Sujet Précédent Sujet Suivant

Pop-ups, spyware, trojans, virus.

Fermé
LFPO26 - 14 nov. 2007 à 22:44
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 - 21 nov. 2007 à 23:26
Salut à tous !

Depuis hier soir, j'ai plein de pop-up, spyware et trojans sur mon PC et je ne sais pas comment les supprimer.
J'ai fais avec AVG SpyWare, SpyBot et Avast des vérifications, ils trouvent plein de choses, ils les suppriment mais les problèmes persistent.

Pouvez-vous m'aide svp ?

Voici le rapport de HiJack.

Logfile of HijackThis v1.99.1
Scan saved at 22:43:38, on 14/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Documents_JeanPierre\Hijack\WGAPluginInstall.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\vvgeowbv.exe,C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {26494337-C37E-4790-BEF5-E0A34C3B5E10} - C:\WINDOWS\system32\jkkjk.dll
O2 - BHO: {cce74780-559f-ac6b-fc64-de4152bb37d4} - {4d73bb25-14ed-46cf-b6ca-f95508747ecc} - C:\WINDOWS\system32\hpogeleb.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\pwihofeg.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\pwihofeg.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 9\LaunchList.exe
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00B44FB.dat
O20 - Winlogon Notify: pwihofeg - C:\WINDOWS\SYSTEM32\pwihofeg.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winwlw32 - winwlw32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Je reste disponible si vous avez besoin d'autres rapport ou autres.

Merci.
JP
A voir également:

19 réponses

Réponse 1 / 19
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
14 nov. 2007 à 22:54
Salut

Télécharger Vundofix.exe (par Atribune) sur votre Bureau : http://www.atribune.org/ccount/click.php?id=4

* Double-cliquer sur VundoFix.exe afin de le lancer.
* Cliquer sur le bouton Scan for Vundo.
* Lorsque le scan est complété, cliquer sur le bouton Remove Vundo.
* Une invite de commande demandera si l’on souhaite supprimer les fichiers, cliquer sur YES
* Après avoir cliqué "YES", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Une nouvelle invite de commende annoncera que le PC devra s'éteindre ("shutdown"). Cliquer sur OK , puis laisser le redémarrer.
* Le contenu du rapport est situé dans C:\vundofix.txt, poste le stp

++
0
Réponse 2 / 19
LFPO26
14 nov. 2007 à 23:34
Salut !

Merci beaucoup.

Les problèmes persistent encore.
Voici le rapport de Vundo.


VundoFix V6.6.1

Checking Java version...

Scan started at 23:14:21 14/11/2007

Listing files found while scanning....


VundoFix V6.6.1

Checking Java version...

Scan started at 23:21:17 14/11/2007

Listing files found while scanning....

C:\windows\system32\pwihofeg.dll
C:\windows\system32\tccrmsdl.dll

Beginning removal...

Attempting to delete C:\windows\system32\pwihofeg.dll
C:\windows\system32\pwihofeg.dll Has been deleted!

Attempting to delete C:\windows\system32\tccrmsdl.dll
C:\windows\system32\tccrmsdl.dll Has been deleted!

Performing Repairs to the registry.
Done!

Merci
JP
0
Réponse 3 / 19
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
14 nov. 2007 à 23:37
ok, poste un nouveau hijack stp

++
0
Réponse 4 / 19
LFPO26
15 nov. 2007 à 09:50
Salut !

Voilà !

Logfile of HijackThis v1.99.1
Scan saved at 09:50:00, on 15/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\Documents_JeanPierre\Hijack\WGAPluginInstall.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\vvgeowbv.exe,C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {24618AA9-F70E-434A-B408-4D3B9B4A5033} - C:\WINDOWS\system32\jkkjk.dll
O2 - BHO: {cce74780-559f-ac6b-fc64-de4152bb37d4} - {4d73bb25-14ed-46cf-b6ca-f95508747ecc} - C:\WINDOWS\system32\hpogeleb.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 9\LaunchList.exe
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00B44FB.dat
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winwlw32 - winwlw32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Merci
JP
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 19
LFPO26 Messages postés 23 Date d'inscription mercredi 14 novembre 2007 Statut Membre Dernière intervention 15 novembre 2018
15 nov. 2007 à 22:43
Salut !

Pas de nouvelle pour moi svp ?

Merci
JP
0
Réponse 6 / 19
LFPO26 Messages postés 23 Date d'inscription mercredi 14 novembre 2007 Statut Membre Dernière intervention 15 novembre 2018
16 nov. 2007 à 14:08
Un petit up...

Merci !
0
Réponse 7 / 19
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
16 nov. 2007 à 16:21
Salut

désolée, j'étions absente ! :)

Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* Démarrer en mode sans echec
* Double cliquer combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp

++
0
Réponse 8 / 19
LFPO26 Messages postés 23 Date d'inscription mercredi 14 novembre 2007 Statut Membre Dernière intervention 15 novembre 2018
16 nov. 2007 à 21:08
Salut !

Pas de problème, ne t'inquiète pas, c'est déjà très gentil de t'occuper de moi.

Voici le rapport de ComboFix.
Plusieurs problèmes ont été réglés mais on dirait, pas tous.

ComboFix 07-11-08.1 - Jean pierre 2007-11-16 20:36:44.1 - NTFSx86 MINIMAL
Running from: F:\Documents_JeanPierre\ComboFix.exe
.

Incapable d'obtenir les privilèges Système

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\Jean pierre\Favoris\Online Security Guide.lnk
C:\Documents and Settings\Jean pierre\Mes documents\CURITY~1
C:\Documents and Settings\Jean pierre\Mes documents\CURITY~1\??curity\
C:\Documents and Settings\Jose\Application Data\macromedia\Flash Player\#SharedObjects\SBX89BK4\iforex.com
C:\Documents and Settings\Jose\Application Data\macromedia\Flash Player\#SharedObjects\SBX89BK4\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Jose\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Jose\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\Jose\Bureau\Live Safety Center.lnk
C:\Documents and Settings\Jose\Bureau\Online Security Guide.lnk
C:\Documents and Settings\Jose\Favoris\Online Security Guide.lnk
C:\WINDOWS\msnimport.exe
C:\WINDOWS\scurit~1
C:\WINDOWS\system32\__c001A4B5.dat
C:\WINDOWS\system32\__c0073964.dat
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_1.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\box_3.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_box.gif
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.gif
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
C:\WINDOWS\system32\drivers\product_1_header.gif
C:\WINDOWS\system32\drivers\product_1_name_small.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_3_header.gif
C:\WINDOWS\system32\drivers\product_3_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\fibagbia
C:\WINDOWS\system32\fibagbia\bg1.gif
C:\WINDOWS\system32\fibagbia\bgtop.gif
C:\WINDOWS\system32\fibagbia\bottom1.gif
C:\WINDOWS\system32\fibagbia\essentials.gif
C:\WINDOWS\system32\fibagbia\fibagbia1.exe
C:\WINDOWS\system32\fibagbia\fibagbia2.exe
C:\WINDOWS\system32\fibagbia\fibagbia3.exe
C:\WINDOWS\system32\fibagbia\icon1.ico
C:\WINDOWS\system32\fibagbia\install1.gif
C:\WINDOWS\system32\fibagbia\left1.gif
C:\WINDOWS\system32\fibagbia\li.gif
C:\WINDOWS\system32\fibagbia\logo.gif
C:\WINDOWS\system32\fibagbia\main.htm
C:\WINDOWS\system32\fibagbia\mainframe.htm
C:\WINDOWS\system32\fibagbia\reinstall1.gif
C:\WINDOWS\system32\fibagbia\right1.gif
C:\WINDOWS\system32\fibagbia\s1.htm
C:\WINDOWS\system32\fibagbia\s2.htm
C:\WINDOWS\system32\fibagbia\s3.htm
C:\WINDOWS\system32\fibagbia\SMTop1.gif
C:\WINDOWS\system32\fibagbia\SMTop2.gif
C:\WINDOWS\system32\fibagbia\SMTop3.gif
C:\WINDOWS\system32\fibagbia\SMTop4.gif
C:\WINDOWS\system32\fibagbia\soft1_off.gif
C:\WINDOWS\system32\fibagbia\soft1_off_ext.gif
C:\WINDOWS\system32\fibagbia\soft1_on.gif
C:\WINDOWS\system32\fibagbia\soft1_on_ext.gif
C:\WINDOWS\system32\fibagbia\soft2_off.gif
C:\WINDOWS\system32\fibagbia\soft2_off_ext.gif
C:\WINDOWS\system32\fibagbia\soft2_on.gif
C:\WINDOWS\system32\fibagbia\soft2_on_ext.gif
C:\WINDOWS\system32\fibagbia\soft3_off.gif
C:\WINDOWS\system32\fibagbia\soft3_off_ext.gif
C:\WINDOWS\system32\fibagbia\soft3_on.gif
C:\WINDOWS\system32\fibagbia\soft3_on_ext.gif
C:\WINDOWS\system32\fibagbia\softbottom_off.gif
C:\WINDOWS\system32\fibagbia\softbottom_on.gif
C:\WINDOWS\system32\fibagbia\softleft_off.gif
C:\WINDOWS\system32\fibagbia\softleft_on.gif
C:\WINDOWS\system32\fibagbia\top1.gif
C:\WINDOWS\system32\fibagbia\top2.gif
C:\WINDOWS\system32\fibagbia\turnoff1.gif
C:\WINDOWS\system32\fibagbia\turnon1.gif
C:\WINDOWS\system32\jkkjk.dll
C:\WINDOWS\system32\jocpmwaw.dll
C:\WINDOWS\system32\kjkkj.ini
C:\WINDOWS\system32\kjkkj.ini2
C:\WINDOWS\system32\kliyvmuq.dll
C:\WINDOWS\system32\ldinfo.ldr
C:\WINDOWS\system32\pppatc~1
C:\WINDOWS\system32\pwihofeg.dllbox
C:\WINDOWS\system32\yiaelkqa.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FMTR
-------\core
-------\DomainService


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-16 to 2007-11-16 ))))))))))))))))))))))))))))))))))))
.

2007-11-16 20:33 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-16 14:05 81,984 --a------ C:\WINDOWS\system32\mjvfeiyy.dll
2007-11-16 13:59 85,056 --a------ C:\WINDOWS\system32\wsfxfmsp.dll
2007-11-16 12:23 71,232 --a------ C:\WINDOWS\system32\mmcxnkcn.exe
2007-11-15 10:32 79,936 --a------ C:\WINDOWS\system32\srhpgmyr.dll
2007-11-15 10:26 71,232 --a------ C:\WINDOWS\system32\iilcwumy.exe
2007-11-14 21:32 <REP> d-------- C:\Documents and Settings\Jean pierre\Application Data\Grisoft
2007-11-14 21:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-14 21:30 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-13 21:47 123 --a------ C:\Documents and Settings\Jean pierre\mit.bat
2007-11-13 21:46 12 --a------ C:\WINDOWS\system32\dpqaqlqx.bin
2007-11-13 21:45 36,352 --a------ C:\WINDOWS\system32\wvuuspp.dll
2007-11-13 21:45 21,504 --a------ C:\WINDOWS\system32\aivskurq.dll
2007-11-13 21:41 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia
2007-11-13 21:41 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-11-13 21:41 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2007-11-13 21:41 139,264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-11-11 20:51 90,112 --a------ C:\WINDOWS\unvise32.exe
2007-11-11 20:48 974,848 --a------ C:\WINDOWS\system32\MFC70.DLL
2007-11-11 20:48 964,608 --a------ C:\WINDOWS\system32\MFC70U.DLL
2007-11-11 20:48 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL
2007-11-11 20:48 54,784 --a------ C:\WINDOWS\system32\MSVCI70.DLL
2007-11-11 20:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle
2007-11-11 20:47 14,165 --------- C:\WINDOWS\system32\drivers\Pclepci.sys
2007-10-26 15:56 <REP> d-------- C:\Program Files\MP3Gain
2007-10-26 15:44 <REP> d-------- C:\Program Files\mp3DirectCut
2007-10-24 19:49 <REP> d-------- C:\ConvertTemp
2007-10-23 19:06 59,632 -ra------ C:\WINDOWS\system32\drivers\qcusbmdm.sys
2007-10-22 20:25 <REP> d-------- C:\Documents and Settings\Jean pierre\Application Data\Samsung
2007-10-22 20:05 <REP> d-------- C:\Program Files\Samsung

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-16 19:22 --------- d-----w C:\Documents and Settings\Jean pierre\Application Data\Skype
2007-11-13 20:43 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-10 23:18 --------- d-----w C:\Documents and Settings\Jean pierre\Application Data\teamspeak2
2007-10-24 18:25 --------- d-----w C:\Program Files\Java
2007-10-10 17:28 --------- d-----w C:\Documents and Settings\Jose\Application Data\Skype
2007-10-10 10:18 --------- d-----w C:\Program Files\Adverts
2007-10-10 10:17 --------- d-----w C:\Program Files\Windows Live
2007-10-10 10:17 --------- d-----w C:\Program Files\MSN Messenger
2007-10-10 10:17 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-10-10 07:09 --------- d-----w C:\Program Files\Skype
2007-10-10 07:09 --------- d-----w C:\Program Files\Fichiers communs\Skype
2007-10-10 07:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-10-09 18:13 --------- d-----w C:\Program Files\Hewlett-Packard
2007-10-09 18:12 --------- d-----w C:\Program Files\Fichiers communs\Hewlett-Packard
2007-10-09 18:10 --------- d-----w C:\Program Files\HP
2007-09-05 15:44 73,216 ----a-w C:\WINDOWS\cadkasdeinst01f.exe
2007-08-31 12:18 360,580 -c--a-w C:\WINDOWS\eSellerateEngine.dll
2007-04-16 21:00:27 90 --sh--w C:\WINDOWS\cnerolf.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ae24094d-41b3-45b2-9da0-fd23fbb58bd2}]
2007-11-16 14:05 81984 --a------ C:\WINDOWS\system32\mjvfeiyy.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 15:28]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [2003-05-30 08:42]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 16:56 C:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 00:00]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 23:03]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 21:57]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 10:29]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 16:54]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 17:32]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 17:31]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-04-28 13:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 01:12]
"LaunchList"="C:\Program Files\Pinnacle\Studio 9\LaunchList.exe" []
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" []
"182eef0d"="C:\WINDOWS\system32\wsfxfmsp.dll" [2007-11-16 13:59]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 10:12]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00]

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\vvgeowbv.exe,C:\\WINDOWS\\system32\\userinit.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winwlw32]
winwlw32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkkjk.dll

R3 GcKernel;Pilote de filtre Microsoft SideWinder Value Add;C:\WINDOWS\system32\DRIVERS\GcKernel.sys
R3 HIDSwvd;Minipilote de périphérique Microsoft SideWinder HID virtuel;C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys
R3 LVBulk;LVBulk Service;C:\WINDOWS\system32\DRIVERS\LVBulk.sys
R3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);C:\WINDOWS\system32\DRIVERS\LV551AV.sys
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys
S3 MOSUMAC;MosChip USB-Ethernet Driver;C:\WINDOWS\system32\DRIVERS\MOSUMAC.SYS
S3 qcusbmdm;Qualcomm Proprietary USB Driver (PID 3197);C:\WINDOWS\system32\DRIVERS\qcusbmdm.sys
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sscdbus.sys
S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\system32\DRIVERS\sscdmdm.sys

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-16 21:01:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-16 21:03:03 - machine was rebooted
.
--- E O F ---

Merci
JP
0
Réponse 9 / 19
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
16 nov. 2007 à 21:17
Salut

Crée un nouveau document texte et nomme le CFScript.txt ( attention très important ! ) : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :



File::

C:\WINDOWS\system32\mjvfeiyy.dll
C:\WINDOWS\system32\wsfxfmsp.dll
C:\WINDOWS\system32\mmcxnkcn.exe
C:\WINDOWS\system32\srhpgmyr.dll
C:\WINDOWS\system32\iilcwumy.exe
C:\WINDOWS\system32\dpqaqlqx.bin
C:\WINDOWS\system32\wvuuspp.dll
C:\WINDOWS\system32\aivskurq.dll
C:\WINDOWS\unvise32.exe

ensuite fais glisser le fichier texte sur combo.exe comme sur l'animation : http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

Dans la fenêtre qui suit, choisie l'option 1 puis valide
Patiente un peu, si le bureau disparait parfois durant le scan : c'est normal !
A la fin du scan, un rapport va s'afficher : poste le stp ( sinon il se situe dans ici : C:\ComboFix.txt )

++
0
Réponse 10 / 19
LFPO26 Messages postés 23 Date d'inscription mercredi 14 novembre 2007 Statut Membre Dernière intervention 15 novembre 2018
17 nov. 2007 à 00:06
Salut !

Merci de ton aide.

Voici le rapport de ComboFix.

ComboFix 07-11-08.1 - Jean pierre 2007-11-16 20:36:44.1 - NTFSx86 MINIMAL
Running from: F:\Documents_JeanPierre\ComboFix.exe
.

Incapable d'obtenir les privilèges Système

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\Jean pierre\Favoris\Online Security Guide.lnk
C:\Documents and Settings\Jean pierre\Mes documents\CURITY~1
C:\Documents and Settings\Jean pierre\Mes documents\CURITY~1\??curity\
C:\Documents and Settings\Jose\Application Data\macromedia\Flash Player\#SharedObjects\SBX89BK4\iforex.com
C:\Documents and Settings\Jose\Application Data\macromedia\Flash Player\#SharedObjects\SBX89BK4\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Jose\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Jose\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\Jose\Bureau\Live Safety Center.lnk
C:\Documents and Settings\Jose\Bureau\Online Security Guide.lnk
C:\Documents and Settings\Jose\Favoris\Online Security Guide.lnk
C:\WINDOWS\msnimport.exe
C:\WINDOWS\scurit~1
C:\WINDOWS\system32\__c001A4B5.dat
C:\WINDOWS\system32\__c0073964.dat
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_1.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\box_3.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_box.gif
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.gif
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
C:\WINDOWS\system32\drivers\product_1_header.gif
C:\WINDOWS\system32\drivers\product_1_name_small.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_3_header.gif
C:\WINDOWS\system32\drivers\product_3_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\fibagbia
C:\WINDOWS\system32\fibagbia\bg1.gif
C:\WINDOWS\system32\fibagbia\bgtop.gif
C:\WINDOWS\system32\fibagbia\bottom1.gif
C:\WINDOWS\system32\fibagbia\essentials.gif
C:\WINDOWS\system32\fibagbia\fibagbia1.exe
C:\WINDOWS\system32\fibagbia\fibagbia2.exe
C:\WINDOWS\system32\fibagbia\fibagbia3.exe
C:\WINDOWS\system32\fibagbia\icon1.ico
C:\WINDOWS\system32\fibagbia\install1.gif
C:\WINDOWS\system32\fibagbia\left1.gif
C:\WINDOWS\system32\fibagbia\li.gif
C:\WINDOWS\system32\fibagbia\logo.gif
C:\WINDOWS\system32\fibagbia\main.htm
C:\WINDOWS\system32\fibagbia\mainframe.htm
C:\WINDOWS\system32\fibagbia\reinstall1.gif
C:\WINDOWS\system32\fibagbia\right1.gif
C:\WINDOWS\system32\fibagbia\s1.htm
C:\WINDOWS\system32\fibagbia\s2.htm
C:\WINDOWS\system32\fibagbia\s3.htm
C:\WINDOWS\system32\fibagbia\SMTop1.gif
C:\WINDOWS\system32\fibagbia\SMTop2.gif
C:\WINDOWS\system32\fibagbia\SMTop3.gif
C:\WINDOWS\system32\fibagbia\SMTop4.gif
C:\WINDOWS\system32\fibagbia\soft1_off.gif
C:\WINDOWS\system32\fibagbia\soft1_off_ext.gif
C:\WINDOWS\system32\fibagbia\soft1_on.gif
C:\WINDOWS\system32\fibagbia\soft1_on_ext.gif
C:\WINDOWS\system32\fibagbia\soft2_off.gif
C:\WINDOWS\system32\fibagbia\soft2_off_ext.gif
C:\WINDOWS\system32\fibagbia\soft2_on.gif
C:\WINDOWS\system32\fibagbia\soft2_on_ext.gif
C:\WINDOWS\system32\fibagbia\soft3_off.gif
C:\WINDOWS\system32\fibagbia\soft3_off_ext.gif
C:\WINDOWS\system32\fibagbia\soft3_on.gif
C:\WINDOWS\system32\fibagbia\soft3_on_ext.gif
C:\WINDOWS\system32\fibagbia\softbottom_off.gif
C:\WINDOWS\system32\fibagbia\softbottom_on.gif
C:\WINDOWS\system32\fibagbia\softleft_off.gif
C:\WINDOWS\system32\fibagbia\softleft_on.gif
C:\WINDOWS\system32\fibagbia\top1.gif
C:\WINDOWS\system32\fibagbia\top2.gif
C:\WINDOWS\system32\fibagbia\turnoff1.gif
C:\WINDOWS\system32\fibagbia\turnon1.gif
C:\WINDOWS\system32\jkkjk.dll
C:\WINDOWS\system32\jocpmwaw.dll
C:\WINDOWS\system32\kjkkj.ini
C:\WINDOWS\system32\kjkkj.ini2
C:\WINDOWS\system32\kliyvmuq.dll
C:\WINDOWS\system32\ldinfo.ldr
C:\WINDOWS\system32\pppatc~1
C:\WINDOWS\system32\pwihofeg.dllbox
C:\WINDOWS\system32\yiaelkqa.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FMTR
-------\core
-------\DomainService


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-16 to 2007-11-16 ))))))))))))))))))))))))))))))))))))
.

2007-11-16 20:33 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-16 14:05 81,984 --a------ C:\WINDOWS\system32\mjvfeiyy.dll
2007-11-16 13:59 85,056 --a------ C:\WINDOWS\system32\wsfxfmsp.dll
2007-11-16 12:23 71,232 --a------ C:\WINDOWS\system32\mmcxnkcn.exe
2007-11-15 10:32 79,936 --a------ C:\WINDOWS\system32\srhpgmyr.dll
2007-11-15 10:26 71,232 --a------ C:\WINDOWS\system32\iilcwumy.exe
2007-11-14 21:32 <REP> d-------- C:\Documents and Settings\Jean pierre\Application Data\Grisoft
2007-11-14 21:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-14 21:30 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-13 21:47 123 --a------ C:\Documents and Settings\Jean pierre\mit.bat
2007-11-13 21:46 12 --a------ C:\WINDOWS\system32\dpqaqlqx.bin
2007-11-13 21:45 36,352 --a------ C:\WINDOWS\system32\wvuuspp.dll
2007-11-13 21:45 21,504 --a------ C:\WINDOWS\system32\aivskurq.dll
2007-11-13 21:41 <REP> d-------- C:\Program Files\Fichiers communs\AVSMedia
2007-11-13 21:41 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-11-13 21:41 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2007-11-13 21:41 139,264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-11-11 20:51 90,112 --a------ C:\WINDOWS\unvise32.exe
2007-11-11 20:48 974,848 --a------ C:\WINDOWS\system32\MFC70.DLL
2007-11-11 20:48 964,608 --a------ C:\WINDOWS\system32\MFC70U.DLL
2007-11-11 20:48 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL
2007-11-11 20:48 54,784 --a------ C:\WINDOWS\system32\MSVCI70.DLL
2007-11-11 20:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle
2007-11-11 20:47 14,165 --------- C:\WINDOWS\system32\drivers\Pclepci.sys
2007-10-26 15:56 <REP> d-------- C:\Program Files\MP3Gain
2007-10-26 15:44 <REP> d-------- C:\Program Files\mp3DirectCut
2007-10-24 19:49 <REP> d-------- C:\ConvertTemp
2007-10-23 19:06 59,632 -ra------ C:\WINDOWS\system32\drivers\qcusbmdm.sys
2007-10-22 20:25 <REP> d-------- C:\Documents and Settings\Jean pierre\Application Data\Samsung
2007-10-22 20:05 <REP> d-------- C:\Program Files\Samsung

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-16 19:22 --------- d-----w C:\Documents and Settings\Jean pierre\Application Data\Skype
2007-11-13 20:43 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-10 23:18 --------- d-----w C:\Documents and Settings\Jean pierre\Application Data\teamspeak2
2007-10-24 18:25 --------- d-----w C:\Program Files\Java
2007-10-10 17:28 --------- d-----w C:\Documents and Settings\Jose\Application Data\Skype
2007-10-10 10:18 --------- d-----w C:\Program Files\Adverts
2007-10-10 10:17 --------- d-----w C:\Program Files\Windows Live
2007-10-10 10:17 --------- d-----w C:\Program Files\MSN Messenger
2007-10-10 10:17 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-10-10 07:09 --------- d-----w C:\Program Files\Skype
2007-10-10 07:09 --------- d-----w C:\Program Files\Fichiers communs\Skype
2007-10-10 07:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-10-09 18:13 --------- d-----w C:\Program Files\Hewlett-Packard
2007-10-09 18:12 --------- d-----w C:\Program Files\Fichiers communs\Hewlett-Packard
2007-10-09 18:10 --------- d-----w C:\Program Files\HP
2007-09-05 15:44 73,216 ----a-w C:\WINDOWS\cadkasdeinst01f.exe
2007-08-31 12:18 360,580 -c--a-w C:\WINDOWS\eSellerateEngine.dll
2007-04-16 21:00:27 90 --sh--w C:\WINDOWS\cnerolf.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ae24094d-41b3-45b2-9da0-fd23fbb58bd2}]
2007-11-16 14:05 81984 --a------ C:\WINDOWS\system32\mjvfeiyy.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 15:28]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [2003-05-30 08:42]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 16:56 C:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 00:00]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 23:03]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 21:57]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 10:29]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 16:54]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 17:32]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 17:31]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-04-28 13:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 01:12]
"LaunchList"="C:\Program Files\Pinnacle\Studio 9\LaunchList.exe" []
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" []
"182eef0d"="C:\WINDOWS\system32\wsfxfmsp.dll" [2007-11-16 13:59]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 10:12]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00]

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\vvgeowbv.exe,C:\\WINDOWS\\system32\\userinit.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winwlw32]
winwlw32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkkjk.dll

R3 GcKernel;Pilote de filtre Microsoft SideWinder Value Add;C:\WINDOWS\system32\DRIVERS\GcKernel.sys
R3 HIDSwvd;Minipilote de périphérique Microsoft SideWinder HID virtuel;C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys
R3 LVBulk;LVBulk Service;C:\WINDOWS\system32\DRIVERS\LVBulk.sys
R3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);C:\WINDOWS\system32\DRIVERS\LV551AV.sys
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys
S3 MOSUMAC;MosChip USB-Ethernet Driver;C:\WINDOWS\system32\DRIVERS\MOSUMAC.SYS
S3 qcusbmdm;Qualcomm Proprietary USB Driver (PID 3197);C:\WINDOWS\system32\DRIVERS\qcusbmdm.sys
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sscdbus.sys
S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\system32\DRIVERS\sscdmdm.sys

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-16 21:01:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-16 21:03:03 - machine was rebooted
.
--- E O F ---

Merci
JP
0
Réponse 11 / 19
LFPO26 Messages postés 23 Date d'inscription mercredi 14 novembre 2007 Statut Membre Dernière intervention 15 novembre 2018
17 nov. 2007 à 10:48
Salut !

J'ai remarqué que ce matin, après avoir effectuer cette manipulation hier soir, que Windows me dit qu'il manque ce fichier:

C:\WINDOWS\system32\wsfxfmsp.dll .

Que faire ?

Merci
JP
0
Réponse 12 / 19
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
17 nov. 2007 à 11:06
Salut

c'est normal pour le message d'erreur ! on fera le nettoyage à la fin !

Télécharge SDFix sur ton bureau

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !


++
0
Réponse 13 / 19
LFPO26 Messages postés 23 Date d'inscription mercredi 14 novembre 2007 Statut Membre Dernière intervention 15 novembre 2018
17 nov. 2007 à 21:31
Salut !

Voici le rapport de SDFix:


SDFix: Version 1.114

Run by Jean pierre on 17/11/2007 at 21:20

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 21:26:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

C:\Documents and Settings\Jean pierre\Local Settings\Application Data\Microsoft\Messenger\lfpo26@hotmail.com\SharingMetadata\airluxor320@hotmail.com\DFSR\Staging\CS{460E0F4A-E5C1-E334-EE4F-CE6EEF1025F4}\01\11-{460E0F4A-E5C1-E334-EE4F-CE6EEF1025F4}-v1-{73F9FEF6-F07E-490C-96BD-D73DEE67B891}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Jean pierre\Local Settings\Application Data\Microsoft\Messenger\lfpo26@hotmail.com\SharingMetadata\airluxor320@hotmail.com\DFSR\Staging\CS{460E0F4A-E5C1-E334-EE4F-CE6EEF1025F4}\32\32-{7A76E628-E47D-48F4-A50C-8D46BC996A3A}-v32-{7A76E628-E47D-48F4-A50C-8D46BC996A3A}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 557796 bytes hidden from API
C:\Documents and Settings\Jean pierre\Local Settings\Application Data\Microsoft\Messenger\lfpo26@hotmail.com\SharingMetadata\airluxor320@hotmail.com\DFSR\Staging\CS{460E0F4A-E5C1-E334-EE4F-CE6EEF1025F4}\32\32-{7A76E628-E47D-48F4-A50C-8D46BC996A3A}-v32-{7A76E628-E47D-48F4-A50C-8D46BC996A3A}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2 39486 bytes hidden from API
C:\Documents and Settings\Jean pierre\Local Settings\Application Data\Microsoft\Messenger\lfpo26@hotmail.com\SharingMetadata\airluxor320@hotmail.com\DFSR\Staging\CS{460E0F4A-E5C1-E334-EE4F-CE6EEF1025F4}\32\32-{7A76E628-E47D-48F4-A50C-8D46BC996A3A}-v32-{7A76E628-E47D-48F4-A50C-8D46BC996A3A}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.3 2748 bytes hidden from API
C:\Documents and Settings\Jean pierre\Local Settings\Application Data\Microsoft\Messenger\lfpo26@hotmail.com\SharingMetadata\airluxor320@hotmail.com\DFSR\Staging\CS{460E0F4A-E5C1-E334-EE4F-CE6EEF1025F4}\32\32-{7A76E628-E47D-48F4-A50C-8D46BC996A3A}-v32-{7A76E628-E47D-48F4-A50C-8D46BC996A3A}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 61840 bytes hidden from API
C:\Documents and Settings\Jean pierre\Local Settings\Application Data\Microsoft\Messenger\lfpo26@hotmail.com\SharingMetadata\manuel.vignoni@virgilio.it\DFSR\Staging\CS{51080CD5-6669-7EB9-0FF2-3378F2F86584}\01\10-{51080CD5-6669-7EB9-0FF2-3378F2F86584}-v1-{73F9FEF6-F07E-490C-96BD-D73DEE67B891}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Jean pierre\Local Settings\Application Data\Microsoft\Messenger\lfpo26@hotmail.com\SharingMetadata\mfabbian@adhoc.net\DFSR\Staging\CS{801AE4CF-E416-D20D-CBC5-D258A8BD9178}\01\13-{801AE4CF-E416-D20D-CBC5-D258A8BD9178}-v1-{73F9FEF6-F07E-490C-96BD-D73DEE67B891}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Jean pierre\Local Settings\Application Data\Microsoft\Messenger\lfpo26@hotmail.com\SharingMetadata\mfabbian@adhoc.net\DFSR\Staging\CS{801AE4CF-E416-D20D-CBC5-D258A8BD9178}\12\12-{27B90C5D-9C34-4EB0-BFA4-2328F7FCD3BA}-v12-{27B90C5D-9C34-4EB0-BFA4-2328F7FCD3BA}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 952 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 8


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"="C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe:*:Enabled:MessengerDiscovery Live the Windows Live Messenger addon"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Call"
"F:\\Documents_JeanPierre\\Bearshare\\BearShare.exe"="F:\\Documents_JeanPierre\\Bearshare\\BearShare.exe:*:Enabled:BearShare"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------


Files with Hidden Attributes:

Sun 19 Mar 2006 262,144 A.SH. --- "C:\Program Files\MessengerDiscovery\SpellCHK.exe"
Fri 20 Apr 2007 11,264 A..H. --- "C:\Program Files\MSN Messenger\VERSION.dll"
Fri 20 Apr 2007 10,752 A..H. --- "C:\Program Files\MSN Messenger\WINHTTP.dll"
Sat 7 Jul 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Finished!

Voici le rapport de HiJack:

Logfile of HijackThis v1.99.1
Scan saved at 21:30:26, on 17/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
F:\Documents_JeanPierre\Hijack\WGAPluginInstall.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 9\LaunchList.exe
O4 - HKLM\..\Run: [182eef0d] rundll32.exe "C:\WINDOWS\system32\wsfxfmsp.dll",b
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winwlw32 - winwlw32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Merci
JP
0
Réponse 14 / 19
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
17 nov. 2007 à 23:34
re

ok, fais ce qui est indiqué ici stp :

http://www.commentcamarche.net/faq/sujet 3174 virus methode preliminaire de desinfection version fr

++
0
Réponse 15 / 19
LFPO26
19 nov. 2007 à 20:48
Salut !

AVG n'a trouvé aucun problème donc je ne poste pas son rapport.

Voici le rapport de BitDefender Online Scanner.

Time


01:19:33

Files


306939

Folders


7330

Boot Sectors


3

Archives


1714

Packed Files


10724







Results

Identified Viruses


16

Infected Files


34

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


34







Engines Info

Virus Definitions


878297

Engine build


AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins


14

Archive plugins


38

Unpack plugins


7

E-mail plugins


6

System plugins


1







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\Program Files\BearShare\Installer\saveinstwm.exe=>(CAB Sfx r)=>VVSN.exe


Infected with: Generic.Adw.SaveNow.89FD2E0C

C:\Program Files\BearShare\Installer\saveinstwm.exe=>(CAB Sfx r)=>VVSN.exe


Disinfection failed

C:\Program Files\BearShare\Installer\saveinstwm.exe=>(CAB Sfx r)=>VVSN.exe


Deleted

C:\Program Files\BearShare\Installer\saveinstwm.exe=>(CAB Sfx r)


Update failed

C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\core.sys.vir


Infected with: Trojan.Rootkit.Agent.EQ

C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\core.sys.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\core.sys.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\iilcwumy.exe.vir


Infected with: Trojan.Fotomoto.F

C:\qoobox\Quarantine\C\WINDOWS\system32\iilcwumy.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\iilcwumy.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\jocpmwaw.dll.vir


Infected with: Trojan.Downloader.Conhook.BI

C:\qoobox\Quarantine\C\WINDOWS\system32\jocpmwaw.dll.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\kliyvmuq.dll.vir


Infected with: Trojan.Downloader.Conhook.BI

C:\qoobox\Quarantine\C\WINDOWS\system32\kliyvmuq.dll.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\mmcxnkcn.exe.vir


Infected with: Trojan.Fotomoto.F

C:\qoobox\Quarantine\C\WINDOWS\system32\mmcxnkcn.exe.vir


Disinfection failed

C:\qoobox\Quarantine\C\WINDOWS\system32\mmcxnkcn.exe.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\yiaelkqa.dll.vir


Infected with: Trojan.Downloader.Conhook.BI

C:\qoobox\Quarantine\C\WINDOWS\system32\yiaelkqa.dll.vir


Deleted

C:\qoobox\Quarantine\C\WINDOWS\system32\__c0073964.dat.vir


Infected with: Trojan.Downloader.Conhook.BI

C:\qoobox\Quarantine\C\WINDOWS\system32\__c0073964.dat.vir


Deleted

C:\qoobox\Quarantine\catchme2007-11-16_210105.73.zip=>__c001A4B5.dat


Infected with: Trojan.Downloader.Conhook.BI

C:\qoobox\Quarantine\catchme2007-11-16_210105.73.zip=>__c001A4B5.dat


Deleted

C:\qoobox\Quarantine\catchme2007-11-16_210105.73.zip


Updated

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP179\A0071925.exe


Infected with: Trojan.Agent.AFSZ

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP179\A0071925.exe


Disinfection failed

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP179\A0071925.exe


Deleted

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP179\A0071935.exe


Infected with: Generic.Drop.Alpha.048A41F9

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP179\A0071935.exe


Disinfection failed

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP179\A0071935.exe


Deleted

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP179\A0071937.exe


Infected with: Generic.Dld.Alpha.D002DF65

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP179\A0071937.exe


Disinfection failed

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP179\A0071937.exe


Deleted

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP179\A0072938.exe


Infected with: Generic.Dld.Alpha.D002DF65

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP179\A0072938.exe


Disinfection failed

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP179\A0072938.exe


Deleted

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP179\A0072951.exe


Infected with: Trojan.Generic.73901

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP179\A0072951.exe


Disinfection failed

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP179\A0072951.exe


Deleted

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074133.dll


Infected with: Generic.Malware.dld!!.26D1FA9F

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074133.dll


Disinfection failed

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074133.dll


Deleted

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074137.dll


Infected with: Generic.Otuboh.0B1FB7FF

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074137.dll


Disinfection failed

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074137.dll


Deleted

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074138.dll


Infected with: Generic.Otuboh.0B1FB7FF

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074138.dll


Disinfection failed

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074138.dll


Deleted

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074358.exe


Infected with: Trojan.Fotomoto.F

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074358.exe


Disinfection failed

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074358.exe


Deleted

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074365.dll


Infected with: Generic.Otuboh.0B1FB7FF

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074365.dll


Disinfection failed

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074365.dll


Deleted

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074371.dll


Infected with: Trojan.BHO.NYO

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074371.dll


Disinfection failed

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074371.dll


Deleted

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074449.dll


Infected with: Generic.Otuboh.0B1FB7FF

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074449.dll


Disinfection failed

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074449.dll


Deleted

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074457.exe=>(NSIS o)=>lzma_solid_nsis0002


Infected with: Trojan.Dropper.RGG

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074457.exe=>(NSIS o)=>lzma_solid_nsis0002


Disinfection failed

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074457.exe=>(NSIS o)=>lzma_solid_nsis0002


Deleted

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074457.exe=>(NSIS o)


Update failed

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074459.exe


Infected with: Trojan.Generic.74920

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074459.exe


Disinfection failed

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074459.exe


Deleted

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074461.dll


Infected with: Trojan.Downloader.Conhook.BI

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074461.dll


Deleted

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074463.exe


Infected with: Trojan.Agent.AWJ

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074463.exe


Disinfection failed

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP180\A0074463.exe


Deleted

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP181\A0074699.dll


Infected with: Trojan.Downloader.Conhook.BI

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP181\A0074699.dll


Deleted

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP181\A0074700.dll


Infected with: Trojan.Downloader.Conhook.BI

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP181\A0074700.dll


Deleted

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP181\A0074701.dll


Infected with: Trojan.Downloader.Conhook.BI

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP181\A0074701.dll


Deleted

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP181\A0074704.sys


Infected with: Trojan.Rootkit.Agent.EQ

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP181\A0074704.sys


Disinfection failed

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP181\A0074704.sys


Deleted

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP182\A0074826.exe


Infected with: Trojan.Fotomoto.F

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP182\A0074826.exe


Disinfection failed

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP182\A0074826.exe


Deleted

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP182\A0074828.exe


Infected with: Trojan.Fotomoto.F

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP182\A0074828.exe


Disinfection failed

C:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP182\A0074828.exe


Deleted

F:\Documents_JeanPierre\Bearshare\Installer\saveinstwm.exe=>(CAB Sfx r)=>VVSN.exe


Infected with: Generic.Adw.SaveNow.89FD2E0C

F:\Documents_JeanPierre\Bearshare\Installer\saveinstwm.exe=>(CAB Sfx r)=>VVSN.exe


Disinfection failed

F:\Documents_JeanPierre\Bearshare\Installer\saveinstwm.exe=>(CAB Sfx r)=>VVSN.exe


Deleted

F:\Documents_JeanPierre\Bearshare\Installer\saveinstwm.exe=>(CAB Sfx r)


Update failed

F:\Documents_JeanPierre\Hijack\backups\backup-20071114-201155-112.dll


Infected with: Generic.Otuboh.0B1FB7FF

F:\Documents_JeanPierre\Hijack\backups\backup-20071114-201155-112.dll


Disinfection failed

F:\Documents_JeanPierre\Hijack\backups\backup-20071114-201155-112.dll


Deleted

F:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP184\A0075406.dll


Infected with: Generic.Otuboh.0B1FB7FF

F:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP184\A0075406.dll


Disinfection failed

F:\System Volume Information\_restore{902A8BF7-ADFC-4B6E-95A6-C6D69AC07879}\RP184\A0075406.dll


Deleted

Voici le rapport de HiJack:

Logfile of HijackThis v1.99.1
Scan saved at 20:43:58, on 19/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\system32\notepad.exe
F:\Documents_JeanPierre\Hijack\WGAPluginInstall.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winwlw32 - winwlw32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Merci
JP
0
Réponse 16 / 19
LFPO26
21 nov. 2007 à 18:19
Salut !

Des nouvelles svp ?

Merci
JP
0
Réponse 17 / 19
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
21 nov. 2007 à 18:51
Salut

ok, vu où en sont tes soucis ??

++
0
Réponse 18 / 19
LFPO26
21 nov. 2007 à 21:45
Salut !

On dirait que ça va mieux pour l'instant.

Merci Beaucoup de ton aide très très très précieuse, Merci !

Merci
JP
0
Réponse 19 / 19
green day Messages postés 26371 Date d'inscription vendredi 30 septembre 2005 Statut Modérateur, Contributeur sécurité Dernière intervention 27 décembre 2019 2 162
21 nov. 2007 à 23:26
resalut

ok, une dernière vérif : poste un nouveau combo stp !

++
0

Discussions similaires

Comment désactiver le mode sécurisé de la Freebox POP.
Cycy -
munstef676 -

11 réponses
Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Trojan alerte
Titou43 -
gen-hackman -

23 réponses
Probleme UPS livraison
luxipi -
dodo -

19 réponses
Windows defender: avertissement de sécurité
surfinia -
Tchoumi -

20 réponses