Sujet Précédent Sujet Suivant

Barre d'outils

Dan -  
g!rly Messages postés 18462 Statut Contributeur -
Bonjour à tous,

Jai un soucis avec la barre d'outils où est venu se placer "remove popups,scan spyware, security test et spam protection".Comment les supprimer.

Merci d'avance de votre aide,

Ci-dessous rapport KijackThis, si nécessaire

Logfile of HijackThis v1.99.1
Scan saved at 18:14:51, on 04/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
I:\Program Files\Alwil Software\Avast4\ashServ.exe
I:\WINDOWS\system32\LEXBCES.EXE
I:\WINDOWS\system32\LEXPPS.EXE
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
I:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\WINDOWS\system32\DBR115\DB2\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Inventel\Gateway\wlancfg.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
I:\WINDOWS\SOUNDMAN.EXE
I:\WINDOWS\system32\WgaTray.exe
I:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
I:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
I:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
I:\WINDOWS\system32\DBR115\DB1\services.exe
I:\PROGRA~1\Wanadoo\TaskBarIcon.exe
I:\Program Files\Lexmark 1200 Series\lxczbmon.exe
I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
I:\Program Files\Google\Google Updater\GoogleUpdater.exe
I:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
I:\PROGRA~1\Wanadoo\ComComp.exe
I:\PROGRA~1\Wanadoo\Toaster.exe
I:\PROGRA~1\Wanadoo\Inactivity.exe
I:\PROGRA~1\Wanadoo\PollingModule.exe
I:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
I:\PROGRA~1\Wanadoo\Watch.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Internet Explorer\iexplore.exe
I:\Program Files\Internet Explorer\iexplore.exe
I:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - I:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - I:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: MSVPS System - {74C44274-2A2D-4A99-B00B-CCA3912349F3} - I:\WINDOWS\vipextpxm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar1.dll
O3 - Toolbar: The voipwet - {0687766B-F048-43D1-B33B-DBE6FE9AE712} - I:\WINDOWS\voipwet.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroCheck] I:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] I:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] I:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "I:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "I:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Centre de Sécurité Windows] cds.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Centre de Sécurité Windows 1.15] I:\WINDOWS\system32\DBR115\DB1\services.exe
O4 - HKLM\..\Run: [Centre de Sécurité Windows 1.11] cds.dll
O4 - HKLM\..\Run: [Centre de Sécurité Windows 1.12] cds.dll
O4 - HKLM\..\Run: [Centre de Sécurité Windows 1.14] cds.dll
O4 - HKLM\..\Run: [avast!] I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\WINDOWS\zonecl.exe
O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WOOKIT] I:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - Global Startup: Microsoft Office.lnk = I:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = I:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Download Video - http://usd.lucretius-ada.com/zcvisitor/99029452-482e-11ea-9ff8-122444ade89f?campaignid=0d1dff40-82d7-11e9-9533-0a157bfa6bfc
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O20 - Winlogon Notify: WgaLogon - I:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: jetctrl - {A000004A-52AF-4A66-9E3F-90188EA34683} - (no file)
O21 - SSODL: kopmet - {E299896C-32A3-4762-9D27-9EDF5C7B56D1} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - I:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - I:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - I:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - I:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Support du transport PPPoE (PPPoESupport) - Unknown owner - I:\WINDOWS\system32\DBR115\DB2\svchost.exe" -service (file missing)
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - I:\Program Files\Inventel\Gateway\wlancfg.exe
A voir également:

19 réponses

Réponse 1 / 19
g!rly Messages postés 18462 Statut Contributeur 406
 
salut dan,

télécharges smitfraudfix :

En image :
http://siri.urz.free.fr/Fix/SmitfraudFix.php

tu doubles cliques sur smitfraudfix.cmd et tu choisi l option 1
cela vas générer un rapport.

Copie/colle le rapport sur le forum stp.
0
Réponse 2 / 19
Dan
 
G!rly,bonsoir

Merci de ton aide,

Ci-dessous le rapport,

@+

SmitFraudFix v2.257

Rapport fait à 20:59:33,09, 04/12/2007
Executé à partir de I:\Documents and Settings\Hamel\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
I:\Program Files\Alwil Software\Avast4\ashServ.exe
I:\WINDOWS\system32\LEXBCES.EXE
I:\WINDOWS\system32\LEXPPS.EXE
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
I:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\WINDOWS\system32\DBR115\DB2\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Inventel\Gateway\wlancfg.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
I:\WINDOWS\SOUNDMAN.EXE
I:\WINDOWS\system32\WgaTray.exe
I:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
I:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
I:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
I:\WINDOWS\system32\DBR115\DB1\services.exe
I:\PROGRA~1\Wanadoo\TaskBarIcon.exe
I:\Program Files\Lexmark 1200 Series\lxczbmon.exe
I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
I:\Program Files\Google\Google Updater\GoogleUpdater.exe
I:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
I:\PROGRA~1\Wanadoo\ComComp.exe
I:\PROGRA~1\Wanadoo\Toaster.exe
I:\PROGRA~1\Wanadoo\Inactivity.exe
I:\PROGRA~1\Wanadoo\PollingModule.exe
I:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
I:\PROGRA~1\Wanadoo\Watch.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Internet Explorer\iexplore.exe
I:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» I:\

»»»»»»»»»»»»»»»»»»»»»»»» I:\WINDOWS

I:\WINDOWS\nretcip.exe PRESENT !
I:\WINDOWS\voipwet.dll PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» I:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» I:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» I:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» I:\Documents and Settings\Hamel

»»»»»»»»»»»»»»»»»»»»»»»» I:\Documents and Settings\Hamel\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» I:\DOCUME~1\Hamel\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» I:\Program Files

I:\Program Files\RichVideoCodec\ PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

Description: 802.11 USB Wireless LAN Adapter #3 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

Description: 802.11 USB Wireless LAN Adapter #3 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{316B1B79-7006-4945-A9CA-453E90265D73}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{492D669D-749D-4A33-97DC-48FEA96A6B83}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C62A321B-25C6-416E-8105-396D03A9CA86}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{316B1B79-7006-4945-A9CA-453E90265D73}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{492D669D-749D-4A33-97DC-48FEA96A6B83}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C62A321B-25C6-416E-8105-396D03A9CA86}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{316B1B79-7006-4945-A9CA-453E90265D73}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{492D669D-749D-4A33-97DC-48FEA96A6B83}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{C62A321B-25C6-416E-8105-396D03A9CA86}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 3 / 19
g!rly Messages postés 18462 Statut Contributeur 406
 
re,

Redémarre le PC en mode sans échec : tu tapotes sur la touche F8 de ton clavier (ou F5 ) dès le démarrage et tu choisis le mode sans échec)

- Ouvre le dossier "SmitfraudFix" et double clique sur "Smitfraudfix.cmd", choisit l 'option 2 et tu réponds oui à tout.

Enregistre le rapport puis Copie/colle le rapport sur le forum stp.

et repost ausi un hijack this stp

@+
0
Réponse 4 / 19
Dan
 
Voici les deux rapports:

SmitFraudFix v2.257

Rapport fait à 4:00:11,75, 05/12/2007
Executé à partir de I:\Documents and Settings\Hamel\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

I:\WINDOWS\nretcip.exe supprimé
I:\Program Files\RichVideoCodec\ supprimé

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{316B1B79-7006-4945-A9CA-453E90265D73}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{492D669D-749D-4A33-97DC-48FEA96A6B83}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C62A321B-25C6-416E-8105-396D03A9CA86}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{316B1B79-7006-4945-A9CA-453E90265D73}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{492D669D-749D-4A33-97DC-48FEA96A6B83}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C62A321B-25C6-416E-8105-396D03A9CA86}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{316B1B79-7006-4945-A9CA-453E90265D73}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{492D669D-749D-4A33-97DC-48FEA96A6B83}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{C62A321B-25C6-416E-8105-396D03A9CA86}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Reboot

I:\WINDOWS\voipwet.dll supprimé

»»»»»»»»»»»»»»»»»»»»»»»» Fin

Logfile of HijackThis v1.99.1
Scan saved at 04:08:41, on 05/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
I:\Program Files\Alwil Software\Avast4\ashServ.exe
I:\WINDOWS\system32\LEXBCES.EXE
I:\WINDOWS\system32\LEXPPS.EXE
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
I:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\WINDOWS\system32\DBR115\DB2\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Inventel\Gateway\wlancfg.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
I:\WINDOWS\system32\WgaTray.exe
I:\WINDOWS\SOUNDMAN.EXE
I:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
I:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
I:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
I:\WINDOWS\system32\DBR115\DB1\services.exe
I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
I:\Program Files\Lexmark 1200 Series\lxczbmon.exe
I:\PROGRA~1\Wanadoo\TaskBarIcon.exe
I:\Program Files\Google\Google Updater\GoogleUpdater.exe
I:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
I:\PROGRA~1\Wanadoo\ComComp.exe
I:\PROGRA~1\Wanadoo\Toaster.exe
I:\PROGRA~1\Wanadoo\Inactivity.exe
I:\PROGRA~1\Wanadoo\PollingModule.exe
I:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
I:\PROGRA~1\Wanadoo\Watch.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Internet Explorer\iexplore.exe
I:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - I:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - I:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: MSVPS System - {74C44274-2A2D-4A99-B00B-CCA3912349F3} - I:\WINDOWS\vipextpxm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar1.dll
O3 - Toolbar: The voipwet - {0687766B-F048-43D1-B33B-DBE6FE9AE712} - I:\WINDOWS\voipwet.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroCheck] I:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] I:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] I:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "I:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "I:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Centre de Sécurité Windows] cds.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Centre de Sécurité Windows 1.15] I:\WINDOWS\system32\DBR115\DB1\services.exe
O4 - HKLM\..\Run: [Centre de Sécurité Windows 1.11] cds.dll
O4 - HKLM\..\Run: [Centre de Sécurité Windows 1.12] cds.dll
O4 - HKLM\..\Run: [Centre de Sécurité Windows 1.14] cds.dll
O4 - HKLM\..\Run: [avast!] I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\WINDOWS\zonecl.exe
O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WOOKIT] I:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - Global Startup: Microsoft Office.lnk = I:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = I:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Download Video - http://usd.lucretius-ada.com/zcvisitor/99029452-482e-11ea-9ff8-122444ade89f?campaignid=0d1dff40-82d7-11e9-9533-0a157bfa6bfc
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O20 - Winlogon Notify: WgaLogon - I:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - I:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - I:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - I:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - I:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Support du transport PPPoE (PPPoESupport) - Unknown owner - I:\WINDOWS\system32\DBR115\DB2\svchost.exe" -service (file missing)
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - I:\Program Files\Inventel\Gateway\wlancfg.exe

@+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 19
g!rly Messages postés 18462 Statut Contributeur 406
 
salut dan,

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

@+
0
Réponse 6 / 19
Dan
 
G!rly, bonjour

Ci-dessous la rapport demandé:

ComboFix 07-12-02.6 - Hamel 2007-12-05 17:28:53.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.873 [GMT 1:00]
Running from: I:\Documents and Settings\Hamel\Bureau\ComboFix.exe
* Created a new restore point
.
[i] ADS - system32: deleted 72178 bytes in 1 streams. [/i]

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

I:\WINDOWS\dat.txt
I:\WINDOWS\rs.txt
I:\WINDOWS\search_res.txt

.
((((((((((((((((((((((((((((( Fichiers créés 2007-11-05 to 2007-12-05 ))))))))))))))))))))))))))))))))))))
.

2007-12-04 20:59 . 2007-09-05 23:22 289,144 --a------ I:\WINDOWS\system32\VCCLSID.exe
2007-12-04 20:59 . 2006-04-27 16:49 288,417 --a------ I:\WINDOWS\system32\SrchSTS.exe
2007-12-04 20:59 . 2003-06-05 20:13 53,248 --a------ I:\WINDOWS\system32\Process.exe
2007-12-04 20:59 . 2004-07-31 17:50 51,200 --a------ I:\WINDOWS\system32\dumphive.exe
2007-12-04 20:59 . 2007-10-03 23:36 25,600 --a------ I:\WINDOWS\system32\WS2Fix.exe
2007-12-04 20:59 . 2007-12-05 04:00 3,390 --a------ I:\WINDOWS\system32\tmp.reg
2007-12-04 13:18 . 2007-12-04 13:19 <REP> d-------- I:\Program Files\4Musics Multiformat Converter
2007-12-04 13:18 . 2001-03-17 21:34 22,528 --a------ I:\WINDOWS\system32\WNASPI32.DLL
2007-12-04 13:18 . 2002-07-17 09:05 16,512 --a------ I:\WINDOWS\system32\drivers\ASPI32.SYS
2007-12-04 12:42 . 2007-12-04 12:42 <REP> d-------- I:\Documents and Settings\All Users\Application Data\AVS4YOU
2007-12-04 12:41 . 2007-12-04 12:41 <REP> d-------- I:\Program Files\Fichiers communs\AVSMedia
2007-12-04 12:41 . 2007-12-04 12:41 <REP> d-------- I:\Program Files\AVS4YOU
2007-12-04 12:41 . 2002-01-05 15:40 487,424 --a------ I:\WINDOWS\system32\msvcp70.dll
2007-12-04 12:41 . 2002-01-05 03:37 344,064 --a------ I:\WINDOWS\system32\msvcr70.dll
2007-12-04 12:41 . 2003-05-21 13:50 24,576 --a------ I:\WINDOWS\system32\msxml3a.dll
2007-12-03 18:19 . 2007-12-03 10:30 249,856 --a------ I:\WINDOWS\vipextpxm.dll
2007-12-02 17:31 . 2007-12-02 17:31 69,632 --a------ I:\WINDOWS\system32\securitycenter_11966130712660.exe
2007-11-23 17:49 . 2007-11-23 17:49 180,224 --a------ I:\WINDOWS\system32\securitycenter_11958365979327.exe
2007-11-14 20:18 . 2007-11-14 20:18 180,224 --a------ I:\WINDOWS\system32\securitycenter_11950679164329.exe
2007-11-14 18:38 . 2007-11-14 18:38 180,224 --a------ I:\WINDOWS\system32\securitycenter_11950618878188.exe
2007-11-13 19:14 . 2007-11-13 19:14 180,224 --a------ I:\WINDOWS\system32\securitycenter_11949776839762.exe
2007-11-13 19:09 . 2007-11-13 19:09 180,224 --a------ I:\WINDOWS\system32\securitycenter_11949773718919.exe
2007-11-12 20:09 . 2007-11-12 20:09 180,224 --a------ I:\WINDOWS\system32\securitycenter_11948945963302.exe
2007-11-12 19:48 . 2007-11-12 19:48 180,224 --a------ I:\WINDOWS\system32\securitycenter_11948932934086.exe
2007-11-11 13:10 . 2007-11-11 13:10 180,224 --a------ I:\WINDOWS\system32\securitycenter_11947830501315.exe
2007-11-11 12:58 . 2007-11-11 12:58 180,224 --a------ I:\WINDOWS\system32\securitycenter_11947822877875.exe
2007-11-11 12:47 . 2007-11-11 12:47 180,224 --a------ I:\WINDOWS\system32\securitycenter_11947816745921.exe
2007-11-11 12:38 . 2007-11-11 12:38 180,224 --a------ I:\WINDOWS\system32\securitycenter_11947811165955.exe
2007-11-11 12:32 . 2007-11-11 12:32 180,224 --a------ I:\WINDOWS\system32\securitycenter_11947807616628.exe
2007-11-11 12:18 . 2007-11-11 12:18 180,224 --a------ I:\WINDOWS\system32\securitycenter_11947798958170.exe
2007-11-11 10:54 . 2007-11-11 10:54 45,056 --a------ I:\WINDOWS\system32\securitycenter_11947748519650.exe
2007-11-11 10:25 . 2007-11-11 10:25 180,224 --a------ I:\WINDOWS\system32\securitycenter_11947731373238.exe
2007-11-10 20:28 . 2007-11-10 20:28 180,224 --a------ I:\WINDOWS\system32\securitycenter_11947229082460.exe
2007-11-10 19:59 . 2007-11-10 19:59 180,224 --a------ I:\WINDOWS\system32\securitycenter_11947211973855.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-05 16:26 --------- d-----w I:\Program Files\Wanadoo
2007-12-05 03:08 --------- d-----w I:\Program Files\Hijackthis Version Française
2007-12-03 17:56 --------- d--h--w I:\Program Files\InstallShield Installation Information
2007-12-03 17:55 --------- d-----w I:\Program Files\XviD
2007-12-03 17:55 --------- d-----w I:\Program Files\DibaNet
2007-12-03 16:34 --------- d-----w I:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-02 05:38 --------- d-----w I:\Program Files\eMule
2007-11-04 19:41 --------- d-----w I:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-11-04 18:38 180,224 ----a-w I:\WINDOWS\system32\securitycenter_11942015103981.exe
2007-11-04 18:06 180,224 ----a-w I:\WINDOWS\system32\securitycenter_11941995819176.exe
2007-11-04 12:42 94,208 ----a-w I:\WINDOWS\system32\securitycenter_11941801212199.exe
2007-11-04 12:40 180,224 ----a-w I:\WINDOWS\system32\securitycenter_11941800472675.exe
2007-11-04 03:42 94,208 ----a-w I:\WINDOWS\system32\securitycenter_11941477436627.exe
2007-11-04 03:39 94,208 ----a-w I:\WINDOWS\system32\securitycenter_11941475827786.exe
2007-10-25 16:23 --------- d-----w I:\Program Files\FLV Player
2007-10-19 11:36 69,632 ----a-w I:\WINDOWS\system32\securitycenter_11927937935184.exe
2007-10-15 16:25 19,766 ----a-w I:\WINDOWS\system32\securitycenter_11924655469235.exe
2007-10-15 15:54 19,766 ----a-w I:\WINDOWS\system32\securitycenter_11924636869559.exe
2007-10-15 15:51 19,766 ----a-w I:\WINDOWS\system32\securitycenter_11924634907152.exe
2007-10-14 18:33 18,195 ----a-w I:\WINDOWS\system32\securitycenter_11923868333880.exe
2007-10-14 18:12 18,265 ----a-w I:\WINDOWS\system32\securitycenter_11923855214181.exe
2007-10-14 18:08 18,265 ----a-w I:\WINDOWS\system32\securitycenter_11923853277760.exe
2007-10-08 15:32 180,224 ----a-w I:\WINDOWS\system32\securitycenter_11918575749008.exe
2007-10-07 08:21 --------- d-----w I:\Program Files\Pro100Demo
2007-10-06 01:47 45,056 ----a-w I:\WINDOWS\system32\securitycenter_11916352504290.exe
2007-10-06 01:18 180,224 ----a-w I:\WINDOWS\system32\securitycenter_11916335157905.exe
2007-10-06 01:15 180,224 ----a-w I:\WINDOWS\system32\securitycenter_11916333391832.exe
2007-10-04 16:41 180,224 ----a-w I:\WINDOWS\system32\securitycenter_11915161141576.exe
2007-10-03 16:10 45,056 ----a-w I:\WINDOWS\system32\securitycenter_11914278579799.exe
2007-09-13 16:19 45,056 ----a-w I:\WINDOWS\system32\securitycenter_11897003569819.exe
2007-09-13 16:18 45,056 ----a-w I:\WINDOWS\system32\securitycenter_11897003083657.exe
2007-09-06 10:09 801,144 ----a-w I:\WINDOWS\system32\aswBoot.exe
2007-09-06 10:00 95,608 ----a-w I:\WINDOWS\system32\AVASTSS.scr
2007-09-05 17:22 32,768 ----a-w I:\WINDOWS\system32\securitycenter_11890129561270.exe
2007-06-20 12:41 1,724,416 ----a-w I:\Documents and Settings\Hamel\tmp_115.exe
2007-04-15 22:30 18,862 ----a-w I:\Documents and Settings\Hamel\OK_9_1176676226.exe
2007-04-15 22:30 18,862 ----a-w I:\Documents and Settings\Hamel\OK_8_1176676226.exe
2007-04-15 22:30 18,862 ----a-w I:\Documents and Settings\Hamel\OK_7_1176676226.exe
2007-04-15 22:30 18,862 ----a-w I:\Documents and Settings\Hamel\OK_6_1176676226.exe
2007-04-15 22:30 18,862 ----a-w I:\Documents and Settings\Hamel\OK_5_1176676226.exe
2007-04-15 22:30 18,862 ----a-w I:\Documents and Settings\Hamel\OK_4_1176676226.exe
2007-04-15 22:30 18,862 ----a-w I:\Documents and Settings\Hamel\OK_3_1176676226.exe
2007-04-15 22:30 18,862 ----a-w I:\Documents and Settings\Hamel\OK_25_1176676227.exe
2007-04-15 22:30 18,862 ----a-w I:\Documents and Settings\Hamel\OK_24_1176676227.exe
2007-04-15 22:30 18,862 ----a-w I:\Documents and Settings\Hamel\OK_23_1176676227.exe
2007-04-15 22:30 18,862 ----a-w I:\Documents and Settings\Hamel\OK_22_1176676227.exe
2007-04-15 22:30 18,862 ----a-w I:\Documents and Settings\Hamel\OK_21_1176676227.exe
2007-04-15 22:30 18,862 ----a-w I:\Documents and Settings\Hamel\OK_20_1176676227.exe
2007-04-15 22:30 18,862 ----a-w I:\Documents and Settings\Hamel\OK_2_1176676226.exe
2007-04-15 22:30 18,862 ----a-w I:\Documents and Settings\Hamel\OK_19_1176676227.exe
2007-04-15 22:30 18,862 ----a-w I:\Documents and Settings\Hamel\OK_18_1176676227.exe
2007-04-15 22:30 18,862 ----a-w I:\Documents and Settings\Hamel\OK_17_1176676226.exe
2007-04-15 22:30 18,862 ----a-w I:\Documents and Settings\Hamel\OK_16_1176676226.exe
2007-04-15 22:30 18,862 ----a-w I:\Documents and Settings\Hamel\OK_15_1176676226.exe
2007-04-15 22:30 18,862 ----a-w I:\Documents and Settings\Hamel\OK_14_1176676226.exe
2007-04-15 22:30 18,862 ----a-w I:\Documents and Settings\Hamel\OK_13_1176676226.exe
2007-04-15 22:30 18,862 ----a-w I:\Documents and Settings\Hamel\OK_12_1176676226.exe
2007-04-15 22:30 18,862 ----a-w I:\Documents and Settings\Hamel\OK_11_1176676226.exe
2007-04-15 22:30 18,862 ----a-w I:\Documents and Settings\Hamel\OK_10_1176676226.exe
2007-04-15 22:30 18,862 ----a-w I:\Documents and Settings\Hamel\OK_1_1176676225.exe
2007-03-10 09:02 278,528 ----a-w I:\Program Files\Fichiers communs\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74C44274-2A2D-4A99-B00B-CCA3912349F3}]
2007-12-03 10:30 249856 --a------ I:\WINDOWS\vipextpxm.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0687766B-F048-43D1-B33B-DBE6FE9AE712}"= I:\WINDOWS\voipwet.dll [ ]

[HKEY_CLASSES_ROOT\clsid\{0687766b-f048-43d1-b33b-dbe6fe9ae712}]
[HKEY_CLASSES_ROOT\voipwet.ToolBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CF026274-F586-4940-86BD-065139E90B5C}]
[HKEY_CLASSES_ROOT\voipwet.ToolBar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 11:35]
"WOOKIT"="I:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-02 22:12 I:\WINDOWS\soundman.exe]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:55 I:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-10-22 12:22 I:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 23:55 I:\WINDOWS\system32\rundll32.exe]
"NeroCheck"="I:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 11:50]
"WOOWATCH"="I:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49]
"WOOTASKBARICON"="I:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55]
"Lexmark 1200 Series"="I:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2006-03-16 08:10]
"Adobe Photo Downloader"="I:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 19:33]
"Centre de Sécurité Windows"="cds.dll" []
"SunJavaUpdateSched"="I:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43]
"Centre de Sécurité Windows 1.15"="I:\WINDOWS\system32\DBR115\DB1\services.exe" [2007-06-20 13:41]
"Centre de Sécurité Windows 1.11"="cds.dll" []
"Centre de Sécurité Windows 1.12"="cds.dll" []
"Centre de Sécurité Windows 1.14"="cds.dll" []
"avast!"="I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"Adobe Reader Speed Launcher"="I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"Zone Labs Client"="C:\WINDOWS\zonecl.exe" []

I:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - I:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56]
Outil de mise … jour Google.lnk - I:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-02-27 14:03:24]

R0 viamraid;viamraid;I:\WINDOWS\system32\DRIVERS\viamraid.sys
R0 videX32;videX32;I:\WINDOWS\system32\DRIVERS\videX32.sys
R2 PPPoESupport;Support du transport PPPoE;"I:\WINDOWS\system32\DBR115\DB2\svchost.exe" -service
R3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;I:\WINDOWS\system32\DRIVERS\sis163u.sys
R3 usbstor;Pilote de stockage de masse USB;I:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 ASPI;Advanced SCSI Programming Interface Driver;\??\I:\WINDOWS\System32\DRIVERS\ASPI32.sys
S3 Boonty Games;Boonty Games;"I:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
S3 ovt530;Webcam Classic;I:\WINDOWS\system32\Drivers\ov530vid.sys
S3 SetupNTGLM7X;SetupNTGLM7X;\??\G:\NTGLM7X.sys
S3 usbscan;Pilote de scanneur USB;I:\WINDOWS\system32\DRIVERS\usbscan.sys

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3100970B-5B44-706C-2ABF-A00315A1F060}]
I:\WINDOWS\system32:iexplore.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-05 17:30:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-05 17:30:32
.
--- E O F ---
@+ et encore merci de ton aide
0
Réponse 7 / 19
g!rly Messages postés 18462 Statut Contributeur 406
 
re,

Copie le texte ci-dessous :

File::
I:\WINDOWS\system32\securitycenter_11966130712660.exe
I:\WINDOWS\system32\securitycenter_11958365979327.exe
I:\WINDOWS\system32\securitycenter_11950679164329.exe
I:\WINDOWS\system32\securitycenter_11950618878188.exe
I:\WINDOWS\system32\securitycenter_11949776839762.exe
I:\WINDOWS\system32\securitycenter_11949773718919.exe
I:\WINDOWS\system32\securitycenter_11948945963302.exe
I:\WINDOWS\system32\securitycenter_11948932934086.exe
I:\WINDOWS\system32\securitycenter_11947830501315.exe
I:\WINDOWS\system32\securitycenter_11947822877875.exe
I:\WINDOWS\system32\securitycenter_11947816745921.exe
I:\WINDOWS\system32\securitycenter_11947811165955.exe
I:\WINDOWS\system32\securitycenter_11947807616628.exe
I:\WINDOWS\system32\securitycenter_11947798958170.exe
I:\WINDOWS\system32\securitycenter_11947748519650.exe
I:\WINDOWS\system32\securitycenter_11947731373238.exe
I:\WINDOWS\system32\securitycenter_11947229082460.exe
I:\WINDOWS\system32\securitycenter_11947211973855.exe
I:\WINDOWS\system32\securitycenter_11942015103981.exe
I:\WINDOWS\system32\securitycenter_11941995819176.exe
I:\WINDOWS\system32\securitycenter_11941801212199.exe
I:\WINDOWS\system32\securitycenter_11941800472675.exe
I:\WINDOWS\system32\securitycenter_11941477436627.exe
I:\WINDOWS\system32\securitycenter_11941475827786.exe
I:\WINDOWS\system32\securitycenter_11927937935184.exe
I:\WINDOWS\system32\securitycenter_11924655469235.exe
I:\WINDOWS\system32\securitycenter_11924636869559.exe
I:\WINDOWS\system32\securitycenter_11924634907152.exe
I:\WINDOWS\system32\securitycenter_11923868333880.exe
I:\WINDOWS\system32\securitycenter_11923855214181.exe
I:\WINDOWS\system32\securitycenter_11923853277760.exe
I:\WINDOWS\system32\securitycenter_11918575749008.exe
I:\WINDOWS\system32\securitycenter_11916352504290.exe
I:\WINDOWS\system32\securitycenter_11916335157905.exe
I:\WINDOWS\system32\securitycenter_11916333391832.exe
I:\WINDOWS\system32\securitycenter_11915161141576.exe
I:\WINDOWS\system32\securitycenter_11914278579799.exe
I:\WINDOWS\system32\securitycenter_11897003569819.exe
I:\WINDOWS\system32\securitycenter_11897003083657.exe
I:\WINDOWS\system32\securitycenter_11890129561270.exe
I:\Documents and Settings\Hamel\tmp_115.exe
I:\Documents and Settings\Hamel\OK_9_1176676226.exe
I:\Documents and Settings\Hamel\OK_8_1176676226.exe
I:\Documents and Settings\Hamel\OK_7_1176676226.exe
I:\Documents and Settings\Hamel\OK_6_1176676226.exe
I:\Documents and Settings\Hamel\OK_5_1176676226.exe
I:\Documents and Settings\Hamel\OK_4_1176676226.exe
I:\Documents and Settings\Hamel\OK_3_1176676226.exe
I:\Documents and Settings\Hamel\OK_25_1176676227.exe
I:\Documents and Settings\Hamel\OK_24_1176676227.exe
I:\Documents and Settings\Hamel\OK_23_1176676227.exe
I:\Documents and Settings\Hamel\OK_22_1176676227.exe
I:\Documents and Settings\Hamel\OK_21_1176676227.exe
I:\Documents and Settings\Hamel\OK_20_1176676227.exe
I:\Documents and Settings\Hamel\OK_2_1176676226.exe
I:\Documents and Settings\Hamel\OK_19_1176676227.exe
I:\Documents and Settings\Hamel\OK_18_1176676227.exe
I:\Documents and Settings\Hamel\OK_17_1176676226.exe
I:\Documents and Settings\Hamel\OK_16_1176676226.exe
I:\Documents and Settings\Hamel\OK_15_1176676226.exe
I:\Documents and Settings\Hamel\OK_14_1176676226.exe
I:\Documents and Settings\Hamel\OK_13_1176676226.exe
I:\Documents and Settings\Hamel\OK_12_1176676226.exe
I:\Documents and Settings\Hamel\OK_11_1176676226.exe
I:\Documents and Settings\Hamel\OK_10_1176676226.exe
I:\Documents and Settings\Hamel\OK_1_1176676225.exe
I:\WINDOWS\vipextpxm.dll
I:\WINDOWS\system32\DBR115\DB1\services.exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74C44274-2A2D-4A99-B00B-CCA3912349F3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0687766B-F048-43D1-B33B-DBE6FE9AE712}"=-
[-HKEY_CLASSES_ROOT\clsid\{0687766b-f048-43d1-b33b-dbe6fe9ae712}]
[-HKEY_CLASSES_ROOT\voipwet.ToolBar.1]
[-HKEY_CLASSES_ROOT\TypeLib\{CF026274-F586-4940-86BD-065139E90B5C}]
[-HKEY_CLASSES_ROOT\voipwet.ToolBar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Centre de Sécurité Windows 1.15"=-
"Centre de Sécurité Windows 1.11"=-
"Centre de Sécurité Windows 1.12"=-
"Centre de Sécurité Windows 1.14"=-

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt2 accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+
0
Réponse 8 / 19
Dan
 
Les rapports:

ComboFix 07-12-02.6 - Hamel 2007-12-05 18:18:57.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.834 [GMT 1:00]
Running from: I:\Documents and Settings\Hamel\Bureau\ComboFix.exe
Command switches used :: I:\Documents and Settings\Hamel\Bureau\CFScript.txt
* Created a new restore point

FILE
I:\Documents and Settings\Hamel\OK_1_1176676225.exe
I:\Documents and Settings\Hamel\OK_10_1176676226.exe
I:\Documents and Settings\Hamel\OK_11_1176676226.exe
I:\Documents and Settings\Hamel\OK_12_1176676226.exe
I:\Documents and Settings\Hamel\OK_13_1176676226.exe
I:\Documents and Settings\Hamel\OK_14_1176676226.exe
I:\Documents and Settings\Hamel\OK_15_1176676226.exe
I:\Documents and Settings\Hamel\OK_16_1176676226.exe
I:\Documents and Settings\Hamel\OK_17_1176676226.exe
I:\Documents and Settings\Hamel\OK_18_1176676227.exe
I:\Documents and Settings\Hamel\OK_19_1176676227.exe
I:\Documents and Settings\Hamel\OK_2_1176676226.exe
I:\Documents and Settings\Hamel\OK_20_1176676227.exe
I:\Documents and Settings\Hamel\OK_21_1176676227.exe
I:\Documents and Settings\Hamel\OK_22_1176676227.exe
I:\Documents and Settings\Hamel\OK_23_1176676227.exe
I:\Documents and Settings\Hamel\OK_24_1176676227.exe
I:\Documents and Settings\Hamel\OK_25_1176676227.exe
I:\Documents and Settings\Hamel\OK_3_1176676226.exe
I:\Documents and Settings\Hamel\OK_4_1176676226.exe
I:\Documents and Settings\Hamel\OK_5_1176676226.exe
I:\Documents and Settings\Hamel\OK_6_1176676226.exe
I:\Documents and Settings\Hamel\OK_7_1176676226.exe
I:\Documents and Settings\Hamel\OK_8_1176676226.exe
I:\Documents and Settings\Hamel\OK_9_1176676226.exe
I:\Documents and Settings\Hamel\tmp_115.exe
I:\WINDOWS\system32\DBR115\DB1\services.exe
I:\WINDOWS\system32\securitycenter_11890129561270.exe
I:\WINDOWS\system32\securitycenter_11897003083657.exe
I:\WINDOWS\system32\securitycenter_11897003569819.exe
I:\WINDOWS\system32\securitycenter_11914278579799.exe
I:\WINDOWS\system32\securitycenter_11915161141576.exe
I:\WINDOWS\system32\securitycenter_11916333391832.exe
I:\WINDOWS\system32\securitycenter_11916335157905.exe
I:\WINDOWS\system32\securitycenter_11916352504290.exe
I:\WINDOWS\system32\securitycenter_11918575749008.exe
I:\WINDOWS\system32\securitycenter_11923853277760.exe
I:\WINDOWS\system32\securitycenter_11923855214181.exe
I:\WINDOWS\system32\securitycenter_11923868333880.exe
I:\WINDOWS\system32\securitycenter_11924634907152.exe
I:\WINDOWS\system32\securitycenter_11924636869559.exe
I:\WINDOWS\system32\securitycenter_11924655469235.exe
I:\WINDOWS\system32\securitycenter_11927937935184.exe
I:\WINDOWS\system32\securitycenter_11941475827786.exe
I:\WINDOWS\system32\securitycenter_11941477436627.exe
I:\WINDOWS\system32\securitycenter_11941800472675.exe
I:\WINDOWS\system32\securitycenter_11941801212199.exe
I:\WINDOWS\system32\securitycenter_11941995819176.exe
I:\WINDOWS\system32\securitycenter_11942015103981.exe
I:\WINDOWS\system32\securitycenter_11947211973855.exe
I:\WINDOWS\system32\securitycenter_11947229082460.exe
I:\WINDOWS\system32\securitycenter_11947731373238.exe
I:\WINDOWS\system32\securitycenter_11947748519650.exe
I:\WINDOWS\system32\securitycenter_11947798958170.exe
I:\WINDOWS\system32\securitycenter_11947807616628.exe
I:\WINDOWS\system32\securitycenter_11947811165955.exe
I:\WINDOWS\system32\securitycenter_11947816745921.exe
I:\WINDOWS\system32\securitycenter_11947822877875.exe
I:\WINDOWS\system32\securitycenter_11947830501315.exe
I:\WINDOWS\system32\securitycenter_11948932934086.exe
I:\WINDOWS\system32\securitycenter_11948945963302.exe
I:\WINDOWS\system32\securitycenter_11949773718919.exe
I:\WINDOWS\system32\securitycenter_11949776839762.exe
I:\WINDOWS\system32\securitycenter_11950618878188.exe
I:\WINDOWS\system32\securitycenter_11950679164329.exe
I:\WINDOWS\system32\securitycenter_11958365979327.exe
I:\WINDOWS\system32\securitycenter_11966130712660.exe
I:\WINDOWS\vipextpxm.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

I:\Documents and Settings\Hamel\OK_1_1176676225.exe
I:\Documents and Settings\Hamel\OK_10_1176676226.exe
I:\Documents and Settings\Hamel\OK_11_1176676226.exe
I:\Documents and Settings\Hamel\OK_12_1176676226.exe
I:\Documents and Settings\Hamel\OK_13_1176676226.exe
I:\Documents and Settings\Hamel\OK_14_1176676226.exe
I:\Documents and Settings\Hamel\OK_15_1176676226.exe
I:\Documents and Settings\Hamel\OK_16_1176676226.exe
I:\Documents and Settings\Hamel\OK_17_1176676226.exe
I:\Documents and Settings\Hamel\OK_18_1176676227.exe
I:\Documents and Settings\Hamel\OK_19_1176676227.exe
I:\Documents and Settings\Hamel\OK_2_1176676226.exe
I:\Documents and Settings\Hamel\OK_20_1176676227.exe
I:\Documents and Settings\Hamel\OK_21_1176676227.exe
I:\Documents and Settings\Hamel\OK_22_1176676227.exe
I:\Documents and Settings\Hamel\OK_23_1176676227.exe
I:\Documents and Settings\Hamel\OK_24_1176676227.exe
I:\Documents and Settings\Hamel\OK_25_1176676227.exe
I:\Documents and Settings\Hamel\OK_3_1176676226.exe
I:\Documents and Settings\Hamel\OK_4_1176676226.exe
I:\Documents and Settings\Hamel\OK_5_1176676226.exe
I:\Documents and Settings\Hamel\OK_6_1176676226.exe
I:\Documents and Settings\Hamel\OK_7_1176676226.exe
I:\Documents and Settings\Hamel\OK_8_1176676226.exe
I:\Documents and Settings\Hamel\OK_9_1176676226.exe
I:\Documents and Settings\Hamel\tmp_115.exe
I:\WINDOWS\dat.txt
I:\WINDOWS\search_res.txt
I:\WINDOWS\system32\DBR115\DB1\services.exe
I:\WINDOWS\system32\securitycenter_11890129561270.exe
I:\WINDOWS\system32\securitycenter_11897003083657.exe
I:\WINDOWS\system32\securitycenter_11897003569819.exe
I:\WINDOWS\system32\securitycenter_11914278579799.exe
I:\WINDOWS\system32\securitycenter_11915161141576.exe
I:\WINDOWS\system32\securitycenter_11916333391832.exe
I:\WINDOWS\system32\securitycenter_11916335157905.exe
I:\WINDOWS\system32\securitycenter_11916352504290.exe
I:\WINDOWS\system32\securitycenter_11918575749008.exe
I:\WINDOWS\system32\securitycenter_11923853277760.exe
I:\WINDOWS\system32\securitycenter_11923855214181.exe
I:\WINDOWS\system32\securitycenter_11923868333880.exe
I:\WINDOWS\system32\securitycenter_11924634907152.exe
I:\WINDOWS\system32\securitycenter_11924636869559.exe
I:\WINDOWS\system32\securitycenter_11924655469235.exe
I:\WINDOWS\system32\securitycenter_11927937935184.exe
I:\WINDOWS\system32\securitycenter_11941475827786.exe
I:\WINDOWS\system32\securitycenter_11941477436627.exe
I:\WINDOWS\system32\securitycenter_11941800472675.exe
I:\WINDOWS\system32\securitycenter_11941801212199.exe
I:\WINDOWS\system32\securitycenter_11941995819176.exe
I:\WINDOWS\system32\securitycenter_11942015103981.exe
I:\WINDOWS\system32\securitycenter_11947211973855.exe
I:\WINDOWS\system32\securitycenter_11947229082460.exe
I:\WINDOWS\system32\securitycenter_11947731373238.exe
I:\WINDOWS\system32\securitycenter_11947748519650.exe
I:\WINDOWS\system32\securitycenter_11947798958170.exe
I:\WINDOWS\system32\securitycenter_11947807616628.exe
I:\WINDOWS\system32\securitycenter_11947811165955.exe
I:\WINDOWS\system32\securitycenter_11947816745921.exe
I:\WINDOWS\system32\securitycenter_11947822877875.exe
I:\WINDOWS\system32\securitycenter_11947830501315.exe
I:\WINDOWS\system32\securitycenter_11948932934086.exe
I:\WINDOWS\system32\securitycenter_11948945963302.exe
I:\WINDOWS\system32\securitycenter_11949773718919.exe
I:\WINDOWS\system32\securitycenter_11949776839762.exe
I:\WINDOWS\system32\securitycenter_11950618878188.exe
I:\WINDOWS\system32\securitycenter_11950679164329.exe
I:\WINDOWS\system32\securitycenter_11958365979327.exe
I:\WINDOWS\system32\securitycenter_11966130712660.exe
I:\WINDOWS\vipextpxm.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-05 to 2007-12-05 ))))))))))))))))))))))))))))))))))))
.

2007-12-04 20:59 . 2007-09-05 23:22 289,144 --a------ I:\WINDOWS\system32\VCCLSID.exe
2007-12-04 20:59 . 2006-04-27 16:49 288,417 --a------ I:\WINDOWS\system32\SrchSTS.exe
2007-12-04 20:59 . 2003-06-05 20:13 53,248 --a------ I:\WINDOWS\system32\Process.exe
2007-12-04 20:59 . 2004-07-31 17:50 51,200 --a------ I:\WINDOWS\system32\dumphive.exe
2007-12-04 20:59 . 2007-10-03 23:36 25,600 --a------ I:\WINDOWS\system32\WS2Fix.exe
2007-12-04 20:59 . 2007-12-05 04:00 3,390 --a------ I:\WINDOWS\system32\tmp.reg
2007-12-04 13:18 . 2007-12-04 13:19 <REP> d-------- I:\Program Files\4Musics Multiformat Converter
2007-12-04 13:18 . 2001-03-17 21:34 22,528 --a------ I:\WINDOWS\system32\WNASPI32.DLL
2007-12-04 13:18 . 2002-07-17 09:05 16,512 --a------ I:\WINDOWS\system32\drivers\ASPI32.SYS
2007-12-04 12:42 . 2007-12-04 12:42 <REP> d-------- I:\Documents and Settings\All Users\Application Data\AVS4YOU
2007-12-04 12:41 . 2007-12-04 12:41 <REP> d-------- I:\Program Files\Fichiers communs\AVSMedia
2007-12-04 12:41 . 2007-12-04 12:41 <REP> d-------- I:\Program Files\AVS4YOU
2007-12-04 12:41 . 2002-01-05 15:40 487,424 --a------ I:\WINDOWS\system32\msvcp70.dll
2007-12-04 12:41 . 2002-01-05 03:37 344,064 --a------ I:\WINDOWS\system32\msvcr70.dll
2007-12-04 12:41 . 2003-05-21 13:50 24,576 --a------ I:\WINDOWS\system32\msxml3a.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-05 17:21 --------- d-----w I:\Program Files\Wanadoo
2007-12-05 03:08 --------- d-----w I:\Program Files\Hijackthis Version Française
2007-12-03 17:56 --------- d--h--w I:\Program Files\InstallShield Installation Information
2007-12-03 17:55 --------- d-----w I:\Program Files\XviD
2007-12-03 17:55 --------- d-----w I:\Program Files\DibaNet
2007-12-03 16:34 --------- d-----w I:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-02 05:38 --------- d-----w I:\Program Files\eMule
2007-11-04 19:41 --------- d-----w I:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-10-25 16:23 --------- d-----w I:\Program Files\FLV Player
2007-10-07 08:21 --------- d-----w I:\Program Files\Pro100Demo
2007-03-10 09:02 278,528 ----a-w I:\Program Files\Fichiers communs\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((( snapshot@2007-12-05_17.30.09,85 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-05 17:21:09 16,384 ----atw I:\WINDOWS\Temp\Perflib_Perfdata_6a8.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 11:35]
"WOOKIT"="I:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-02 22:12 I:\WINDOWS\soundman.exe]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:55 I:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-10-22 12:22 I:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 23:55 I:\WINDOWS\system32\rundll32.exe]
"NeroCheck"="I:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 11:50]
"WOOWATCH"="I:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49]
"WOOTASKBARICON"="I:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55]
"Lexmark 1200 Series"="I:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2006-03-16 08:10]
"Adobe Photo Downloader"="I:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" []
"Centre de Sécurité Windows"="cds.dll" []
"SunJavaUpdateSched"="I:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43]
"avast!"="I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"Adobe Reader Speed Launcher"="I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"Zone Labs Client"="C:\WINDOWS\zonecl.exe" []

R0 viamraid;viamraid;I:\WINDOWS\system32\DRIVERS\viamraid.sys
R0 videX32;videX32;I:\WINDOWS\system32\DRIVERS\videX32.sys
R2 PPPoESupport;Support du transport PPPoE;"I:\WINDOWS\system32\DBR115\DB2\svchost.exe" -service
R3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;I:\WINDOWS\system32\DRIVERS\sis163u.sys
R3 usbstor;Pilote de stockage de masse USB;I:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 ASPI;Advanced SCSI Programming Interface Driver;\??\I:\WINDOWS\System32\DRIVERS\ASPI32.sys
S3 Boonty Games;Boonty Games;"I:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
S3 ovt530;Webcam Classic;I:\WINDOWS\system32\Drivers\ov530vid.sys
S3 SetupNTGLM7X;SetupNTGLM7X;\??\G:\NTGLM7X.sys
S3 usbscan;Pilote de scanneur USB;I:\WINDOWS\system32\DRIVERS\usbscan.sys

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3100970B-5B44-706C-2ABF-A00315A1F060}]
I:\WINDOWS\system32:iexplore.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-05 18:21:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-05 18:22:07 - machine was rebooted
I:\ComboFix2.txt ... 2007-12-05 17:30
.
--- E O F ---

Logfile of HijackThis v1.99.1
Scan saved at 18:22, on 05/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
I:\Program Files\Alwil Software\Avast4\ashServ.exe
I:\WINDOWS\system32\LEXBCES.EXE
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\system32\LEXPPS.EXE
I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
I:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\WINDOWS\system32\DBR115\DB2\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Inventel\Gateway\wlancfg.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
I:\WINDOWS\system32\wscntfy.exe
I:\WINDOWS\system32\WgaTray.exe
I:\WINDOWS\SOUNDMAN.EXE
I:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
I:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
I:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
I:\PROGRA~1\Wanadoo\TaskBarIcon.exe
I:\Program Files\Lexmark 1200 Series\lxczbmon.exe
I:\Program Files\Google\Google Updater\GoogleUpdater.exe
I:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - I:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - I:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroCheck] I:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] I:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] I:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "I:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "I:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Centre de Sécurité Windows] cds.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\WINDOWS\zonecl.exe
O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WOOKIT] I:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - Global Startup: Microsoft Office.lnk = I:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = I:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Download Video - http://usd.lucretius-ada.com/zcvisitor/99029452-482e-11ea-9ff8-122444ade89f?campaignid=0d1dff40-82d7-11e9-9533-0a157bfa6bfc
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O20 - Winlogon Notify: WgaLogon - I:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - I:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - I:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - I:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - I:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Support du transport PPPoE (PPPoESupport) - Unknown owner - I:\WINDOWS\system32\DBR115\DB2\svchost.exe" -service (file missing)
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - I:\Program Files\Inventel\Gateway\wlancfg.exe

@+
0
Réponse 9 / 19
g!rly Messages postés 18462 Statut Contributeur 406
 
re,

a l´aide de hijack this coche et fix les lignes ci dessous:

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O4 - HKLM\..\Run: [Centre de Sécurité Windows] cds.dll
O23 - Service: Boonty Games - BOONTY - I:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Support du transport PPPoE (PPPoESupport) - Unknown owner - I:\WINDOWS\system32\DBR115\DB2\svchost.exe" -service (file missing)

comment fixer :

Tutoriel d´utilisation (video) :

-> http://pageperso.aol.fr/balltrap34/demohijack.htm

click sur demarrer > execute > dans la boite de dialogue tape > services.msc et valide par ok
dans la fenetre des services arrete ces deux services

Service: Boonty Games - BOONTY
Support du transport PPPoE (PPPoESupport)

instal un par feu :

par feu : kerio

http://www.malekal.com/kerio_firewall.php#mozTocId721480

https://www.vulgarisation-informatique.com/kerio.php

ou zone alarm plus facil a configurer mais moins performant

http://www.kachouri.com/tuto/tuto-143-zonealarm-installation-du-firewall--pare-feu.html

Copie le texte ci-dessous :

File::
I:\WINDOWS\system32\DBR115\DB2\svchost.exe
I:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
I:\WINDOWS\system32\cds.dll

Folder::
I:\Program Files\Fichiers communs\BOONTY Shared

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Centre de Sécurité Windows"=-

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+
0
Réponse 10 / 19
Dan
 
D!rly, bonjour

Me revoilà enfin,

ComboFix 07-12-02.6 - Hamel 2007-12-06 18:50:19.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.895 [GMT 1:00]
Running from: I:\Documents and Settings\Hamel\Bureau\ComboFix.exe
Command switches used :: I:\Documents and Settings\Hamel\Bureau\CFScript.txt
* Created a new restore point

FILE
I:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
I:\WINDOWS\system32\cds.dll
I:\WINDOWS\system32\DBR115\DB2\svchost.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

I:\Program Files\Fichiers communs\BOONTY Shared
I:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
I:\WINDOWS\system32\DBR115\DB2\svchost.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2007-11-06 to 2007-12-06 ))))))))))))))))))))))))))))))))))))
.

2007-12-06 18:42 . 2007-12-06 18:42 <REP> d-------- I:\Documents and Settings\All Users\Application Data\MailFrontier
2007-12-06 18:41 . 2007-12-06 18:42 <REP> d-------- I:\WINDOWS\system32\ZoneLabs
2007-12-04 20:59 . 2007-09-05 23:22 289,144 --a------ I:\WINDOWS\system32\VCCLSID.exe
2007-12-04 20:59 . 2006-04-27 16:49 288,417 --a------ I:\WINDOWS\system32\SrchSTS.exe
2007-12-04 20:59 . 2003-06-05 20:13 53,248 --a------ I:\WINDOWS\system32\Process.exe
2007-12-04 20:59 . 2004-07-31 17:50 51,200 --a------ I:\WINDOWS\system32\dumphive.exe
2007-12-04 20:59 . 2007-10-03 23:36 25,600 --a------ I:\WINDOWS\system32\WS2Fix.exe
2007-12-04 20:59 . 2007-12-05 04:00 3,390 --a------ I:\WINDOWS\system32\tmp.reg
2007-12-04 13:18 . 2007-12-04 13:19 <REP> d-------- I:\Program Files\4Musics Multiformat Converter
2007-12-04 13:18 . 2001-03-17 21:34 22,528 --a------ I:\WINDOWS\system32\WNASPI32.DLL
2007-12-04 13:18 . 2002-07-17 09:05 16,512 --a------ I:\WINDOWS\system32\drivers\ASPI32.SYS
2007-12-04 12:42 . 2007-12-04 12:42 <REP> d-------- I:\Documents and Settings\All Users\Application Data\AVS4YOU
2007-12-04 12:41 . 2007-12-04 12:41 <REP> d-------- I:\Program Files\Fichiers communs\AVSMedia
2007-12-04 12:41 . 2007-12-04 12:41 <REP> d-------- I:\Program Files\AVS4YOU
2007-12-04 12:41 . 2002-01-05 15:40 487,424 --a------ I:\WINDOWS\system32\msvcp70.dll
2007-12-04 12:41 . 2002-01-05 03:37 344,064 --a------ I:\WINDOWS\system32\msvcr70.dll
2007-12-04 12:41 . 2003-05-21 13:50 24,576 --a------ I:\WINDOWS\system32\msxml3a.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-06 17:51 120,864 --sha-w I:\WINDOWS\system32\drivers\fidbox.dat
2007-12-06 17:47 --------- d-----w I:\Program Files\Wanadoo
2007-12-06 17:44 1,388 --sha-w I:\WINDOWS\system32\drivers\fidbox.idx
2007-12-06 17:42 75,932 ----a-w I:\WINDOWS\system32\drivers\klick.dat
2007-12-06 17:42 74,396 ----a-w I:\WINDOWS\system32\drivers\klin.dat
2007-12-05 18:41 --------- d-----w I:\Program Files\Google
2007-12-05 18:39 --------- d-----w I:\Program Files\Hijackthis Version Française
2007-12-05 18:34 --------- d-----w I:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-03 17:56 --------- d--h--w I:\Program Files\InstallShield Installation Information
2007-12-03 17:55 --------- d-----w I:\Program Files\XviD
2007-12-03 17:55 --------- d-----w I:\Program Files\DibaNet
2007-12-02 05:38 --------- d-----w I:\Program Files\eMule
2007-11-04 19:41 --------- d-----w I:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-10-25 16:23 --------- d-----w I:\Program Files\FLV Player
2007-10-07 08:21 --------- d-----w I:\Program Files\Pro100Demo
2007-09-06 10:09 801,144 ----a-w I:\WINDOWS\system32\aswBoot.exe
2007-09-06 10:00 95,608 ----a-w I:\WINDOWS\system32\AVASTSS.scr
2007-03-10 09:02 278,528 ----a-w I:\Program Files\Fichiers communs\FDEUnInstaller.exe
.

((((((((((((((((((((((((((((( snapshot@2007-12-05_17.30.09,85 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-05-30 23:03:48 110,360 ----a-w I:\WINDOWS\system32\drivers\kl1.sys
+ 2007-05-30 23:03:50 119,576 ----a-w I:\WINDOWS\system32\drivers\klif.sys
+ 2007-06-21 20:55:28 21,904 ----a-w I:\WINDOWS\system32\imsinstall_loc040c.dll
+ 2007-06-21 20:55:28 17,808 ----a-w I:\WINDOWS\system32\imslsp_install_loc040c.dll
+ 2007-06-21 20:54:26 796,048 ----a-w I:\WINDOWS\system32\libeay32_0.9.6l.dll
- 2007-10-28 02:18:15 39,992 ----a-w I:\WINDOWS\system32\perfc009.dat
+ 2007-12-05 17:25:11 39,992 ----a-w I:\WINDOWS\system32\perfc009.dat
- 2007-10-28 02:18:15 48,616 ----a-w I:\WINDOWS\system32\perfc00C.dat
+ 2007-12-05 17:25:11 48,616 ----a-w I:\WINDOWS\system32\perfc00C.dat
- 2007-10-28 02:18:15 311,604 ----a-w I:\WINDOWS\system32\perfh009.dat
+ 2007-12-05 17:25:11 311,604 ----a-w I:\WINDOWS\system32\perfh009.dat
- 2007-10-28 02:18:15 367,658 ----a-w I:\WINDOWS\system32\perfh00C.dat
+ 2007-12-05 17:25:11 367,658 ----a-w I:\WINDOWS\system32\perfh00C.dat
+ 2004-04-27 03:40:52 11,264 ----a-w I:\WINDOWS\system32\SpOrder.dll
+ 2007-06-21 20:54:30 83,432 ----a-w I:\WINDOWS\system32\vsdata.dll
+ 2007-06-21 20:54:52 394,984 ----a-w I:\WINDOWS\system32\vsdatant.sys
+ 2007-06-21 20:54:32 157,160 ----a-w I:\WINDOWS\system32\vsinit.dll
+ 2007-06-21 20:54:32 103,912 ----a-w I:\WINDOWS\system32\vsmonapi.dll
+ 2007-06-21 20:54:32 275,944 ----a-w I:\WINDOWS\system32\vspubapi.dll
+ 2007-06-21 20:54:32 71,144 ----a-w I:\WINDOWS\system32\vsregexp.dll
+ 2007-06-21 20:54:34 472,552 ----a-w I:\WINDOWS\system32\vsutil.dll
+ 2007-06-21 20:55:30 54,672 ----a-w I:\WINDOWS\system32\vsutil_loc040c.dll
+ 2007-06-21 20:54:34 46,568 ----a-w I:\WINDOWS\system32\vswmi.dll
+ 2007-06-21 20:54:34 99,816 ----a-w I:\WINDOWS\system32\vsxml.dll
+ 2007-06-21 20:54:34 83,432 ----a-w I:\WINDOWS\system32\zlcomm.dll
+ 2007-06-21 20:54:34 71,144 ----a-w I:\WINDOWS\system32\zlcommdb.dll
+ 2007-12-06 17:43:54 4,212 ---h--w I:\WINDOWS\system32\zllictbl.dat
+ 2007-06-21 20:54:24 366,112 ----a-w I:\WINDOWS\system32\ZoneLabs\av.dll
+ 2007-06-21 20:55:26 26,000 ----a-w I:\WINDOWS\system32\ZoneLabs\av_loc040c.dll
+ 2007-05-30 23:03:30 65,248 ----a-w I:\WINDOWS\system32\ZoneLabs\avsys\bases\aphish.dat
+ 2006-06-30 13:47:36 21,568 ----a-w I:\WINDOWS\system32\ZoneLabs\avsys\bases\avcmhk4.dll
+ 2007-05-30 23:03:16 77,824 ----a-w I:\WINDOWS\system32\ZoneLabs\avsys\CKAHComm.dll
+ 2007-05-30 23:03:16 110,592 ----a-w I:\WINDOWS\system32\ZoneLabs\avsys\CKAHrule.dll
+ 2007-05-30 23:03:16 331,776 ----a-w I:\WINDOWS\system32\ZoneLabs\avsys\CKAHUM.dll
+ 2007-05-30 23:03:16 38,400 ----a-w I:\WINDOWS\system32\ZoneLabs\avsys\FSSync.dll
+ 2006-09-19 22:12:14 208,960 ----a-w I:\WINDOWS\system32\ZoneLabs\avsys\inv.dll
+ 2007-05-30 23:03:16 258,048 ----a-w I:\WINDOWS\system32\ZoneLabs\avsys\kave.dll
+ 2006-12-19 17:13:52 1,093,632 ----a-w I:\WINDOWS\system32\ZoneLabs\avsys\libeay32.dll
+ 2007-05-30 23:03:20 548,864 ----a-w I:\WINDOWS\system32\ZoneLabs\avsys\msvcp80.dll
+ 2007-05-30 23:03:20 626,688 ----a-w I:\WINDOWS\system32\ZoneLabs\avsys\msvcr80.dll
+ 2007-05-30 23:03:18 184,320 ----a-w I:\WINDOWS\system32\ZoneLabs\avsys\prloader.dll
+ 2007-05-30 23:03:22 90,112 ----a-w I:\WINDOWS\system32\ZoneLabs\avsys\prremote.dll
+ 2007-05-30 23:03:18 118,784 ----a-w I:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
+ 2006-12-19 17:13:52 200,704 ----a-w I:\WINDOWS\system32\ZoneLabs\avsys\ssleay32.dll
+ 2007-06-21 20:54:24 99,816 ----a-w I:\WINDOWS\system32\ZoneLabs\camupd.dll
+ 2007-06-21 20:55:26 17,808 ----a-w I:\WINDOWS\system32\ZoneLabs\camupd_loc040c.dll
+ 2004-01-30 11:35:08 813,568 ----a-w I:\WINDOWS\system32\ZoneLabs\dbghelp.dll
+ 2007-06-21 20:54:24 128,480 ----a-w I:\WINDOWS\system32\ZoneLabs\fbl.dll
+ 2007-06-21 20:54:26 38,376 ----a-w I:\WINDOWS\system32\ZoneLabs\featuremap.dll
+ 2007-06-21 20:54:26 321,016 ----a-w I:\WINDOWS\system32\ZoneLabs\imsecure.dll
+ 2007-06-21 20:55:28 26,000 ----a-w I:\WINDOWS\system32\ZoneLabs\imsecure_loc040c.dll
+ 2007-06-21 20:55:26 288,144 ----a-w I:\WINDOWS\system32\ZoneLabs\lib\ConfigWizard_loc040c.zip.dll
+ 2007-06-21 20:55:28 152,976 ----a-w I:\WINDOWS\system32\ZoneLabs\lib\LicenseUI_loc040c.zip.dll
+ 2007-06-21 20:54:54 26,000 ----a-w I:\WINDOWS\system32\ZoneLabs\lib\zlsvc.zip.dll
+ 2007-06-21 20:54:54 1,361,296 ----a-w I:\WINDOWS\system32\ZoneLabs\lib\zpy.zip.dll
+ 2007-06-21 20:54:54 71,056 ----a-w I:\WINDOWS\system32\ZoneLabs\lib\zui.zip.dll
+ 2007-06-21 20:56:16 30,184 ----a-w I:\WINDOWS\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll
+ 2007-06-21 20:56:16 30,216 ----a-w I:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll
+ 2007-06-11 11:43:50 714,472 ----a-w I:\WINDOWS\system32\ZoneLabs\qrbase.dll
+ 2007-06-11 11:43:52 788,200 ----a-w I:\WINDOWS\system32\ZoneLabs\qrsrecl.dll
+ 2007-06-21 20:54:28 173,544 ----a-w I:\WINDOWS\system32\ZoneLabs\scheduler.dll
+ 2007-06-21 20:55:30 17,808 ----a-w I:\WINDOWS\system32\ZoneLabs\scheduler_loc040c.dll
+ 2007-01-11 10:12:08 2,432,259 ----a-w I:\WINDOWS\system32\ZoneLabs\spyware.dat
+ 2007-06-11 11:43:56 1,496,808 ----a-w I:\WINDOWS\system32\ZoneLabs\srescan.dll
+ 2007-06-11 11:44:10 50,416 ----a-w I:\WINDOWS\system32\ZoneLabs\srescan.sys
+ 2007-06-21 20:54:28 456,168 ----a-w I:\WINDOWS\system32\ZoneLabs\ssleay32.dll
+ 2007-06-21 20:56:16 210,432 ----a-w I:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll
+ 2007-06-21 20:56:18 3,229,176 ----a-w I:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp.dll
+ 2007-06-21 20:55:28 26,000 ----a-w I:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp_loc040c.dll
+ 2006-09-04 19:59:14 503,875 ----a-w I:\WINDOWS\system32\ZoneLabs\upd_core.dll
+ 2006-10-28 02:03:16 833,520 ----a-w I:\WINDOWS\system32\ZoneLabs\updating.dll
+ 2007-06-21 20:54:46 144,936 ----a-w I:\WINDOWS\system32\ZoneLabs\updclient.exe
+ 2007-06-21 20:55:30 75,152 ----a-w I:\WINDOWS\system32\ZoneLabs\updClient_loc040c.dll
+ 2007-01-11 16:31:06 286,787 ----a-w I:\WINDOWS\system32\ZoneLabs\updtrsdk.dll
+ 2007-06-21 20:54:30 108,008 ----a-w I:\WINDOWS\system32\ZoneLabs\vsavpro.dll
+ 2007-06-21 20:54:30 79,336 ----a-w I:\WINDOWS\system32\ZoneLabs\vsdb.dll
+ 2007-06-21 20:55:30 17,808 ----a-w I:\WINDOWS\system32\ZoneLabs\vsdb_loc040c.dll
+ 2007-06-21 20:54:46 75,304 ----a-w I:\WINDOWS\system32\ZoneLabs\vsmon.exe
+ 2007-06-21 20:55:30 46,480 ----a-w I:\WINDOWS\system32\ZoneLabs\vsmon_loc040c.dll
+ 2007-06-21 20:54:32 2,024,936 ----a-w I:\WINDOWS\system32\ZoneLabs\vsmondll.dll
+ 2007-06-21 20:54:32 1,345,000 ----a-w I:\WINDOWS\system32\ZoneLabs\vsruledb.dll
+ 2007-06-21 20:55:30 198,032 ----a-w I:\WINDOWS\system32\ZoneLabs\vsruledb_loc040c.dll
+ 2007-06-21 20:54:34 243,176 ----a-w I:\WINDOWS\system32\ZoneLabs\vsvault.dll
+ 2007-06-21 20:55:30 17,808 ----a-w I:\WINDOWS\system32\ZoneLabs\vsvault_loc040c.dll
+ 2007-01-11 10:12:08 2,432,259 ----a-w I:\WINDOWS\system32\ZoneLabs\zlasdbup.dat
+ 2007-06-21 20:54:36 177,640 ----a-w I:\WINDOWS\system32\ZoneLabs\zlparser.dll
+ 2007-06-21 20:54:36 79,344 ----a-w I:\WINDOWS\system32\ZoneLabs\zlquarantine.dll
+ 2007-06-21 20:55:32 17,808 ----a-w I:\WINDOWS\system32\ZoneLabs\zlquarantine_loc040c.dll
+ 2007-06-21 20:54:36 378,344 ----a-w I:\WINDOWS\system32\ZoneLabs\zlsre.dll
+ 2007-06-21 20:55:32 21,904 ----a-w I:\WINDOWS\system32\ZoneLabs\zlsre_loc040c.dll
+ 2007-06-21 20:54:36 120,296 ----a-w I:\WINDOWS\system32\ZoneLabs\zlupdate.dll
+ 2007-06-21 20:54:40 1,086,952 ----a-w I:\WINDOWS\system32\zpeng24.dll
+ 2007-12-06 17:45:35 16,384 ----atw I:\WINDOWS\Temp\Perflib_Perfdata_f4.dat
+ 2007-06-21 20:54:48 75,248 ----a-w I:\WINDOWS\zllsputility.exe
+ 2007-06-21 20:55:32 42,384 ----a-w I:\WINDOWS\zllsputility_loc040c.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 11:35]
"WOOKIT"="I:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-08-02 22:12 I:\WINDOWS\soundman.exe]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:55 I:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2006-10-22 12:22 I:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 23:55 I:\WINDOWS\system32\rundll32.exe]
"NeroCheck"="I:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 11:50]
"WOOWATCH"="I:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49]
"WOOTASKBARICON"="I:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55]
"Lexmark 1200 Series"="I:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2006-03-16 08:10]
"Adobe Photo Downloader"="I:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 19:33]
"SunJavaUpdateSched"="I:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43]
"avast!"="I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]
"Adobe Reader Speed Launcher"="I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"Zone Labs Client"="C:\WINDOWS\zonecl.exe" []
"ZoneAlarm Client"="I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54]

I:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - I:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56]
Outil de mise … jour Google.lnk - I:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-02-27 14:03:24]

R0 viamraid;viamraid;I:\WINDOWS\system32\DRIVERS\viamraid.sys
R0 videX32;videX32;I:\WINDOWS\system32\DRIVERS\videX32.sys
R3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;I:\WINDOWS\system32\DRIVERS\sis163u.sys
R3 usbstor;Pilote de stockage de masse USB;I:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 ASPI;Advanced SCSI Programming Interface Driver;\??\I:\WINDOWS\System32\DRIVERS\ASPI32.sys
S3 ovt530;Webcam Classic;I:\WINDOWS\system32\Drivers\ov530vid.sys
S3 SetupNTGLM7X;SetupNTGLM7X;\??\G:\NTGLM7X.sys
S3 usbscan;Pilote de scanneur USB;I:\WINDOWS\system32\DRIVERS\usbscan.sys
S4 Boonty Games;Boonty Games;"I:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
S4 PPPoESupport;Support du transport PPPoE;"I:\WINDOWS\system32\DBR115\DB2\svchost.exe" -service

*Newly Created Service* - SRESCAN
*Newly Created Service* - VSMON

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3100970B-5B44-706C-2ABF-A00315A1F060}]
I:\WINDOWS\system32:iexplore.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-06 18:51:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-06 18:52:11
I:\ComboFix2.txt ... 2007-12-05 18:22
I:\ComboFix3.txt ... 2007-12-05 17:30
.
--- E O F ---

Logfile of HijackThis v1.99.1
Scan saved at 18:52, on 06/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
I:\Program Files\Alwil Software\Avast4\ashServ.exe
I:\WINDOWS\system32\LEXBCES.EXE
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\system32\LEXPPS.EXE
I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
I:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Inventel\Gateway\wlancfg.exe
I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
I:\WINDOWS\system32\WgaTray.exe
I:\WINDOWS\system32\wscntfy.exe
I:\WINDOWS\SOUNDMAN.EXE
I:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
I:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
I:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
I:\Program Files\Lexmark 1200 Series\lxczbmon.exe
I:\PROGRA~1\Wanadoo\TaskBarIcon.exe
I:\Program Files\Google\Google Updater\GoogleUpdater.exe
I:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
I:\PROGRA~1\Wanadoo\ComComp.exe
I:\PROGRA~1\Wanadoo\Toaster.exe
I:\PROGRA~1\Wanadoo\Inactivity.exe
I:\PROGRA~1\Wanadoo\PollingModule.exe
I:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
I:\PROGRA~1\Wanadoo\Watch.exe
I:\Program Files\Internet Explorer\iexplore.exe
I:\WINDOWS\explorer.exe
I:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - I:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - I:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroCheck] I:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] I:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] I:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "I:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "I:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\WINDOWS\zonecl.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WOOKIT] I:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - Global Startup: Microsoft Office.lnk = I:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = I:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Download Video - http://usd.lucretius-ada.com/zcvisitor/99029452-482e-11ea-9ff8-122444ade89f?campaignid=0d1dff40-82d7-11e9-9533-0a157bfa6bfc
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O20 - Winlogon Notify: WgaLogon - I:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - I:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - I:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - I:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - I:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - I:\Program Files\Inventel\Gateway\wlancfg.exe

@+
0
Réponse 11 / 19
g!rly Messages postés 18462 Statut Contributeur 406
 
salut

a l´aide de hijack this coche ceci :

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - I:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

si tu n´utilise pas canal play fix aussi ceci :

O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)

demarrer / executer tape sc stop FTRTSVC puis valide par ok

demarrer/ executer tape sc delete FTRTSVC puis valide par ok"

regarde ceci

Antivir vs Avast :

->http://forum.malekal.com/ftopic3528.php

alors desinstal avast et

Telecharge et instal l'antivirus Antivir Personal Edition Classic :

->https://www.malekal.com/avira-free-security-antivirus-gratuit/

http://mickael.barroux.free.fr/securite/antivir.php <- tutoriel configuration du scanner...

une fois antivir ouvert click sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite puis dans la nouvelle fenetre a gauche >scanner > scan all files et en dessous >scanner priority = High
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

puis fais un scan complet de ta machine avec antivir en mode sans echec :

Comment redémarrer en mode sans echec?

Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
capture d´ecran : http://www.coupdepoucepc.com/images_cdppc4/fichespratiques/windowsxp/modese/modese2.jpg
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
Ps : si F8 ne marche pas utilise la touche F5.

et post le rapport ici

@+
0
Réponse 12 / 19
Dan
 
Voici le rapport, mais je ne suis pas sûr d'avoir effectué les bonnes manips,

AntiVir PersonalEdition Classic
Report file date: jeudi 6 décembre 2007 21:30

Scanning for 962690 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Hamel
Computer name: UNICORNI-555983

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.1.30 1575424 Bytes 30/11/2007 20:11:36
ANTIVIR3.VDF : 7.0.1.54 99328 Bytes 06/12/2007 20:11:36
AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 06/12/2007 20:11:36
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: ShlExt
Configuration file...............: I:\DOCUME~1\Hamel\LOCALS~1\Temp\692ceb6e.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: I:,
Scan memory......................: on
Process scan.....................: off
Scan registry....................: off
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high

Start of the scan: jeudi 6 décembre 2007 21:30

Starting the file scan:

Begin scan in 'I:\Documents and Settings\Hamel\Mes documents\Yannick HAMEL\antivir_workstation_win7u_en_h.exe'

End of the scan: jeudi 6 décembre 2007 21:30
Used time: 00:17 min

The scan has been done completely.

0 Scanning directories
317 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
0 Files cannot be scanned
317 Files not concerned
3 Archives were scanned
0 Warnings
0 Notes
0
Réponse 13 / 19
g!rly Messages postés 18462 Statut Contributeur 406
 
oui il n´a rien scanné ou presque...

http://mickael.barroux.free.fr/securite/antivir.php <- tutoriel configuration du scanner..

regarde encore ce tutoriel

car la tu voie il y a des actions non en marche:

Configuration settings for the scan:
Jobname..........................: ShlExt
Configuration file...............: I:\DOCUME~1\Hamel\LOCALS~1\Temp\692ceb6e.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: I:,
Scan memory......................: on
Process scan.....................: off
Scan registry....................: off
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
0
Réponse 14 / 19
Dan
 
G!rly, bonjour

J'espère que c'est bon cette fois-ci,

AntiVir PersonalEdition Classic
Report file date: vendredi 7 décembre 2007 15:13

Scanning for 962690 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Hamel
Computer name: UNICORNI-555983

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.1.30 1575424 Bytes 30/11/2007 20:11:36
ANTIVIR3.VDF : 7.0.1.54 99328 Bytes 06/12/2007 20:11:36
AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 06/12/2007 20:11:36
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: i:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: H:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high

Start of the scan: vendredi 7 décembre 2007 15:13

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'Watch.exe' - '1' Module(s) have been scanned
Scan process 'ALERTM~1.EXE' - '1' Module(s) have been scanned
Scan process 'PollingModule.exe' - '1' Module(s) have been scanned
Scan process 'Inactivity.exe' - '1' Module(s) have been scanned
Scan process 'Toaster.exe' - '1' Module(s) have been scanned
Scan process 'ComComp.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'EspaceWanadoo.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'lxczbmon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
Scan process 'lxczbmgr.exe' - '1' Module(s) have been scanned
Scan process 'soundman.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'WgaTray.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'WLANCFG.EXE' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
43 processes with 43 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'I:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] In the drive 'D:\' no data medium is inserted!
Boot sector 'E:\'
[NOTE] In the drive 'E:\' no data medium is inserted!
Boot sector 'F:\'
[NOTE] In the drive 'F:\' no data medium is inserted!
Boot sector 'J:\'
[NOTE] In the drive 'J:\' no data medium is inserted!

Starting to scan the registry.
The registry was scanned ( '34' files ).

Starting the file scan:

Begin scan in 'C:\' <mini moi>
Begin scan in 'I:\'
I:\pagefile.sys
[WARNING] The file could not be opened!
I:\qoobox\Quarantine\I\WINDOWS\system32\securitycenter_11927937935184.exe.vir
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47bc5b00.qua'!
I:\qoobox\Quarantine\I\WINDOWS\system32\securitycenter_11966130712660.exe.vir
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47bc5b04.qua'!
Begin scan in 'D:\'
Search path D:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'E:\'
Search path E:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'F:\'
Search path F:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'J:\'
Search path J:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'G:\'
Search path G:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'H:\'
Search path H:\ could not be opened!
Le périphérique n'est pas prêt.

End of the scan: vendredi 7 décembre 2007 15:47
Used time: 33:55 min

The scan has been done completely.

2618 Scanning directories
134018 Files were scanned
0 viruses and/or unwanted programs were found
2 Files were classified as suspicious:
0 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
134018 Files not concerned
1777 Archives were scanned
1 Warnings
1 Notes

@+
0
Réponse 15 / 19
g!rly Messages postés 18462 Statut Contributeur 406
 
re,

il y a encore le scanner de rootkit qui est desactivé, mais sinon il a scanner tous les fichiers

ce qui a ete trouvé correspond a la quarantaine de combofix que nous avons utilisé pour la desinfection

peut tu remttre un hijack this stp

@+
0
Réponse 16 / 19
Dan
 
Logfile of HijackThis v1.99.1
Scan saved at 18:10, on 07/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\ZoneLabs\vsmon.exe
I:\WINDOWS\system32\LEXBCES.EXE
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\system32\LEXPPS.EXE
I:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
I:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Inventel\Gateway\wlancfg.exe
I:\WINDOWS\system32\wscntfy.exe
I:\WINDOWS\system32\WgaTray.exe
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\SOUNDMAN.EXE
I:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
I:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
I:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
I:\Program Files\Lexmark 1200 Series\lxczbmon.exe
I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
I:\PROGRA~1\Wanadoo\TaskBarIcon.exe
I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
I:\Program Files\Google\Google Updater\GoogleUpdater.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Windows Media Player\wmplayer.exe
I:\Program Files\Ahead\Nero\nero.exe
I:\WINDOWS\system32\imapi.exe
I:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
I:\PROGRA~1\Wanadoo\ComComp.exe
I:\PROGRA~1\Wanadoo\Toaster.exe
I:\PROGRA~1\Wanadoo\Inactivity.exe
I:\PROGRA~1\Wanadoo\PollingModule.exe
I:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
I:\PROGRA~1\Wanadoo\Watch.exe
I:\Program Files\Internet Explorer\iexplore.exe
I:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - I:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - I:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroCheck] I:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] I:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] I:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "I:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "I:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\WINDOWS\zonecl.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WOOKIT] I:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - Global Startup: Microsoft Office.lnk = I:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = I:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Download Video - http://usd.lucretius-ada.com/zcvisitor/99029452-482e-11ea-9ff8-122444ade89f?campaignid=0d1dff40-82d7-11e9-9533-0a157bfa6bfc
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O20 - Winlogon Notify: WgaLogon - I:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - I:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - I:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - I:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - I:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - I:\Program Files\Inventel\Gateway\wlancfg.exe
0
Réponse 17 / 19
g!rly Messages postés 18462 Statut Contributeur 406
 
re,

tu surf avec internet explorer 6.0 = failles de securitées importantes

alors fais les mises a jour windows : tu veux la version 7.0

et pourquoi ne pas surfer avec firefox? = plus sur, tout en gardant ie 7.0 pour les mises a jour windows car impossible a effectuer sous firefox

puis ta version de java n´est pas a jour :

appuie simultanement sur la touche windows a droit de la barre d´espace (drapeau windows) et sur "e" ->une fois dans le post de travail click sur le disk c > program files >java ouvre le fichier java et click sur le fichier jre1.6.0_01 pour l´ouvrir puis ouvre le fichier bin et dedans tu recherche ceci : jucheck.exe tu double click dessus et effectue la mise a jour de java> tu veux la version 1.6.0_03
une fois la mise a jour effectuée tu va dans ajoute/suppression de program et tu supprime toutes les autres update de java, il ne doit te rester que celle que tu viens de faire : 1.6.0_03

a partr ca comment va ton pc maintenant?
0
Réponse 18 / 19
Dan
 
Mon PC fonctionne correctement,plus de soucis apparemment.Mise à jour de Java=ok, par contre firefox je ne connais pas,je suis pas expert en informatique.

En tous les cas, merci beaucoup pour ton aide et tes explications trés efficaces.

@+
0
Réponse 19 / 19
g!rly Messages postés 18462 Statut Contributeur 406
 
re,

de rien ;-)

http://www.firefox.fr/ pas besoin d´etre expert pour etre en securité ;-)

@+
0

Discussions similaires

comment remettre ma barre d'outil normalement
leonijo -
Carole -

65 réponses
O barré horizontalement
JCB40 -
JCB40 -

3 réponses
Au sujet du S majuscule avec trait oblique barré
charlene -
Pierr10 -

6 réponses
Barre verticale droite sur clavier
k_lou -
Leuide -

41 réponses
comment remettre le barre de taches en haut de l'écran
lagarde18 -
_OkaY_ -

3 réponses