Virus data base

Résolu
NINIDUWEB Messages postés 451 Statut Membre -  
g!rly Messages postés 18462 Statut Contributeur -
Bonjour,

Quelqu'un peut t-il m'aider svp car mon pc rame et j'ai trouvéun virus data base mais je ne sais ? je vous joint un scan
--Logfile of HijackThis v1.99.1
Scan saved at 07:43:12, on 28/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon06.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Fichiers communs\PasenDommagement\mc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.magentic.com/french/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] "C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\System32\hphmon06.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Install5G] E:\Install.exe 0
O4 - HKLM\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NI.UGA6PV_0001_N122M2910] "C:\Documents and Settings\MAINE Nicole\Bureau\install_fr.exe"
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\PasenDommagement\mc.exe" dm=http://pasendommagement.com; ad=http://pasendommagement.com
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [PasenDommagement] C:\Program Files\PasenDommagement\GDC.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.virustraq.com/img/scan_virus/webscan.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371420.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - https://www.nordnet.com/securite
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.servicesalacarte.orange.fr/activex/zylomgamesplayer.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs-beta.jeu.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - file:///C:/Documents%20and%20Settings/MAINE%20Nicole/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/popcaploader_v6.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Unknown owner - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe (file missing)
O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Merci de votre aide à tous

NINI
Configuration: Windows XP
Internet Explorer 7.0

31 réponses

  • 1
  • 2
  1. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut nini

    Télécharge combofix.exe (par sUBs) sur ton Bureau.

    -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt
    0
  2. NINIDUWEB Messages postés 451 Statut Membre 3
     
    --ComboFix 07-11-19.4C - MAINE Nicole 2007-11-28 21:00:45.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.161 [GMT 1:00]
    Running from: C:\DOCUME~1\MAINEN~1\Bureau\combofix.exe
    * Created a new restore point
    .
    [i] ADS - svchost.exe: deleted 228 bytes in 1 streams. [/i]

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data.\salesmonitor

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_NWSAPAGENT
    -------\nm
    -------\NwSapAgent

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-28 to 2007-11-28 ))))))))))))))))))))))))))))))))))))
    .

    2007-11-24 23:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
    2007-11-24 23:04 <REP> d-------- C:\Program Files\AIM6
    2007-11-20 19:22 <REP> d-------- C:\Program Files\D‚penses
    2007-11-19 17:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
    2007-11-16 11:34 <REP> d-------- C:\Documents and Settings\ARNOULD ASSEMAT\Application Data\Pegasys Inc
    2007-11-14 11:10 <REP> d-------- C:\Documents and Settings\ARNOULD ASSEMAT\Application Data\eBay
    2007-11-14 07:42 <REP> d-------- C:\Program Files\GamesBar
    2007-11-14 07:42 <REP> d-------- C:\Program Files\Fichiers communs\Oberon Media
    2007-11-14 07:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\GamesBar
    2007-11-14 06:23 <REP> d-------- C:\Documents and Settings\MAINE Nicole\Application Data\PasenDommagement
    2007-11-14 06:18 <REP> d-------- C:\Program Files\Fichiers communs\PasenDommagement
    2007-11-10 19:13 <REP> d-------- C:\Program Files\VirusGarde
    2007-11-10 19:13 <REP> d-------- C:\Program Files\Fichiers communs\VirusGarde
    2007-11-07 12:16 <REP> d-------- C:\Documents and Settings\MAINE Jacques\Application Data\eBay
    2007-11-02 18:12 <REP> d-------- C:\Documents and Settings\MAINE Nicole\Application Data\eBay
    2007-11-02 18:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\eBay
    2007-10-31 13:07 <REP> d-------- C:\Program Files\IncrediMail

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-28 20:08 --------- d-----w C:\Program Files\Wanadoo
    2007-11-28 17:44 --------- d-----w C:\Program Files\eMule
    2007-11-28 06:42 --------- d-----w C:\Program Files\Hijackthis Version Française
    2007-11-27 17:02 --------- d-----w C:\Documents and Settings\MAINE Nicole\Application Data\dvdcss
    2007-11-27 05:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity
    2007-11-24 22:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
    2007-11-24 07:49 --------- d-----w C:\Program Files\Dépenses
    2007-11-22 19:21 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2007-11-21 08:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-11-14 05:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-13 14:10 59,704 ----a-w C:\Documents and Settings\MAINE Nicole\Application Data\GDIPFONTCACHEV1.DAT
    2007-11-03 21:20 --------- d-----w C:\Documents and Settings\MAINE Nicole\Application Data\Vso
    2007-10-25 17:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-10-25 17:05 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-10-25 17:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-10-25 17:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-10-25 16:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-10-24 09:45 --------- d-----w C:\Documents and Settings\MAINE Jacques\Application Data\dvdcss
    2007-10-24 09:41 --------- d-----w C:\Documents and Settings\MAINE Jacques\Application Data\vlc
    2007-10-21 10:31 --------- d-----w C:\Program Files\Fichiers communs\Ahead
    2007-10-21 10:31 --------- d-----w C:\Program Files\Ahead
    2007-10-20 20:17 --------- d-----w C:\Program Files\palmOne
    2007-10-20 20:17 --------- d-----w C:\Program Files\Navilog1
    2007-10-14 17:39 --------- d-----w C:\Program Files\Windows Live Toolbar
    2007-10-13 05:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
    2007-10-08 15:29 --------- d-----w C:\Program Files\BoontyGames
    2007-10-08 13:21 --------- d-----w C:\Program Files\eBay
    2007-10-05 07:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
    2007-10-05 07:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\BOONTY
    2007-10-05 07:18 --------- d-----w C:\Program Files\Fichiers communs\BOONTY Shared
    2007-10-05 07:16 --------- d-----w C:\Program Files\Boonty
    2007-05-18 17:26 81,920 ----a-w C:\Documents and Settings\MAINE Nicole\Application Data\ezpinst.exe
    2007-05-18 17:26 47,360 ----a-w C:\Documents and Settings\MAINE Nicole\Application Data\pcouffin.sys
    2006-09-22 17:24 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    2007-05-24 19:35 2,657,568 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
    2007-05-24 19:35 20,000 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}]
    2007-06-19 16:09 380928 --a------ C:\Program Files\GamesBar\oberontb.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{6F282B65-56BF-4BD1-A8B2-A4449A05863D}"= C:\Program Files\GamesBar\oberontb.dll [2007-06-19 16:09 380928]

    [HKEY_CLASSES_ROOT\clsid\{6f282b65-56bf-4bd1-a8b2-a4449a05863d}]
    [HKEY_CLASSES_ROOT\Oberontb.Band.1]
    [HKEY_CLASSES_ROOT\TypeLib\{AD76633E-E50D-4844-9E7F-4DFBC7C18467}]
    [HKEY_CLASSES_ROOT\Oberontb.Band]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50]
    "CanalPlayer"="C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe" [2007-06-20 19:27]
    "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-10-09 12:02]
    "PasenDommagement"="C:\Program Files\PasenDommagement\GDC.exe" []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 14:24 C:\WINDOWS\system32\Ati2mdxx.exe]
    "ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-10-28 20:10]
    "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2004-06-25 15:20]
    "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 10:31]
    "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 11:28]
    "HPHUPD06"="C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 05:53]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 12:38]
    "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18]
    "HPHmon06"="C:\WINDOWS\System32\hphmon06.exe" [2004-06-07 05:43]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-09-08 06:41]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 06:31]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-09-08 06:36]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55]
    "Install5G"="E:\Install.exe" []
    "CanalPlayer"="C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe" [2007-06-20 19:27]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 17:20]
    "eBayToolbar"="C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2007-11-02 16:22]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
    "NI.UGA6PV_0001_N122M2910"="C:\Documents and Settings\MAINE Nicole\Bureau\install_fr.exe" []

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Digimax Viewer 2.0.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Digimax Viewer 2.0.lnk
    backup=C:\WINDOWS\pss\Digimax Viewer 2.0.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
    backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
    backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "AOL ACS"=2 (0x2)

    R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
    R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
    R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys
    R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
    R3 Service CANALPLAY;Service CANALPLAY;"C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe"
    R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys
    S3 ASIOMI;ASIOMI;\??\C:\WINDOWS\system32\drivers\ASIOMI.sys
    S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
    S3 ids00026;ids00026;\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys
    S3 ids00118;ids00118;\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00118.sys
    S3 ids0014f;ids0014f;\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0014f.sys
    S3 ids0015d;ids0015d;\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0015d.sys
    S3 ids00180;ids00180;\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00180.sys

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2007-11-28 17:18:00 C:\WINDOWS\Tasks\HP Usg Daily FY04.job"
    - C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped06.exe
    "2007-11-23 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
    "2006-09-07 07:37:11 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
    - C:\WINDOWS\System32\OOBE\oobebaln.exe
    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-28 21:07:56
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-28 21:09:45 - machine was rebooted
    .
    --- E O F ---
    Bonsoir Voici le scan merci

    NINI
    0
  3. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut nini,

    on continu :

    Téléchargez ceci (de gchris) : http://komun.chez-alice.fr/Repertoire/Utilitaires.Desinfection.html
    Dézippez-le sur votre bureau (clic droit -> extraire tout).
    Vérifiez que vous êtes bien connecté à internet.
    Dans le dossier créé, double-cliquez sur le fichier "Ad-Fix.bat" ou "Ad-fix"
    Choisissez l'option 1.
    Si vous avez un message de votre pare-feu qui vous demande si vous voulez autoriser le fichier URL2FILE.EXE à
    se connecter à Internet, Autorisez, c'est nécessaire à ad-fix pour vérifier la version.
    Quand c'est finit (cela peut prendre plusieurs minutes), un rapport s'ouvre avec le bloc-notes.
    Merci de faire un copier/coller ici du contenu du rapport (Ad-Fix.txt)

    @+
    0
  4. niniduweb
     
    Bonjour,

    j'ai téléchargé comme dit mais il y a un petit souci voici ce qu'il me marque
    avez vous une idée ? J'ai téléchargé de nouveau mais pareil
    Merci @

    md5sum.exe Manquant ! -- Téléchargez de nouveau Ad-Fix.zip
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut nini:

    post un nouveau hijack this stp

    @+
    0
  7. NINIDUWEB Messages postés 451 Statut Membre 3
     
    Logfile of HijackThis v1.99.1
    Scan saved at 20:09:34, on 03/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\slserv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\apps\ABoard\ABoard.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
    C:\apps\ABoard\AOSD.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\System32\hphmon06.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.magentic.com/french/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
    O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
    O2 - BHO: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O3 - Toolbar: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
    O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
    O4 - HKLM\..\Run: [HPHUPD06] "C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\System32\hphmon06.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [Install5G] E:\Install.exe 0
    O4 - HKLM\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NI.UGA6PV_0001_N122M2910] "C:\Documents and Settings\MAINE Nicole\Bureau\install_fr.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [PasenDommagement] C:\Program Files\PasenDommagement\GDC.exe
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
    O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O15 - Trusted Zone: *.canalplay.com
    O15 - Trusted Zone: *.canalplay.com (HKLM)
    O15 - Trusted Zone: *.canalplusactive.com (HKLM)
    O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
    O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.virustraq.com/img/scan_virus/webscan.cab
    O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371420.cab
    O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
    O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - https://www.nordnet.com/securite
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.servicesalacarte.orange.fr/activex/zylomgamesplayer.cab
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs-beta.jeu.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - file:///C:/Documents%20and%20Settings/MAINE%20Nicole/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/popcaploader_v6.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Unknown owner - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe (file missing)
    O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

    Bonsoir, j'ai un peu de retard merci de ton aide
    0
  8. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut nini

    Copie le texte ci-dessous :

    File::
    C:\Program Files\GamesBar\oberontb.dll
    C:\Program Files\PasenDommagement\GDC.exe
    C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

    Folder::
    C:\Program Files\GamesBar
    C:\Program Files\PasenDommagement
    C:\Program Files\Fichiers communs\BOONTY Shared

    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{6F282B65-56BF-4BD1-A8B2-A4449A05863D}"=-
    [-HKEY_CLASSES_ROOT\clsid\{6f282b65-56bf-4bd1-a8b2-a4449a05863d}]
    [-HKEY_CLASSES_ROOT\Oberontb.Band.1]
    [-HKEY_CLASSES_ROOT\TypeLib\{AD76633E-E50D-4844-9E7F-4DFBC7C18467}]
    [-HKEY_CLASSES_ROOT\Oberontb.Band]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PasenDommagement"=-

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    puis coche et fix ceci avec hijacjk this

    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

    comment fixer :

    Tutoriel d´utilisation (video) :

    -> http://pageperso.aol.fr/balltrap34/demohijack.htm

    puis cilick sur demarrer et execute > dans la case de dialogue tape ceci >services.msc puis valid par ok
    dans la fenetre des services arrete ce service si il ne l´est deja :

    Boonty Games - BOONTY

    puis fais analyser ces deux fichiers :

    C:\Documents and Settings\MAINE Nicole\Bureau\install_fr.exe"
    E:\Install.exe

    sur ce site :

    http://virusscan.jotti.org/de/

    et post les rapports ici

    @+
    0
  9. NINIDUWEB Messages postés 451 Statut Membre 3
     
    The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file

    ogfile of HijackThis v1.99.1
    Scan saved at 20:58:32, on 04/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\slserv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\apps\ABoard\ABoard.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\apps\ABoard\AOSD.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\System32\hphmon06.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\INCRED~1\bin\IncMail.exe
    C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.magentic.com/french/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
    O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O3 - Toolbar: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
    O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
    O4 - HKLM\..\Run: [HPHUPD06] "C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\System32\hphmon06.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [Install5G] E:\Install.exe 0
    O4 - HKLM\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NI.UGA6PV_0001_N122M2910] "C:\Documents and Settings\MAINE Nicole\Bureau\install_fr.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [PasenDommagement] C:\Program Files\PasenDommagement\GDC.exe
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O15 - Trusted Zone: *.canalplay.com
    O15 - Trusted Zone: *.canalplay.com (HKLM)
    O15 - Trusted Zone: *.canalplusactive.com (HKLM)
    O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
    O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.virustraq.com/img/scan_virus/webscan.cab
    O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371420.cab
    O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
    O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - https://www.nordnet.com/securite
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.servicesalacarte.orange.fr/activex/zylomgamesplayer.cab
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs-beta.jeu.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - file:///C:/Documents%20and%20Settings/MAINE%20Nicole/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/popcaploader_v6.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Unknown owner - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe (file missing)
    O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.ex

    Bonsoir j'ai fait comme tu ma dit j'espère n'avoir rien oublié merci encore pour ton aide
    NINI
    0
  10. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut nin

    peux envoyer le combofix.txt2 stp
    0
  11. NINIDUWEB Messages postés 451 Statut Membre 3
     
    ComboFix 07-11-19.4C - MAINE Nicole 2007-12-04 19:55:54.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.153 [GMT 1:00]
    Running from: C:\Documents and Settings\MAINE Nicole\Bureau\combofix.exe
    Command switches used :: C:\Documents and Settings\MAINE Nicole\Bureau\CFScript.txt..txt
    * Created a new restore point

    FILE
    C:\Program Files\GamesBar\oberontb.dll
    C:\Program Files\PasenDommagement\GDC.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\GamesBar
    C:\Program Files\GamesBar\Localization-French.ini
    C:\Program Files\GamesBar\oberontb.dll
    C:\Program Files\GamesBar\OBGet.exe
    C:\Program Files\GamesBar\uninst.exe

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-04 to 2007-12-04 ))))))))))))))))))))))))))))))))))))
    .

    2007-11-24 23:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
    2007-11-24 23:04 <REP> d-------- C:\Program Files\AIM6
    2007-11-20 19:22 <REP> d-------- C:\Program Files\D‚penses
    2007-11-19 17:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
    2007-11-16 11:34 <REP> d-------- C:\Documents and Settings\ARNOULD ASSEMAT\Application Data\Pegasys Inc
    2007-11-14 11:10 <REP> d-------- C:\Documents and Settings\ARNOULD ASSEMAT\Application Data\eBay
    2007-11-14 07:42 <REP> d-------- C:\Program Files\Fichiers communs\Oberon Media
    2007-11-14 07:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\GamesBar
    2007-11-14 06:23 <REP> d-------- C:\Documents and Settings\MAINE Nicole\Application Data\PasenDommagement
    2007-11-14 06:18 <REP> d-------- C:\Program Files\Fichiers communs\PasenDommagement
    2007-11-10 19:13 <REP> d-------- C:\Program Files\VirusGarde
    2007-11-10 19:13 <REP> d-------- C:\Program Files\Fichiers communs\VirusGarde
    2007-11-07 12:16 <REP> d-------- C:\Documents and Settings\MAINE Jacques\Application Data\eBay

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-04 19:02 --------- d-----w C:\Program Files\Wanadoo
    2007-12-04 17:20 --------- d-----w C:\Program Files\BarreConfCMCIC
    2007-12-04 14:47 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2007-12-04 12:18 --------- d-----w C:\Program Files\eMule
    2007-12-03 19:09 --------- d-----w C:\Program Files\Hijackthis Version Française
    2007-12-03 18:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity
    2007-12-01 18:30 --------- d-----w C:\Program Files\Navilog1
    2007-11-27 17:02 --------- d-----w C:\Documents and Settings\MAINE Nicole\Application Data\dvdcss
    2007-11-24 22:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
    2007-11-24 07:49 --------- d-----w C:\Program Files\Dépenses
    2007-11-21 08:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-11-14 05:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-13 14:10 59,704 ----a-w C:\Documents and Settings\MAINE Nicole\Application Data\GDIPFONTCACHEV1.DAT
    2007-11-03 21:20 --------- d-----w C:\Documents and Settings\MAINE Nicole\Application Data\Vso
    2007-11-02 17:12 --------- d-----w C:\Documents and Settings\MAINE Nicole\Application Data\eBay
    2007-11-02 17:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\eBay
    2007-10-31 12:07 --------- d-----w C:\Program Files\IncrediMail
    2007-10-25 17:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-10-25 17:05 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-10-25 17:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-10-25 17:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-10-25 16:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-10-24 09:45 --------- d-----w C:\Documents and Settings\MAINE Jacques\Application Data\dvdcss
    2007-10-24 09:41 --------- d-----w C:\Documents and Settings\MAINE Jacques\Application Data\vlc
    2007-10-21 10:31 --------- d-----w C:\Program Files\Fichiers communs\Ahead
    2007-10-21 10:31 --------- d-----w C:\Program Files\Ahead
    2007-10-20 20:17 --------- d-----w C:\Program Files\palmOne
    2007-10-14 17:39 --------- d-----w C:\Program Files\Windows Live Toolbar
    2007-10-13 05:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
    2007-10-08 15:29 --------- d-----w C:\Program Files\BoontyGames
    2007-10-08 13:21 --------- d-----w C:\Program Files\eBay
    2007-10-05 07:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
    2007-10-05 07:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\BOONTY
    2007-10-05 07:18 --------- d-----w C:\Program Files\Fichiers communs\BOONTY Shared
    2007-10-05 07:16 --------- d-----w C:\Program Files\Boonty
    2007-05-18 17:26 81,920 ----a-w C:\Documents and Settings\MAINE Nicole\Application Data\ezpinst.exe
    2007-05-18 17:26 47,360 ----a-w C:\Documents and Settings\MAINE Nicole\Application Data\pcouffin.sys
    2006-09-22 17:24 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    2007-05-24 19:35 2,657,568 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
    2007-05-24 19:35 20,000 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2007-11-28_21.08.46.84 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-12-04 19:01:48 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6f8.dat
    + 2007-12-04 19:02:28 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_c64.dat
    - 1999-12-17 08:13:04 86,016 ----a-w C:\WINDOWS\unvise32.exe
    + 1999-12-17 09:13:04 86,016 ----a-w C:\WINDOWS\unvise32.exe
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50]
    "CanalPlayer"="C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe" [2007-06-20 19:27]
    "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-10-09 12:02]
    "PasenDommagement"="C:\Program Files\PasenDommagement\GDC.exe" []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 14:24 C:\WINDOWS\system32\Ati2mdxx.exe]
    "ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-10-28 20:10]
    "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2004-06-25 15:20]
    "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 10:31]
    "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 11:28]
    "HPHUPD06"="C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 05:53]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 12:38]
    "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18]
    "HPHmon06"="C:\WINDOWS\System32\hphmon06.exe" [2004-06-07 05:43]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-09-08 06:41]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 06:31]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-09-08 06:36]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55]
    "Install5G"="E:\Install.exe" []
    "CanalPlayer"="C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe" [2007-06-20 19:27]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 17:20]
    "eBayToolbar"="C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2007-11-02 16:22]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
    "NI.UGA6PV_0001_N122M2910"="C:\Documents and Settings\MAINE Nicole\Bureau\install_fr.exe" []

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Digimax Viewer 2.0.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Digimax Viewer 2.0.lnk
    backup=C:\WINDOWS\pss\Digimax Viewer 2.0.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
    backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
    backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "AOL ACS"=2 (0x2)

    R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
    R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
    R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys
    R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
    R3 Service CANALPLAY;Service CANALPLAY;"C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe"
    R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys
    S3 ASIOMI;ASIOMI;\??\C:\WINDOWS\system32\drivers\ASIOMI.sys
    S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
    S3 ids00026;ids00026;\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys
    S3 ids00118;ids00118;\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00118.sys
    S3 ids0014f;ids0014f;\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0014f.sys
    S3 ids0015d;ids0015d;\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0015d.sys
    S3 ids00180;ids00180;\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00180.sys

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2007-12-04 17:18:01 C:\WINDOWS\Tasks\HP Usg Daily FY04.job"
    - C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped06.exe
    "2007-11-30 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
    "2006-09-07 07:37:11 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
    - C:\WINDOWS\System32\OOBE\oobebaln.exe
    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-04 20:02:30
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-12-04 20:04:55 - machine was rebooted
    C:\ComboFix2.txt ... 2007-11-28 21:09
    .
    --- E O F ---
    Bonjour Je suis matinale voici le rapport Merci @+ et bonne Journée
    0
  12. g!rly Messages postés 18462 Statut Contributeur 407
     
    bonjour nini,

    a l´aide de hijack this coche et fix les lignes ci dessous :

    O4 - HKLM\..\Run: [Install5G] E:\Install.exe 0
    O4 - HKLM\..\Run: [NI.UGA6PV_0001_N122M2910] "C:\Documents and Settings\MAINE Nicole\Bureau\install_fr.exe"
    O4 - HKCU\..\Run: [PasenDommagement] C:\Program Files\PasenDommagement\GDC.exe
    O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\System32\shdocvw.dll
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

    comment fixer :

    Tutoriel d´utilisation (video) :

    -> http://pageperso.aol.fr/balltrap34/demohijack.htm

    click sur demarrer > execute > dans la boite de dialogue tape ceci > services.msc e t valide par ok
    dans la fenetre des services arrete ce service :
    France Telecom Routing Table Service (FTRTSVC)

    par le panneau de configuration>ajout et suppression de programme supprime ce programme : PasenDommagement

    on est bien d´accord tu utilise canal play?

    puis

    Copie le texte ci-dessous :

    File::
    C:\WINDOWS\System32\shdocvw.dll
    C:\Documents and Settings\MAINE Nicole\Bureau\install_fr.exe
    E:\Install.exe
    C:\WINDOWS\System32\FTRTSVC.exe

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Install5G"=-
    "NI.UGA6PV_0001_N122M2910"=-

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt3 accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    @+
    0
  13. NINIDUWEB Messages postés 451 Statut Membre 3
     
    --Logfile of HijackThis v1.99.1
    Scan saved at 17:25:01, on 05/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\apps\ABoard\ABoard.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\apps\ABoard\AOSD.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\System32\hphmon06.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
    C:\PROGRA~1\INCRED~1\bin\IncMail.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.magentic.com/french/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
    O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O3 - Toolbar: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
    O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
    O4 - HKLM\..\Run: [HPHUPD06] "C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\System32\hphmon06.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O15 - Trusted Zone: *.canalplay.com
    O15 - Trusted Zone: *.canalplay.com (HKLM)
    O15 - Trusted Zone: *.canalplusactive.com (HKLM)
    O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
    O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.virustraq.com/img/scan_virus/webscan.cab
    O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371420.cab
    O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
    O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - https://www.nordnet.com/securite
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.servicesalacarte.orange.fr/activex/zylomgamesplayer.cab
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs-beta.jeu.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - file:///C:/Documents%20and%20Settings/MAINE%20Nicole/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/popcaploader_v6.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Unknown owner - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe (file missing)
    O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

    ComboFix 07-12-02.6 - MAINE Nicole 2007-12-05 17:17:29.4 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.113 [GMT 1:00]
    Running from: C:\Documents and Settings\MAINE Nicole\Bureau\ComboFix.exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2007-11-05 to 2007-12-05 ))))))))))))))))))))))))))))))))))))
    .

    2007-11-24 23:06 . 2007-11-24 23:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
    2007-11-24 23:04 . 2007-11-24 23:05 <REP> d-------- C:\Program Files\AIM6
    2007-11-24 23:02 . 2007-11-24 23:05 986 --ah----- C:\IPH.PH
    2007-11-20 19:22 . 2007-11-24 08:49 <REP> d-------- C:\Program Files\Dépenses
    2007-11-19 17:37 . 2007-11-19 17:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
    2007-11-16 11:34 . 2007-11-16 11:34 <REP> d-------- C:\Documents and Settings\ARNOULD ASSEMAT\Application Data\Pegasys Inc
    2007-11-16 11:09 . 2007-11-16 11:09 <REP> d-------- C:\Documents and Settings\MAINE Séverine\Application Data\eBay
    2007-11-14 12:47 . 2007-11-14 12:47 1,393 --a------ C:\WINDOWS\imsins.BAK
    2007-11-14 11:10 . 2007-11-14 11:10 <REP> d-------- C:\Documents and Settings\ARNOULD ASSEMAT\Application Data\eBay
    2007-11-14 07:42 . 2007-11-14 07:42 <REP> d-------- C:\Program Files\Fichiers communs\Oberon Media
    2007-11-14 07:42 . 2007-12-04 18:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\GamesBar
    2007-11-14 06:23 . 2007-11-14 06:23 <REP> d-------- C:\Documents and Settings\MAINE Nicole\Application Data\PasenDommagement
    2007-11-10 19:13 . 2007-11-10 19:19 <REP> d-------- C:\Program Files\VirusGarde
    2007-11-10 19:13 . 2007-11-10 19:19 <REP> d-------- C:\Program Files\Fichiers communs\VirusGarde
    2007-11-08 19:36 . 2007-11-08 19:36 <REP> d--hs---- C:\WINDOWS\ftpcache
    2007-11-07 12:16 . 2007-11-07 12:16 <REP> d-------- C:\Documents and Settings\MAINE Jacques\Application Data\eBay

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-05 16:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity
    2007-12-05 15:29 --------- d-----w C:\Program Files\Hijackthis Version Française
    2007-12-05 15:08 --------- d-----w C:\Program Files\Wanadoo
    2007-12-05 08:51 --------- d-----w C:\Program Files\eMule
    2007-12-04 19:40 --------- d-----w C:\Program Files\Navilog1
    2007-12-04 17:20 --------- d-----w C:\Program Files\BarreConfCMCIC
    2007-12-04 14:47 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2007-11-27 17:02 --------- d-----w C:\Documents and Settings\MAINE Nicole\Application Data\dvdcss
    2007-11-24 22:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
    2007-11-21 08:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-11-14 05:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-13 14:10 59,704 ----a-w C:\Documents and Settings\MAINE Nicole\Application Data\GDIPFONTCACHEV1.DAT
    2007-11-03 21:20 --------- d-----w C:\Documents and Settings\MAINE Nicole\Application Data\Vso
    2007-11-02 17:12 --------- d-----w C:\Documents and Settings\MAINE Nicole\Application Data\eBay
    2007-11-02 17:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\eBay
    2007-10-31 12:07 --------- d-----w C:\Program Files\IncrediMail
    2007-10-25 17:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-10-25 17:05 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-10-25 17:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-10-25 17:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-10-25 16:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
    2007-10-25 16:24 815,480 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-10-25 16:14 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
    2007-10-24 09:45 --------- d-----w C:\Documents and Settings\MAINE Jacques\Application Data\dvdcss
    2007-10-24 09:41 --------- d-----w C:\Documents and Settings\MAINE Jacques\Application Data\vlc
    2007-10-21 10:31 --------- d-----w C:\Program Files\Fichiers communs\Ahead
    2007-10-21 10:31 --------- d-----w C:\Program Files\Ahead
    2007-10-20 20:17 --------- d-----w C:\Program Files\palmOne
    2007-10-14 17:39 --------- d-----w C:\Program Files\Windows Live Toolbar
    2007-10-13 05:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
    2007-10-08 15:29 --------- d-----w C:\Program Files\BoontyGames
    2007-10-08 13:21 --------- d-----w C:\Program Files\eBay
    2007-10-05 07:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
    2007-10-05 07:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\BOONTY
    2007-10-05 07:18 --------- d-----w C:\Program Files\Fichiers communs\BOONTY Shared
    2007-10-05 07:16 --------- d-----w C:\Program Files\Boonty
    2007-05-24 19:38 46,722 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_05_24_21_33_50_small.dmp.zip
    2007-05-24 19:32 46,137 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_05_24_21_30_27_small.dmp.zip
    2007-05-24 09:50 46,323 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_05_24_11_03_42_small.dmp.zip
    2007-05-24 08:51 70,197 ----a-w C:\WINDOWS\Internet Logs\UpdClient_2nd_2007_05_23_20_50_57_small.dmp.zip
    2007-05-24 08:51 69,569 ----a-w C:\WINDOWS\Internet Logs\UpdClient_2nd_2007_05_23_20_45_48_small.dmp.zip
    2007-05-18 17:26 81,920 ----a-w C:\Documents and Settings\MAINE Nicole\Application Data\ezpinst.exe
    2007-05-18 17:26 47,360 ----a-w C:\Documents and Settings\MAINE Nicole\Application Data\pcouffin.sys
    2006-09-22 17:24 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    2007-05-24 19:35 2,657,568 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
    2007-05-24 19:35 20,000 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50]
    "CanalPlayer"="C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe" [2007-06-20 19:27]
    "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-10-09 12:02]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 14:24 C:\WINDOWS\system32\Ati2mdxx.exe]
    "ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-10-28 20:10]
    "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2004-06-25 15:20]
    "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 10:31]
    "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 11:28]
    "HPHUPD06"="C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 05:53]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 12:38]
    "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18]
    "HPHmon06"="C:\WINDOWS\System32\hphmon06.exe" [2004-06-07 05:43]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-09-08 06:41]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 06:31]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-09-08 06:36]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55]
    "CanalPlayer"="C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe" [2007-06-20 19:27]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 17:20]
    "eBayToolbar"="C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2007-11-02 16:22]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Digimax Viewer 2.0.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Digimax Viewer 2.0.lnk
    backup=C:\WINDOWS\pss\Digimax Viewer 2.0.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
    backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
    backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "AOL ACS"=2 (0x2)

    R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
    R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
    R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys
    R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
    R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys
    S3 ASIOMI;ASIOMI;\??\C:\WINDOWS\system32\drivers\ASIOMI.sys
    S3 ids00026;ids00026;\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys
    S3 ids00118;ids00118;\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00118.sys
    S3 ids0014f;ids0014f;\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0014f.sys
    S3 ids0015d;ids0015d;\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0015d.sys
    S3 ids00180;ids00180;\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00180.sys
    S3 Service CANALPLAY;Service CANALPLAY;"C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe"
    S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-12-05 13:18:01 C:\WINDOWS\Tasks\HP Usg Daily FY04.job"
    - C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped06.exe
    "2007-11-30 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
    "2006-09-07 07:37:11 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
    - C:\WINDOWS\System32\OOBE\oobebaln.exe
    .
    **************************************************************************

    catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-05 17:21:48
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-12-05 17:23:14
    C:\ComboFix2.txt ... 2007-12-05 17:12
    C:\ComboFix3.txt ... 2007-12-04 20:04
    .
    --- E O F ---

    Bonsoir on ne se quitte plus voici les rapports, j'espère que cela suffira à trouver le virus data Merci encore
    @+


    NINI
    0
  14. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    tu m´as pas dis si tu utilisais canal play?

    @+
    0
  15. NINIDUWEB Messages postés 451 Statut Membre 3
     
    Re
    Oui de temps en temps canlal paly appartient à canla plus
    --@+

    NINI
    0
  16. g!rly Messages postés 18462 Statut Contributeur 407
     
    bon tres bien,

    regarde ceci concernant avast :

    Antivir vs Avast :

    ->http://forum.malekal.com/ftopic3528.php

    alors desinstal avast et instal antivir :

    Désinstalleur Avast:
    https://www.avast.com/fr-fr/uninstall-utility

    Telecharge et instal l'antivirus Antivir Personal Edition Classic :

    ->https://www.malekal.com/avira-free-security-antivirus-gratuit/

    http://mickael.barroux.free.fr/securite/antivir.php <- tutoriel configuration du scanner...

    puis redemarre en mode sans echec et effectue un scan complet de ta machine

    Comment redémarrer en mode sans echec?

    Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
    Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    capture d´ecran : http://www.coupdepoucepc.com/images_cdppc4/fichespratiques/windowsxp/modese/modese2.jpg
    Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
    Ps : si F8 ne marche pas utilise la touche F5.

    une fois antivir ouvert click sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
    puis click sur configuration en haut a droite puis dans la nouvelle fenetre a gauche >scanner > scan all files et en dessous >scanner priority = High
    toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

    post le rapport d´antivir dans ta prochaine réponse

    @+
    0
  17. NINIDUWEB Messages postés 451 Statut Membre 3
     
    --

    AntiVir PersonalEdition Classic
    Report file date: mercredi 5 décembre 2007 20:58

    Scanning for 835736 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: SYSTEM
    Computer name: SN402464340003

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
    ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
    ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 14:27:04
    ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 14:27:13
    AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 17:43:56
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: mercredi 5 décembre 2007 20:58

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'IncMail.exe' - '1' Module(s) have been scanned
    Scan process 'WOOBrowser.exe' - '1' Module(s) have been scanned
    Scan process 'Watch.exe' - '1' Module(s) have been scanned
    Scan process 'ALERTM~1.EXE' - '1' Module(s) have been scanned
    Scan process 'PollingModule.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'Inactivity.exe' - '1' Module(s) have been scanned
    Scan process 'Toaster.exe' - '1' Module(s) have been scanned
    Scan process 'ComComp.exe' - '1' Module(s) have been scanned
    Scan process 'ImApp.exe' - '1' Module(s) have been scanned
    Scan process 'GestionnaireInternet.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'eBayTBDaemon.exe' - '1' Module(s) have been scanned
    Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
    Scan process 'qttask.exe' - '1' Module(s) have been scanned
    Scan process 'realsched.exe' - '1' Module(s) have been scanned
    Scan process 'slserv.exe' - '1' Module(s) have been scanned
    Scan process 'hphmon06.exe' - '1' Module(s) have been scanned
    Scan process 'AOSD.EXE' - '1' Module(s) have been scanned
    Scan process 'hpcmpmgr.exe' - '1' Module(s) have been scanned
    Scan process 'mdm.exe' - '1' Module(s) have been scanned
    Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
    Scan process 'hpztsb11.exe' - '1' Module(s) have been scanned
    Scan process 'ABOARD.EXE' - '1' Module(s) have been scanned
    Scan process 'PCMService.exe' - '1' Module(s) have been scanned
    Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    45 processes with 45 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [NOTE] No virus was found!
    [WARNING] The boot sector file could not be read!
    [WARNING] Error code: 0x0083
    Master boot sector HD1
    [NOTE] No virus was found!
    [WARNING] The boot sector file could not be read!
    [WARNING] Error code: 0x0015
    Master boot sector HD2
    [NOTE] No virus was found!
    [WARNING] The boot sector file could not be read!
    [WARNING] Error code: 0x0015
    Master boot sector HD3
    [NOTE] No virus was found!
    [WARNING] The boot sector file could not be read!
    [WARNING] Error code: 0x0015
    Master boot sector HD4
    [NOTE] No virus was found!
    [WARNING] The boot sector file could not be read!
    [WARNING] Error code: 0x0015
    Master boot sector HD5
    [NOTE] No virus was found!
    [WARNING] The boot sector file could not be read!
    [WARNING] Error code: 0x0015

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '64' files ).

    Starting the file scan:

    Begin scan in 'C:\' <HDD>
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!

    End of the scan: mercredi 5 décembre 2007 21:42
    Used time: 43:37 min

    The scan has been done completely.

    6603 Scanning directories
    306415 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    306415 Files not concerned
    7055 Archives were scanned
    2 Warnings
    7 Notes

    Voici le rapport Merci et bonne nuit

    NINI
    0
  18. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    tu as encore des soucis?
    0
  19. NINIDUWEB Messages postés 451 Statut Membre 3
     
    --C'est lr rapport du nouveau AntVir Personal que tu m'a demandé de faire pour savoir si tout est ok maintenant
    Merci

    NINI
    0
  20. g!rly Messages postés 18462 Statut Contributeur 407
     
    oui je voie, comment va ton pc maintenant?
    0
  21. NINIDUWEB Messages postés 451 Statut Membre 3
     
    --Pour l'instant ça va j'espère que le virus data est bien parti merci encore de votre aide
    Quand même dans le rapport j'ai vu qu'il y avait 2 avertissements ? avez vous une idée

    NINI
    0
  • 1
  • 2