWS\system\ppacklib.dll
2007-10-22 17:19 77 --a------ C:\WINDOWS\system32\winitn.dll
2007-10-22 17:19 1 --a------ C:\WINDOWS\audi20.dat
2007-10-21 19:46 <REP> d-------- C:\WINDOWS\system\color
2007-10-21 19:46 <REP> d-------- C:\Program Files\Fichiers communs\FotoWire
2007-10-21 19:46 <REP> d-------- C:\Program Files\AGFAnet
2007-10-21 19:46 36,864 --a------ C:\WINDOWS\system32\agusbsti.dll
2007-10-21 19:46 32,768 --a------ C:\WINDOWS\system32\Snape25.bin
2007-10-21 19:45 <REP> d-------- C:\Program Files\Agfa
2007-10-21 11:52 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Legends of pirates
2007-10-21 11:01 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-19 01:02 <REP> d-------- C:\Program Files\Free Audio Pack
2007-10-19 01:02 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2007-10-19 01:02 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2007-10-19 01:02 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll
2007-10-19 01:02 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2007-10-19 01:02 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL
2007-10-19 01:02 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL
2007-10-16 10:09 22,752 --a------ C:\WINDOWS\system32\drivers\bumxmidi.sys
2007-10-16 09:19 368,640 --a------ C:\WINDOWS\system32\ReWire.dll
2007-10-16 09:19 233,472 --a------ C:\WINDOWS\system32\REX Shared Library.dll
2007-10-10 06:42 <REP> d-------- C:\Program Files\Stardock

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-10 03:19 --------- d-----w C:\Program Files\BitComet
2007-11-09 19:40 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-11-09 19:40 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-11-09 19:03 --------- d-----w C:\Program Files\Navilog1
2007-11-09 16:55 22 ----a-w C:\WINDOWS\Fonts\a.zip
2007-11-09 07:22 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-11-09 07:10 --------- d-----w C:\Documents and Settings\Admin\Application Data\LimeWire
2007-11-08 19:42 --------- d-----w C:\Documents and Settings\Admin\Application Data\AdobeUM
2007-11-05 16:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-05 07:08 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-11-04 20:23 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-11-04 15:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-03 17:45 --------- d-----w C:\Program Files\easycleaner
2007-10-16 08:10 --------- d-----w C:\Program Files\Propellerhead
2007-10-10 18:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-10-10 05:48 1,014,784 ----a-w C:\WINDOWS\system32\logonuiX.exe
2007-10-09 20:44 --------- d-----w C:\Documents and Settings\Admin\Application Data\MAGIX
2007-10-09 16:11 --------- d-----w C:\Program Files\Microsoft Money 2005
2007-10-08 20:44 --------- d-----w C:\Program Files\MSXML 6.0
2007-10-08 20:35 --------- d-----w C:\Program Files\MSXML 4.0
2007-10-08 19:56 --------- d-----w C:\Documents and Settings\Admin\Application Data\Skype
2007-10-08 18:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-08 17:58 --------- d-----w C:\Program Files\Windows Live
2007-10-08 17:58 --------- d-----w C:\Program Files\MSN Messenger
2007-10-08 17:58 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-10-08 17:43 --------- d-----w C:\Program Files\Easy Video Splitter
2007-10-08 17:42 --------- d-----w C:\Program Files\Easy Video Joiner
2007-10-08 17:38 --------- d-----w C:\Program Files\Skype
2007-10-08 17:38 --------- d-----w C:\Program Files\Fichiers communs\Skype
2007-10-08 17:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-10-07 17:32 --------- d-----w C:\Program Files\ZOOM
2007-10-07 16:57 --------- d-----w C:\Program Files\Microsoft Etudes
2007-10-07 16:53 --------- d-----w C:\Program Files\Learning Essentials
2007-10-07 15:56 --------- d-----w C:\Program Files\SelectSoft
2007-10-06 10:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2007-10-06 10:28 --------- d-----w C:\Documents and Settings\Admin\Application Data\TuneUp Software
2007-10-06 10:11 --------- d-----w C:\Program Files\RegCleaner
2007-10-06 10:01 --------- d-----w C:\Program Files\Alwil Software
2007-10-05 16:13 --------- d-----w C:\Documents and Settings\Admin\Application Data\Hamachi
2007-10-05 16:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2007-10-04 22:17 --------- d-----w C:\Documents and Settings\Admin\Application Data\Steinberg
2007-10-04 22:03 --------- d-----w C:\Program Files\Steinberg
2007-10-04 21:33 --------- d-----w C:\Program Files\Hamachi
2007-10-04 21:32 25,544 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-10-04 21:18 --------- d-----w C:\Program Files\Lavasoft
2007-10-04 21:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-04 21:14 --------- d-----w C:\Documents and Settings\Admin\Application Data\Creative
2007-10-04 20:57 --------- d-----w C:\Program Files\Creative
2007-10-04 20:34 --------- d-----w C:\Program Files\Syncrosoft
2007-10-04 20:30 101,376 ----a-w C:\WINDOWS\system32\drivers\ACEDRV07.sys
2007-10-04 20:30 --------- d-----w C:\Program Files\Fichiers communs\MAGIX Shared
2007-10-04 20:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\MAGIX
2007-10-04 20:15 --------- d-----w C:\Documents and Settings\Admin\Application Data\Propellerhead Software
2007-10-04 20:13 --------- d-----w C:\Program Files\flatout 2
2007-10-04 17:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Propellerhead Software
2007-10-04 17:19 --------- d-----w C:\Documents and Settings\Admin\Application Data\ATI
2007-10-04 17:17 --------- d-----w C:\Program Files\ATI Technologies
2007-10-04 16:56 --------- d-----w C:\Program Files\Electronic Arts
2007-10-04 15:17 --------- d-----w C:\Program Files\ADS Tech
2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-13 17:54 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
2007-08-13 17:54 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2007-08-13 17:45 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
2007-08-13 17:44 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
2007-08-13 17:39 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
2007-08-13 17:39 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
2007-08-13 17:36 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
2007-08-13 17:32 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2007-08-13 17:01 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
2007-01-07 20:19:34 5 --sha-w C:\WINDOWS\system32\accee9_s.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2005-10-30 16:25]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-30 20:05]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-31 00:40]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-22 23:00]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-08-09 18:32]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"Config"=%systemroot%\system32\run.cmd
"nlsf"=cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Barre d'‚tat systŠme d'ATI CATALYST.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2005-08-31 00:40:36]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)
"NoSMHelp"=1 (0x1)
"MemCheckBoxInRunDlg"=1 (0x1)
"NoSMBalloonTip"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)
"NoWelcomeScreen"=1 (0x1)
"NoAutoUpdate"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)
"NoSMHelp"=1 (0x1)
"MemCheckBoxInRunDlg"=1 (0x1)
"NoSMBalloonTip"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)
"NoWelcomeScreen"=1 (0x1)
"NoAutoUpdate"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys
R0 stwlfbus;stwlfbus;C:\WINDOWS\system32\DRIVERS\stwlfbus.sys
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys
R3 st3wolf;st3wolf;C:\WINDOWS\system32\DRIVERS\st3wolf.sys
S0 viasraid;viasraid;C:\WINDOWS\system32\drivers\viasraid.sys
S2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 BCUMXMIDI;BCUMXMIDI;C:\WINDOWS\system32\Drivers\bumxmidi.sys
S3 Cap713x;Philips Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\MAGIX\Common\Database\bin\fbserver.exe
S3 P1130VID;Creative WebCam NX Pro;C:\WINDOWS\system32\DRIVERS\P1130Vid.sys
S3 P17;Creative SB Audigy LS;C:\WINDOWS\system32\drivers\P17.sys
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sscdbus.sys
S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\C:\WINDOWS\system32\ZDCndis5.SYS

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-11-09 16:49:30 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-10 17:44:25
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-10 17:45:26
.
--- E O F ---
0
Réponse 35 / 49
clownface Messages postés 1490 Statut Membre 73
 
Vérifie si ces fichiers existent encore et si oui supprimes les :

C:\WINDOWS\system32\rtvwa.ini2
C:\WINDOWS\system32\rtvwa.bak1
C:\7664.bat
C:\z.dat

Télécharge clean.zip

http://www2.malekal.com/download/clean.zip

Décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.
Ouvre le dossier Clean qui se trouve sur ton bureau.
Double-clic sur clean.cmd.
Une fenêtre noire va apparaître, choisis l'option 1.

Poste le rapport qui se trouve ici C:\rapport_clean.txt
0
Réponse 36 / 49
faabhyo Messages postés 37 Statut Membre
 
10/11/2007 a 22:20:17,85

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32

*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\DivX\Google\Firefox\ffinstaller.exe" FOUND
0
Réponse 37 / 49
clownface Messages postés 1490 Statut Membre 73
 
ok
lance l'option2
puis fais un nettoyage avec ccleaner (nettoyeur et erreurs)
remet enfin un rapport hijackthis
0
Réponse 38 / 49
faabhyo Messages postés 37 Statut Membre
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:48:16, on 10/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Admin\Mes documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
0
Réponse 39 / 49
clownface Messages postés 1490 Statut Membre 73
 
bon

fais scanner ce fichier run.cmd (dans c:\system32) sur virustotal : https://www.virustotal.com/gui/
montres le resultat.
0
clownface Messages postés 1490 Statut Membre 73
 
tu vas aussi cliquer à droite sur ce fichier et faire "ouvrir avec" - " bloc note" (si tu peux faire ouvrir avec)
sinon tu fais "imprimer" --> il va t'ouvrir le fichier txt de run.cmd et tu me le copie/colle ici.
0
Réponse 40 / 49
faabhyo Messages postés 37 Statut Membre
 
voila le bloc-note et le resultat de virustotal

@ECHO OFF
CMDOW @ /HID
TITLE Ne pas fermer
DEL /f /q "%USERPROFILE%\Favoris/Guide des stations de radio.url"
DEL /f /q "%USERPROFILE%\Favoris/MSN.com.url"
RD /s /q "%USERPROFILE%\Favoris/Liens"
DEL /f /q "%ALLUSERPROFILE%\Menudm~1\config~1.lnk"
RD /s /q "%USERPROFILE%\Favoris/Liens"
regedit.exe \S %SystemRoot%\system32\reguser.reg

Fichier run.cmd reçu le 2007.11.11 00:52:42 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 0/32 (0%)

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2007.11.10.0 2007.11.09 -
AntiVir 7.6.0.34 2007.11.09 -
Authentium 4.93.8 2007.11.10 -
Avast 4.7.1074.0 2007.11.10 -
AVG 7.5.0.503 2007.11.10 -
BitDefender 7.2 2007.11.11 -
CAT-QuickHeal 9.00 2007.11.10 -
ClamAV 0.91.2 2007.11.11 -
DrWeb 4.44.0.09170 2007.11.10 -
eSafe 7.0.15.0 2007.11.08 -
eTrust-Vet 31.2.5284 2007.11.09 -
Ewido 4.0 2007.11.10 -
FileAdvisor 1 2007.11.11 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.10 -
F-Secure 6.70.13030.0 2007.11.10 -
Ikarus T3.1.1.12 2007.11.10 -
Kaspersky 7.0.0.125 2007.11.11 -
McAfee 5160 2007.11.09 -
Microsoft 1.3007 2007.11.11 -
NOD32v2 2651 2007.11.10 -
Norman 5.80.02 2007.11.09 -
Panda 9.0.0.4 2007.11.10 -
Prevx1 V2 2007.11.11 -
Rising 20.17.52.00 2007.11.10 -
Sophos 4.23.0 2007.11.11 -
Sunbelt 2.2.907.0 2007.11.09 -
Symantec 10 2007.11.10 -
TheHacker 6.2.9.123 2007.11.10 -
VBA32 3.12.2.4 2007.11.08 -
VirusBuster 4.3.26:9 2007.11.10 -
Webwasher-Gateway 6.0.1 2007.11.11 -
Information additionnelle
File size: 341 bytes
MD5: 0bbde38daa7413555b415eaf7febdc2f
SHA1: ec03b7c6920ddfc7669d481d90276b0c33984a62
0

Discussions similaires

Se connecter à FreeWifi_secure sans carte SIM
nico201214 -
ZeldaAndLink -

5 réponses
Identifiant freewifi secure
David -
MPMP10 -

2 réponses
Code Free Wifi Secure : comment en récupérer
Coralie -
jee pee -

8 réponses
obtenir un code Free Wifi_secure
divoid -
kikijcl49 -

5 réponses
Page bleue : your PC ran into a problem and needs to restart
pitchalou -
Malekal_morte- -

2 réponses