Pc fantôme à l'aide ! - Page 2

Précédent
  • 1
  • 2
  1. Luminelle
     
    Bonjour ep44,

    j'ai un scan antivirus en ligne et comme d'habitude le pc s'est éteint, une page bleu apparait :
    " un probleme a été détécté et wndows a été arrété afin de prevenir tout dommage sur votre ordinateur "
    DRIVER_IRQL_LESS_OR_EQUAL "

    infos techniques :

    *** USBPORT.SYS address F930CB4 base at F92F000 DateStamp 41107d62
    0
  2. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonjour
    Télécharge sur le bureau [url=http://siri.urz.free.fr/Fix/SmitfraudFix.zip]SmitfraudFix.zip[/url]
    => Double clic sur SmitfraudFix.zip
    => Extraire tout
    => Double clic sur SmitfraudFix
    => Double Clic sur SmitfraudFix.cmd
    => Choisir Option 1
    => poste le rapport
    @+
    0
  3. Luminelle
     
    SmitFraudFix v2.260

    Rapport fait à 20:13:46,92, 10/12/2007
    Executé à partir de D:\Documents and Settings\GAFFOOR\Bureau\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    D:\Program Files\Alwil Software\Avast4\ashServ.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\system32\LVCOMSX.EXE
    D:\Program Files\Logitech\Video\LogiTray.exe
    D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    D:\Program Files\QuickTime\qttask.exe
    D:\Program Files\iTunes\iTunesHelper.exe
    D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\Program Files\MSN Messenger\MsnMsgr.Exe
    D:\Program Files\Skype\Phone\Skype.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\OpenOffice.org 2.2\program\soffice.exe
    D:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
    D:\Program Files\Logitech\Video\FxSvr2.exe
    D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    D:\Program Files\iPod\bin\iPodService.exe
    D:\Program Files\Skype\Plugin Manager\skypePM.exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\Program Files\MSN Messenger\usnsvc.exe
    D:\Program Files\Internet Explorer\IEXPLORE.EXE
    D:\PROGRA~1\IZArc\IZArc.exe
    D:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» D:\

    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\GAFFOOR

    »»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\GAFFOOR\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\GAFFOOR\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» D:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="http://www.commentcamarche.net/forum/' + OAS_url + 'adstream_nx.ads/' + OAS_sitepage + '/1' + OAS_rns + '@' + OAS_listpos + '!' + pos + OAS_query + '"
    "SubscribedURL"="http://www.commentcamarche.net/forum/' + OAS_url + 'adstream_nx.ads/' + OAS_sitepage + '/1' + OAS_rns + '@' + OAS_listpos + '!' + pos + OAS_query + '"
    "FriendlyName"=""

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Rustock

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 192.168.1.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{91921A1E-C39B-422F-9E0C-6965C7993B8B}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{91921A1E-C39B-422F-9E0C-6965C7993B8B}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{91921A1E-C39B-422F-9E0C-6965C7993B8B}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  4. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    il faut vraiment que tu fasses sdfix
    regarde à quoi doit ressembler le rapport
    https://forum.pcastuces.com/sujet.asp?f=25&s=30086

    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec

    ------
    = Redémarre en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
    Attention, pas d’accès à internet dans ce mode. Enregistre ou imprime les consignes.

    Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
    Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
    -------

    = Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
    = Appuie sur Y pour commencer le processus de nettoyage.
    = Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    = Appuie sur une touche pour redémarrer le PC.
    = Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    = Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    = Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    = Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    = Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Luminelle
     
    Re , j'ai enfin réussi à faire ce que tu m'a demandé !! Je te file le rapport :)

    SDFix: Version 1.117

    Run by GAFFOOR on 10/12/2007 at 21:49

    Microsoft Windows XP [version 5.1.2600]

    Running From: D:\DOCUME~1\GAFFOOR\Bureau\SDFix

    Safe Mode:
    Checking Services:

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...

    Normal Mode:
    Checking Files:

    Trojan Files Found:

    D:\Documents and Settings\GAFFOOR\nod32.txt - Deleted

    Removing Temp Files...

    ADS Check:

    D:\WINDOWS
    No streams found.

    D:\WINDOWS\system32
    No streams found.

    D:\WINDOWS\system32\svchost.exe
    No streams found.

    D:\WINDOWS\system32\ntoskrnl.exe
    No streams found.

    Final Check:

    catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-10 21:54:11
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:2df9c43f
    "s2"=dword:110480d0

    scanning hidden registry entries ...

    scanning hidden files ...

    D:\Documents and Settings\GAFFOOR\Local Settings\Application Data\Microsoft\Messenger\lightfully22@hotmail.fr\SharingMetadata\shab_1310@hotmail.com\DFSR\Staging\CS{CF63E68C-EA6C-6C98-738E-0F0A711A57A5}\01\10-{CF63E68C-EA6C-6C98-738E-0F0A711A57A5}-v1-{CD090C12-2685-4C7A-8C0F-085F8CD7E81B}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
    D:\Documents and Settings\GAFFOOR\Local Settings\Application Data\Microsoft\Messenger\lightfully22@hotmail.fr\SharingMetadata\shab_1310@hotmail.com\DFSR\Staging\CS{CF63E68C-EA6C-6C98-738E-0F0A711A57A5}\13\18-{CD090C12-2685-4C7A-8C0F-085F8CD7E81B}-v13-{CD090C12-2685-4C7A-8C0F-085F8CD7E81B}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1272 bytes hidden from API
    D:\Documents and Settings\GAFFOOR\Local Settings\Application Data\Microsoft\Messenger\lightfully22@hotmail.fr\SharingMetadata\shab_1310@hotmail.com\DFSR\Staging\CS{CF63E68C-EA6C-6C98-738E-0F0A711A57A5}\13\18-{CD090C12-2685-4C7A-8C0F-085F8CD7E81B}-v13-{CD090C12-2685-4C7A-8C0F-085F8CD7E81B}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 136 bytes hidden from API
    D:\Documents and Settings\GAFFOOR\Local Settings\Application Data\Microsoft\Messenger\lightfully22@hotmail.fr\SharingMetadata\shab_1310@hotmail.com\DFSR\Staging\CS{CF63E68C-EA6C-6C98-738E-0F0A711A57A5}\14\23-{CD090C12-2685-4C7A-8C0F-085F8CD7E81B}-v14-{CD090C12-2685-4C7A-8C0F-085F8CD7E81B}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1524 bytes hidden from API
    D:\Documents and Settings\GAFFOOR\Local Settings\Application Data\Microsoft\Messenger\lightfully22@hotmail.fr\SharingMetadata\shab_1310@hotmail.com\DFSR\Staging\CS{CF63E68C-EA6C-6C98-738E-0F0A711A57A5}\14\23-{CD090C12-2685-4C7A-8C0F-085F8CD7E81B}-v14-{CD090C12-2685-4C7A-8C0F-085F8CD7E81B}-v23-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 176 bytes hidden from API
    D:\Documents and Settings\GAFFOOR\Local Settings\Application Data\Microsoft\Messenger\miss_shamina78@hotmail.fr\SharingMetadata\shab_1310@hotmail.com\DFSR\Staging\CS{BF09C257-D0ED-446E-49F8-950350802799}\01\32-{BF09C257-D0ED-446E-49F8-950350802799}-v1-{5E82CD13-447F-4F7E-895E-B8B88EF605D6}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
    D:\Documents and Settings\GAFFOOR\Local Settings\Application Data\Microsoft\Messenger\miss_shamina78@hotmail.fr\SharingMetadata\shab_1310@hotmail.com\DFSR\Staging\CS{BF09C257-D0ED-446E-49F8-950350802799}\31\34-{C07926E2-D0F0-4A0F-BD86-C191592F55D4}-v31-{530CF38D-2299-4BBB-BF9C-71B1A4F28985}-v34-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 160 bytes hidden from API
    D:\Documents and Settings\GAFFOOR\Local Settings\Application Data\Microsoft\Messenger\miss_shamina78@hotmail.fr\SharingMetadata\shab_1310@hotmail.com\DFSR\Staging\CS{BF09C257-D0ED-446E-49F8-950350802799}\52\52-{5E82CD13-447F-4F7E-895E-B8B88EF605D6}-v52-{5E82CD13-447F-4F7E-895E-B8B88EF605D6}-v52-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1074 bytes hidden from API
    D:\Documents and Settings\GAFFOOR\Local Settings\Application Data\Microsoft\Messenger\miss_shamina78@hotmail.fr\SharingMetadata\shab_1310@hotmail.com\DFSR\Staging\CS{BF09C257-D0ED-446E-49F8-950350802799}\52\52-{5E82CD13-447F-4F7E-895E-B8B88EF605D6}-v52-{5E82CD13-447F-4F7E-895E-B8B88EF605D6}-v52-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 136 bytes hidden from API
    D:\Documents and Settings\GAFFOOR\Local Settings\Application Data\Microsoft\Messenger\Shab_1310@hotmail.com\SharingMetadata\miss_shamina78@hotmail.fr\DFSR\Staging\CS{BF09C257-D0ED-446E-49F8-950350802799}\01\18-{BF09C257-D0ED-446E-49F8-950350802799}-v1-{C07926E2-D0F0-4A0F-BD86-C191592F55D4}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
    D:\Documents and Settings\GAFFOOR\Local Settings\Application Data\Microsoft\Messenger\Shab_1310@hotmail.com\SharingMetadata\miss_shamina78@hotmail.fr\DFSR\Staging\CS{BF09C257-D0ED-446E-49F8-950350802799}\31\31-{C07926E2-D0F0-4A0F-BD86-C191592F55D4}-v31-{C07926E2-D0F0-4A0F-BD86-C191592F55D4}-v31-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 1434 bytes hidden from API
    D:\Documents and Settings\GAFFOOR\Local Settings\Application Data\Microsoft\Messenger\Shab_1310@hotmail.com\SharingMetadata\miss_shamina78@hotmail.fr\DFSR\Staging\CS{BF09C257-D0ED-446E-49F8-950350802799}\31\31-{C07926E2-D0F0-4A0F-BD86-C191592F55D4}-v31-{C07926E2-D0F0-4A0F-BD86-C191592F55D4}-v31-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 160 bytes hidden from API
    D:\Documents and Settings\GAFFOOR\Local Settings\Application Data\Microsoft\Messenger\Shab_1310@hotmail.com\SharingMetadata\moradtalbi@hotmail.fr\DFSR\Staging\CS{514741C0-367A-6F1E-8662-0D1C2275126D}\01\13-{514741C0-367A-6F1E-8662-0D1C2275126D}-v1-{C07926E2-D0F0-4A0F-BD86-C191592F55D4}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
    D:\Documents and Settings\GAFFOOR\Local Settings\Application Data\Microsoft\Messenger\Shab_1310@hotmail.com\SharingMetadata\moradtalbi@hotmail.fr\DFSR\Staging\CS{514741C0-367A-6F1E-8662-0D1C2275126D}\11\11-{8E585743-031F-4D08-8BFC-3B6A6EDA45E1}-v11-{8E585743-031F-4D08-8BFC-3B6A6EDA45E1}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 136 bytes hidden from API
    D:\Documents and Settings\GAFFOOR\Local Settings\Application Data\Microsoft\Messenger\Shab_1310@hotmail.com\SharingMetadata\moradtalbi@hotmail.fr\DFSR\Staging\CS{514741C0-367A-6F1E-8662-0D1C2275126D}\13\13-{8E585743-031F-4D08-8BFC-3B6A6EDA45E1}-v13-{8E585743-031F-4D08-8BFC-3B6A6EDA45E1}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 136 bytes hidden from API
    D:\Documents and Settings\GAFFOOR\Local Settings\Application Data\Microsoft\Messenger\Shab_1310@hotmail.com\SharingMetadata\shariqbuwa@hotmail.com\DFSR\Staging\CS{4212FA81-D12C-C74B-F405-B58E2C04F77C}\01\10-{4212FA81-D12C-C74B-F405-B58E2C04F77C}-v1-{C07926E2-D0F0-4A0F-BD86-C191592F55D4}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
    D:\Documents and Settings\GAFFOOR\Local Settings\Application Data\Microsoft\Messenger\Shab_1310@hotmail.com\SharingMetadata\tulipiadoro@hotmail.fr\DFSR\Staging\CS{0FC37953-7B72-B616-CBFB-A805A0932A77}\01\33-{0FC37953-7B72-B616-CBFB-A805A0932A77}-v1-{C07926E2-D0F0-4A0F-BD86-C191592F55D4}-v33-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
    D:\Documents and Settings\GAFFOOR\Local Settings\Application Data\Microsoft\Messenger\Shab_1310@hotmail.com\SharingMetadata\tulipiadoro@hotmail.fr\DFSR\Staging\CS{0FC37953-7B72-B616-CBFB-A805A0932A77}\37\37-{530CF38D-2299-4BBB-BF9C-71B1A4F28985}-v37-{530CF38D-2299-4BBB-BF9C-71B1A4F28985}-v37-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 368 bytes hidden from API
    D:\Documents and Settings\GAFFOOR\Local Settings\Application Data\Microsoft\Messenger\shooz_89@hotmail.com\SharingMetadata\erwann7878@hotmail.fr\DFSR\Staging\CS{79C91C1C-B05A-6147-6767-15610164E1D3}\01\11-{79C91C1C-B05A-6147-6767-15610164E1D3}-v1-{4DF7909B-2A94-455B-A05F-0196956BD4A8}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 19

    Remaining Services:
    ------------------

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "D:\\Program Files\\MSN Messenger\\msnmsgr.exe"="D:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "D:\\Program Files\\MSN Messenger\\livecall.exe"="D:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "D:\\Program Files\\Outlook Express\\msimn.exe"="D:\\Program Files\\Outlook Express\\msimn.exe:*:Enabled:Outlook Express"
    "D:\\Program Files\\eMule\\emule.exe"="D:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
    "D:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe"="D:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe:*:Enabled:avast! Antivirus"
    "D:\\Program Files\\iTunes\\iTunes.exe"="D:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "D:\\WINDOWS\\system32\\openglx.exe"="D:\\WINDOWS\\system32\\openglx.exe:*:Enabled:Graphic Update"
    "D:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="D:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Disabled:Veoh Client"
    "D:\\DOCUME~1\\GAFFOOR\\LOCALS~1\\Temp\\msnmsg.exe"="D:\\DOCUME~1\\GAFFOOR\\LOCALS~1\\Temp\\msnmsg.exe:*:Enabled:MSN Plus"
    "D:\\Program Files\\Skype\\Phone\\Skype.exe"="D:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "D:\\Program Files\\MSN Messenger\\msnmsgr.exe"="D:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "D:\\Program Files\\MSN Messenger\\livecall.exe"="D:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    Remaining Files:
    ---------------

    File Backups: - D:\DOCUME~1\GAFFOOR\Bureau\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    Thu 5 Apr 2007 4,348 ..SH. --- "D:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Fri 2 Jun 2006 36,352 ...H. --- "D:\Documents and Settings\GAFFOOR\Mes documents\~WRL0001.tmp"
    Sat 24 Nov 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\7a40be1d5e41517009a903a286bf28bd\BIT32.tmp"
    Wed 28 Nov 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\825602f548d54de494879712d10e8261\BIT1.tmp"
    Sat 24 Nov 2007 0 A..H. --- "D:\WINDOWS\SoftwareDistribution\Download\cc102203f99c8c6ebf1523556f8411b6\BIT2.tmp"

    Finished!
    0
  7. Luminelle
     
    Je te post un nouveau rapport HijackThis...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:02:40, on 10/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    D:\Program Files\Alwil Software\Avast4\ashServ.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    D:\WINDOWS\system32\LVCOMSX.EXE
    D:\WINDOWS\system32\wuauclt.exe
    D:\Program Files\Logitech\Video\LogiTray.exe
    D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    D:\Program Files\QuickTime\qttask.exe
    D:\Program Files\iTunes\iTunesHelper.exe
    D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\Program Files\MSN Messenger\MsnMsgr.Exe
    D:\Program Files\iPod\bin\iPodService.exe
    D:\Program Files\Skype\Phone\Skype.exe
    D:\Program Files\OpenOffice.org 2.2\program\soffice.exe
    D:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
    D:\Program Files\Logitech\Video\FxSvr2.exe
    D:\Program Files\Skype\Plugin Manager\skypePM.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [AudioDeck] D:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
    O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ycjkue] D:\Documents and Settings\GAFFOOR\ycjkue.exe
    O4 - HKLM\..\Run: [mymxou] D:\Documents and Settings\GAFFOOR\mymxou.exe
    O4 - HKLM\..\Run: [sztmah] D:\Documents and Settings\GAFFOOR\sztmah.exe
    O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [eMuleAutoStart] D:\Program Files\eMule\emule.exe -AutoStart
    O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
    O4 - Startup: OpenOffice.org 2.2.lnk = D:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
    O8 - Extra context menu item: Add to AMV Convert Tool... - D:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
    O8 - Extra context menu item: Add to AMV Converter... - D:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: MediaManager tool grab multimedia file - D:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
    O24 - Desktop Component 0: (no name) - http://www.commentcamarche.net/forum/' + OAS_url + 'adstream_nx.ads/' + OAS_sitepage + '/1' + OAS_rns + '@' + OAS_listpos + '!' + pos + OAS_query + '
    0
  8. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    encore un autre à passer :-)

    Télécharge sur le Bureau.
    http://www.atribune.org/ccount/click.php?id=4

    => Double-clic VundoFix.exe.
    => Clic OK
    => Attendre le redemarrage de Vundofix
    => Clic Scan for Vundo
    => Le scan est assez long , à la fin
    => Clic Remove Vundo
    => Puis yes
    => Le Bureau disparaît un moment lors de la suppression des fichiers.
    => Message shutdown
    => clic OK
    => Redémarrage auto
    => copier le rapport qui est dans C:vundofix.txt

    ensuite une fois ceci fait refais un rapport hijack
    @+
    0
  9. Luminelle
     
    re voila le rapport pr Vundo :

    VundoFix V6.7.0

    Checking Java version...

    Java version is 1.5.0.11

    Scan started at 22:43:01 10/12/2007

    Listing files found while scanning....

    No infected files were found.

    Beginning removal...
    0
  10. Luminelle
     
    Rapport HijackThis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:10:14, on 10/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    D:\Program Files\Alwil Software\Avast4\ashServ.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\LVCOMSX.EXE
    D:\Program Files\Logitech\Video\LogiTray.exe
    D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    D:\Program Files\QuickTime\qttask.exe
    D:\Program Files\iTunes\iTunesHelper.exe
    D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\Program Files\MSN Messenger\MsnMsgr.Exe
    D:\Program Files\Skype\Phone\Skype.exe
    D:\Program Files\OpenOffice.org 2.2\program\soffice.exe
    D:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Logitech\Video\FxSvr2.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\Skype\Plugin Manager\skypePM.exe
    D:\Program Files\iPod\bin\iPodService.exe
    D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\WINDOWS\system32\NOTEPAD.EXE
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [AudioDeck] D:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
    O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ycjkue] D:\Documents and Settings\GAFFOOR\ycjkue.exe
    O4 - HKLM\..\Run: [mymxou] D:\Documents and Settings\GAFFOOR\mymxou.exe
    O4 - HKLM\..\Run: [sztmah] D:\Documents and Settings\GAFFOOR\sztmah.exe
    O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [eMuleAutoStart] D:\Program Files\eMule\emule.exe -AutoStart
    O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
    O4 - Startup: OpenOffice.org 2.2.lnk = D:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
    O8 - Extra context menu item: Add to AMV Convert Tool... - D:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
    O8 - Extra context menu item: Add to AMV Converter... - D:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: MediaManager tool grab multimedia file - D:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
    O24 - Desktop Component 0: (no name) - http://www.commentcamarche.net/forum/' + OAS_url + 'adstream_nx.ads/' + OAS_sitepage + '/1' + OAS_rns + '@' + OAS_listpos + '!' + pos + OAS_query + '
    0
  11. Luminelle
     
    Quand je fé clik droit => explorer => disque local (C:\)

    J'ai deux icones qui ressemble a des caméras Kamelancien.amv et Sarko encule.amv

    J'attends ton rapport d'expertise Chef ! :)
    0
  12. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    bizarre ton truc

    Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur combofix,
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
    0
  13. Luminelle
     
    voici le rapport ( petite Q° qu'est ce que je fais des icones placés sur le disque (C:\) je peux les supprimés ?? psk un fichier avec sarkoencule ca na rien de tres encourageant )

    ComboFix 07-12-09.1 - GAFFOOR 2007-12-10 23:42:01.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.49 [GMT 1:00]
    Running from: D:\Documents and Settings\GAFFOOR\Bureau\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2007-11-10 to 2007-12-10 ))))))))))))))))))))))))))))))))))))
    .

    2007-12-10 22:43 . 2007-12-10 22:43 <REP> d-------- D:\VundoFix Backups
    2007-12-10 21:48 . 2007-12-10 21:49 <REP> d-------- D:\WINDOWS\ERUNT
    2007-12-10 20:22 . 2007-12-10 20:22 <REP> d-------- D:\WINDOWS\system32\ActiveScan
    2007-12-10 20:22 . 2007-12-10 20:25 30,590 --a------ D:\WINDOWS\system32\pavas.ico
    2007-12-10 20:22 . 2007-12-10 20:25 2,550 --a------ D:\WINDOWS\system32\Uninstall.ico
    2007-12-10 20:22 . 2007-12-10 20:25 1,406 --a------ D:\WINDOWS\system32\Help.ico
    2007-12-10 20:13 . 2007-09-05 23:22 289,144 --a------ D:\WINDOWS\system32\VCCLSID.exe
    2007-12-10 20:13 . 2006-04-27 16:49 288,417 --a------ D:\WINDOWS\system32\SrchSTS.exe
    2007-12-10 20:13 . 2003-06-05 20:13 53,248 --a------ D:\WINDOWS\system32\Process.exe
    2007-12-10 20:13 . 2004-07-31 17:50 51,200 --a------ D:\WINDOWS\system32\dumphive.exe
    2007-12-10 20:13 . 2007-10-03 23:36 25,600 --a------ D:\WINDOWS\system32\WS2Fix.exe
    2007-12-10 20:13 . 2007-12-10 20:13 2,970 --a------ D:\WINDOWS\system32\tmp.reg
    2007-12-10 15:52 . 2007-12-10 15:52 <REP> d-------- D:\WINDOWS\system32\Kaspersky Lab
    2007-12-10 13:07 . 2007-12-10 13:14 <REP> d-------- D:\Program Files\Panda Security
    2007-12-10 09:21 . 2007-12-10 11:58 <REP> d-------- D:\WINDOWS\BDOSCAN8
    2007-12-09 20:54 . 2007-12-09 20:55 1,222,635 --a------ D:\SDFix.exe
    2007-12-09 19:22 . 2007-12-09 19:22 268 --ah----- D:\sqmdata08.sqm
    2007-12-09 19:22 . 2007-12-09 19:22 244 --ah----- D:\sqmnoopt08.sqm
    2007-12-09 18:12 . 2007-12-09 18:12 268 --ah----- D:\sqmdata07.sqm
    2007-12-09 18:12 . 2007-12-09 18:12 244 --ah----- D:\sqmnoopt07.sqm
    2007-12-09 10:17 . 2007-12-09 10:17 <REP> d-------- D:\Program Files\Trend Micro
    2007-12-06 20:18 . 2007-12-06 20:18 <REP> d-------- D:\Program Files\MP3 Player Utilities 4.00
    2007-12-03 18:43 . 2007-12-03 18:43 <REP> d-------- D:\Program Files\MyMPxPlayer.org
    2007-12-02 16:11 . 2007-12-02 16:11 <REP> d-------- D:\Program Files\MP3 Player Utilities 4.15
    2007-12-02 13:58 . 2007-12-02 14:02 <REP> d-------- D:\Program Files\WinAVI MP4 Converter
    2007-12-01 21:07 . 2007-12-01 21:07 <REP> d-------- D:\Program Files\MP3 Player Utilities
    2007-11-24 14:47 . 2007-11-24 14:47 <REP> d-------- D:\Program Files\MSXML 4.0
    2007-11-24 14:47 . 2004-08-19 16:09 221,184 --a------ D:\WINDOWS\system32\wmpns.dll
    2007-11-24 14:47 . 2005-06-28 10:21 22,752 --a------ D:\WINDOWS\system32\spupdsvc.exe
    2007-11-24 14:46 . 2007-11-24 14:51 <REP> d--h----- D:\WINDOWS\$hf_mig$
    2007-11-24 14:45 . 2007-11-24 14:45 268 --ah----- D:\sqmdata06.sqm
    2007-11-24 14:45 . 2007-11-24 14:45 244 --ah----- D:\sqmnoopt06.sqm
    2007-11-24 14:04 . 2007-10-25 17:56 8,510,976 -----c--- D:\WINDOWS\system32\dllcache\shell32.dll
    2007-11-24 14:04 . 2006-08-14 11:34 332,928 -----c--- D:\WINDOWS\system32\dllcache\srv.sys
    2007-11-24 14:03 . 2007-02-28 17:02 2,182,400 -----c--- D:\WINDOWS\system32\dllcache\ntoskrnl.exe
    2007-11-24 14:03 . 2007-02-28 17:02 2,138,112 -----c--- D:\WINDOWS\system32\dllcache\ntkrnlmp.exe
    2007-11-24 14:03 . 2007-02-28 17:02 2,059,648 -----c--- D:\WINDOWS\system32\dllcache\ntkrnlpa.exe
    2007-11-24 14:03 . 2007-02-28 17:02 2,017,792 -----c--- D:\WINDOWS\system32\dllcache\ntkrpamp.exe
    2007-11-24 14:02 . 2006-10-13 13:36 65,536 -----c--- D:\WINDOWS\system32\dllcache\nwwks.dll
    2007-11-24 13:59 . 2007-08-22 14:13 1,495,040 -----c--- D:\WINDOWS\system32\dllcache\shdocvw.dll
    2007-11-24 13:59 . 2006-08-17 13:29 728,576 -----c--- D:\WINDOWS\system32\dllcache\lsasrv.dll
    2007-11-24 13:59 . 2006-08-17 13:29 332,288 -----c--- D:\WINDOWS\system32\dllcache\netapi32.dll
    2007-11-24 13:57 . 2007-03-08 16:33 1,843,712 -----c--- D:\WINDOWS\system32\dllcache\win32k.sys
    2007-11-24 13:57 . 2007-05-16 16:13 1,314,816 -----c--- D:\WINDOWS\system32\dllcache\msoe.dll
    2007-11-24 13:57 . 2007-03-08 16:37 578,560 -----c--- D:\WINDOWS\system32\dllcache\user32.dll
    2007-11-24 13:57 . 2007-05-16 16:13 510,976 -----c--- D:\WINDOWS\system32\dllcache\wab32.dll
    2007-11-24 13:57 . 2007-06-19 14:32 282,112 -----c--- D:\WINDOWS\system32\dllcache\gdi32.dll
    2007-11-24 13:57 . 2007-05-16 16:13 85,504 -----c--- D:\WINDOWS\system32\dllcache\wabimp.dll
    2007-11-24 13:56 . 2006-06-01 19:48 163,840 -----c--- D:\WINDOWS\system32\dllcache\jgdw400.dll
    2007-11-24 13:56 . 2006-07-21 09:27 72,704 -----c--- D:\WINDOWS\system32\dllcache\hlink.dll
    2007-11-24 13:56 . 2006-06-01 19:48 27,648 -----c--- D:\WINDOWS\system32\dllcache\jgpl400.dll
    2007-11-24 13:55 . 2006-04-20 12:51 359,808 -----c--- D:\WINDOWS\system32\dllcache\tcpip.sys
    2007-11-24 13:53 . 2007-08-21 07:17 683,520 -----c--- D:\WINDOWS\system32\dllcache\inetcomm.dll
    2007-11-24 13:52 . 2007-03-09 14:48 57,344 --a--c--- D:\WINDOWS\system32\dllcache\agentdpv.dll
    2007-11-24 13:49 . 2006-05-05 10:41 453,120 -----c--- D:\WINDOWS\system32\dllcache\mrxsmb.sys
    2007-11-24 13:49 . 2006-05-05 10:47 174,592 -----c--- D:\WINDOWS\system32\dllcache\rdbss.sys
    2007-11-24 13:48 . 2007-07-09 14:11 584,192 -----c--- D:\WINDOWS\system32\dllcache\rpcrt4.dll
    2007-11-24 13:42 . 2006-12-07 06:29 2,374,472 -----c--- D:\WINDOWS\system32\dllcache\wmvcore.dll
    2007-11-24 13:40 . 2007-01-23 20:31 546,304 -----c--- D:\WINDOWS\system32\dllcache\hhctrl.ocx
    2007-11-24 13:27 . 2007-07-30 19:19 38,232 --a------ D:\WINDOWS\system32\wucltui.dll.mui
    2007-11-24 13:27 . 2007-07-30 19:20 30,040 --a------ D:\WINDOWS\system32\wuaucpl.cpl.mui
    2007-11-24 13:27 . 2007-07-30 19:19 30,040 --a------ D:\WINDOWS\system32\wuapi.dll.mui
    2007-11-24 13:27 . 2007-07-30 19:18 21,336 --a------ D:\WINDOWS\system32\wuaueng.dll.mui
    2007-11-24 10:51 . 2007-09-06 12:09 801,144 --a------ D:\WINDOWS\system32\aswBoot.exe
    2007-11-24 10:51 . 2004-01-09 11:13 380,928 --a------ D:\WINDOWS\system32\actskin4.ocx
    2007-11-24 10:51 . 2007-09-06 12:00 95,608 --a------ D:\WINDOWS\system32\AvastSS.scr
    2007-11-24 10:51 . 2007-09-06 12:05 94,416 --a------ D:\WINDOWS\system32\drivers\aswmon2.sys
    2007-11-24 10:51 . 2007-09-06 12:05 92,848 --a------ D:\WINDOWS\system32\drivers\aswmon.sys
    2007-11-24 10:51 . 2007-09-06 12:02 42,912 --a------ D:\WINDOWS\system32\drivers\aswTdi.sys
    2007-11-24 10:51 . 2007-09-06 12:00 26,624 --a------ D:\WINDOWS\system32\drivers\aavmker4.sys
    2007-11-24 10:51 . 2007-09-06 12:03 23,152 --a------ D:\WINDOWS\system32\drivers\aswRdr.sys
    2007-11-24 10:51 . 2007-11-24 10:51 268 --ah----- D:\sqmdata05.sqm
    2007-11-24 10:51 . 2007-11-24 10:51 244 --ah----- D:\sqmnoopt05.sqm
    2007-11-16 16:56 . 2007-11-16 16:57 <REP> d-------- D:\Program Files\PhotoFiltre Studio
    2007-11-16 16:56 . 2007-11-16 16:56 45 ---h----- D:\WINDOWS\dsez3403.dat

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-10 22:06 --------- d-----w D:\Documents and Settings\GAFFOOR\Application Data\Skype
    2007-12-10 22:06 --------- d-----w D:\Documents and Settings\GAFFOOR\Application Data\OpenOffice.org2
    2007-11-19 15:10 --------- d-----w D:\Program Files\eMule
    2007-11-03 11:44 --------- d-----w D:\Program Files\Fichiers communs\Adobe
    2007-11-02 18:05 --------- d--h--w D:\Program Files\InstallShield Installation Information
    2007-11-02 17:59 --------- d-----w D:\Documents and Settings\GAFFOOR\Application Data\Yahoo!
    2007-11-02 17:59 --------- d-----w D:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2007-11-02 17:57 --------- d-----w D:\Program Files\Yahoo!
    2007-10-25 19:53 --------- d-----w D:\Program Files\Lemennicier
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="D:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-03-31 17:02]
    "LogitechSoftwareUpdate"="D:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 13:44]
    "Skype"="D:\Program Files\Skype\Phone\Skype.exe" [2007-03-23 12:52]
    "eMuleAutoStart"="D:\Program Files\eMule\emule.exe" []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AudioDeck"="D:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2005-01-05 14:24]
    "LVCOMSX"="D:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32]
    "LogitechVideoRepair"="D:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 14:24]
    "LogitechVideoTray"="D:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 14:14]
    "SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43]
    "TkBellExe"="D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-04-17 12:44]
    "QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54]
    "iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 18:05]
    "Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
    "ycjkue"="D:\Documents and Settings\GAFFOOR\ycjkue.exe" []
    "mymxou"="D:\Documents and Settings\GAFFOOR\mymxou.exe" []
    "sztmah"="D:\Documents and Settings\GAFFOOR\sztmah.exe" []
    "avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "Config"="D:\WINDOWS\system32\run.cmd" [2006-02-14 10:24]
    "nlsf"="cmd.exe" [2004-08-19 16:09 D:\WINDOWS\system32\cmd.exe]
    "tscuninstall"="D:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 15:52]

    D:\Documents and Settings\GAFFOOR\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 2.2.lnk - D:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 15:54:56]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "MemCheckBoxInRunDlg"= 1 (0x1)
    "NoSMBalloonTip"= 1 (0x1)
    "NoDesktopCleanupWizard"= 1 (0x1)
    "NoWelcomeScreen"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "MemCheckBoxInRunDlg"= 1 (0x1)
    "NoSMBalloonTip"= 1 (0x1)
    "NoDesktopCleanupWizard"= 1 (0x1)
    "NoWelcomeScreen"= 1 (0x1)

    *Newly Created Service* - PROCEXP90
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-10-16 20:34:01 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - D:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: D:\WINDOWS\explorer.exe [6.00.2900.3156]
    -> D:\DOCUME~1\GAFFOOR\LOCALS~1\Temp\nlbxerrgD285CDE.dll
    .
    **************************************************************************

    catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-10 23:43:39
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-12-10 23:44:41
    .
    --- E O F ---
    0
  14. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    est- ce que ceci te dit quelque choses
    D:\Documents and Settings\GAFFOOR\sztmah.exe
    D:\Documents and Settings\GAFFOOR\mymxou.exe
    D:\Documents and Settings\GAFFOOR\ycjkue.exe

    si non
    fait les analyser ici
    https://www.virustotal.com/gui/
    0
  15. Luminelle
     
    non ca me dis rien ... j'ai essayer de faire une analyse avast, je te remet un rapport hijackThis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:13:30, on 11/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    D:\Program Files\Alwil Software\Avast4\ashServ.exe
    D:\WINDOWS\system32\LVCOMSX.EXE
    D:\Program Files\Logitech\Video\LogiTray.exe
    D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    D:\Program Files\QuickTime\qttask.exe
    D:\Program Files\iTunes\iTunesHelper.exe
    D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\Program Files\MSN Messenger\MsnMsgr.Exe
    D:\Program Files\Skype\Phone\Skype.exe
    D:\Program Files\OpenOffice.org 2.2\program\soffice.exe
    D:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Logitech\Video\FxSvr2.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\Skype\Plugin Manager\skypePM.exe
    D:\Program Files\iPod\bin\iPodService.exe
    D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\WINDOWS\explorer.exe
    D:\WINDOWS\explorer.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\internet explorer\iexplore.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [AudioDeck] D:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
    O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [eMuleAutoStart] D:\Program Files\eMule\emule.exe -AutoStart
    O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
    O4 - Startup: OpenOffice.org 2.2.lnk = D:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
    O8 - Extra context menu item: Add to AMV Convert Tool... - D:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
    O8 - Extra context menu item: Add to AMV Converter... - D:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: MediaManager tool grab multimedia file - D:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
    O24 - Desktop Component 0: (no name) - http://www.commentcamarche.net/forum/' + OAS_url + 'adstream_nx.ads/' + OAS_sitepage + '/1' + OAS_rns + '@' + OAS_listpos + '!' + pos + OAS_query + '
    0
  16. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir
    selectionne ceci

    registry::

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "mymxou"=-
    "sztmah"=-
    "ycjkue"=-


    * Copie le texte sélectionné (CTRL+C).
    * Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
    * Colle le texte copié dans ce bloc-notes (CTRL+V).
    * Sauvegarde ce fichier sous le nom de CFScript.txt
    * Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
    * Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
    + un nouveau hijack
    @+
    0
Précédent
  • 1
  • 2