Virus pub intempestives
marlie78
Messages postés
18
Statut
Membre
-
ep44 Messages postés 7432 Statut Contributeur -
ep44 Messages postés 7432 Statut Contributeur -
Bonjour,
Je n'arrive pas à me débarrasser de ces publicités intempestives. suite à différents conseils glanés sur le forum, j'ai effectué ccleaner, puis avg anti spyware, fait un scan bitdefender en ligne et un rapport highjakthis. Mais je ne sais pas aller plus loin. Est-ce que quelqu'un peut m'aider ? Merci d'avance.
Je joins les 3 rapports :
1.AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 22:32:20 26/12/2007
+ Résultat de l'analyse:
C:\System Volume Information\_restore{C397EDB1-F5CA-474F-AFEB-654F70B073B4}\RP473\A0163442.dll -> Not-A-Virus.Adware.BHO : Nettoyé.
C:\System Volume Information\_restore{C397EDB1-F5CA-474F-AFEB-654F70B073B4}\RP446\A0148133.dll -> Not-A-Virus.Adware.TrafficSol : Nettoyé.
Fin du rapport
2. BitDefender Online Scanner
Scan report generated at: Thu, Dec 27, 2007 - 00:01:03
Scan path: C:\;D:\;E:\;F:\;
Statistics
Time
01:24:13
Files
181829
Folders
4973
Boot Sectors
4
Archives
8543
Packed Files
10025
Results
Identified Viruses
3
Infected Files
3
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
3
Engines Info
Virus Definitions
884349
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins
14
Archive plugins
38
Unpack plugins
7
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Program Files\WildArcade\BlasterBlocks\blasterblocks_eu.exe=>(NSIS o)=>zlib_nsis0001
Infected with: Trojan.Statblasterad.D
C:\Program Files\WildArcade\BlasterBlocks\blasterblocks_eu.exe=>(NSIS o)=>zlib_nsis0001
Disinfection failed
C:\Program Files\WildArcade\BlasterBlocks\blasterblocks_eu.exe=>(NSIS o)=>zlib_nsis0001
Deleted
C:\Program Files\WildArcade\BlasterBlocks\blasterblocks_eu.exe=>(NSIS o)
Update failed
C:\Program Files\WildArcade\BlasterBlocks\blasterblocks_eu.exe=>(NSIS o)=>zlib_nsis0002
Infected with: Dropped:Adware.Statblaster.T
C:\Program Files\WildArcade\BlasterBlocks\blasterblocks_eu.exe=>(NSIS o)=>zlib_nsis0002
Disinfection failed
C:\Program Files\WildArcade\BlasterBlocks\blasterblocks_eu.exe=>(NSIS o)=>zlib_nsis0002
Deleted
C:\Program Files\WildArcade\BlasterBlocks\blasterblocks_eu.exe=>(NSIS o)
Update failed
C:\System Volume Information\_restore{C397EDB1-F5CA-474F-AFEB-654F70B073B4}\RP450\A0151307.exe=>(NSIS o)=>lzma_nsis0005=>(NSIS o)=>lzma_solid_nsis0007
Detected with: Adware.Fotomoto.I
C:\System Volume Information\_restore{C397EDB1-F5CA-474F-AFEB-654F70B073B4}\RP450\A0151307.exe=>(NSIS o)=>lzma_nsis0005=>(NSIS o)=>lzma_solid_nsis0007
Disinfection failed
C:\System Volume Information\_restore{C397EDB1-F5CA-474F-AFEB-654F70B073B4}\RP450\A0151307.exe=>(NSIS o)=>lzma_nsis0005=>(NSIS o)=>lzma_solid_nsis0007
Deleted
C:\System Volume Information\_restore{C397EDB1-F5CA-474F-AFEB-654F70B073B4}\RP450\A0151307.exe=>(NSIS o)=>lzma_nsis0005=>(NSIS o)
Update failed
C:\WINDOWS\$NtUninstallKB925398_WMP64$\dxmasf.dll
Clean
C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\
Clean
C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe
Clean
C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.inf
Clean
C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.txt
Clean
C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\updspapi.dll
Clean
C:\WINDOWS\$NtUninstallKB925398_WMP64$\strmdll.dll
Clean
C:\WINDOWS\$NtUninstallKB925486$\
Clean
C:\WINDOWS\$NtUninstallKB925486$\spuninst\
Clean
C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe
Clean
C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.inf
Clean
C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.txt
Clean
C:\WINDOWS\$NtUninstallKB925486$\spuninst\updspapi.dll
Clean
C:\WINDOWS\$NtUninstallKB925486$\vgx.dll
Clean
C:\WINDOWS\$NtUninstallKB925902$\
Clean
C:\WINDOWS\$NtUninstallKB925902$\gdi32.dll
Clean
C:\WINDOWS\$NtUninstallKB925902$\mf3216.dll
Clean
C:\WINDOWS\$NtUninstallKB925902$\spuninst\
Clean
C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe
Clean
C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.inf
Clean
C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.txt
Clean
C:\WINDOWS\$NtUninstallKB925902$\spuninst\updspapi.dll
Clean
C:\WINDOWS\$NtUninstallKB925902$\user32.dll
Clean
C:\WINDOWS\$NtUninstallKB925902$\win32k.sys
Clean
C:\WINDOWS\$NtUninstallKB926255$\
Clean
C:\WINDOWS\$NtUninstallKB926255$\spuninst\
Clean
C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe
Clean
C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.inf
Clean
C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.txt
Clean
3.Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:25:30, on 27/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ECB.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\l?ass.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\CROSOF~1\nopdb.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Realtek\Rtl8180\RtlWake.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1A0C6FA0-8E4C-D6B1-4A41-A62FF2E5AC96} - (no file)
O2 - BHO: (no name) - {23797386-8754-B0F3-4C86-B520C2B9DDAC} - (no file)
O2 - BHO: (no name) - {2A215FA7-A37F-9281-6771-9F02C0D181AE} - (no file)
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: (no name) - {448B2C63-8FE3-EC4B-FA2D-EA35639BE0F8} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {959B6A53-D2B7-A911-BB5A-F98A37F02BC2} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {B0DEAF38-1285-6A2A-DA5C-39E671870891} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NAV Scan Service] NAVscan32.exe
O4 - HKLM\..\Run: [03nS3sj] navax13s.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [eCarteBleue-LP-P1] "C:\Program Files\ECB.exe" /dontopenmycards
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [NAV Scan Service] NAVscan32.exe
O4 - HKLM\..\RunServices: [mswkork Service] msework.exe
O4 - HKCU\..\Run: [NAV Scan Service] NAVscan32.exe
O4 - HKCU\..\Run: [mswkork Service] msework.exe
O4 - HKCU\..\Run: [Xtxevzci] C:\WINDOWS\system32\l?ass.exe
O4 - HKCU\..\Run: [H042RiH4U] mycrddlg.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Eeos] "C:\PROGRA~1\CROSOF~1\nopdb.exe" -vt ndrv
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [mswkork Service] msework.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: RtlWake.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-windows-i586-jc.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.wisup.net/album-photo/wistiti/Upload/ImageUploader35.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://tiragesphoto.fnac.com/
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
Je n'arrive pas à me débarrasser de ces publicités intempestives. suite à différents conseils glanés sur le forum, j'ai effectué ccleaner, puis avg anti spyware, fait un scan bitdefender en ligne et un rapport highjakthis. Mais je ne sais pas aller plus loin. Est-ce que quelqu'un peut m'aider ? Merci d'avance.
Je joins les 3 rapports :
1.AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 22:32:20 26/12/2007
+ Résultat de l'analyse:
C:\System Volume Information\_restore{C397EDB1-F5CA-474F-AFEB-654F70B073B4}\RP473\A0163442.dll -> Not-A-Virus.Adware.BHO : Nettoyé.
C:\System Volume Information\_restore{C397EDB1-F5CA-474F-AFEB-654F70B073B4}\RP446\A0148133.dll -> Not-A-Virus.Adware.TrafficSol : Nettoyé.
Fin du rapport
2. BitDefender Online Scanner
Scan report generated at: Thu, Dec 27, 2007 - 00:01:03
Scan path: C:\;D:\;E:\;F:\;
Statistics
Time
01:24:13
Files
181829
Folders
4973
Boot Sectors
4
Archives
8543
Packed Files
10025
Results
Identified Viruses
3
Infected Files
3
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
3
Engines Info
Virus Definitions
884349
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins
14
Archive plugins
38
Unpack plugins
7
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Program Files\WildArcade\BlasterBlocks\blasterblocks_eu.exe=>(NSIS o)=>zlib_nsis0001
Infected with: Trojan.Statblasterad.D
C:\Program Files\WildArcade\BlasterBlocks\blasterblocks_eu.exe=>(NSIS o)=>zlib_nsis0001
Disinfection failed
C:\Program Files\WildArcade\BlasterBlocks\blasterblocks_eu.exe=>(NSIS o)=>zlib_nsis0001
Deleted
C:\Program Files\WildArcade\BlasterBlocks\blasterblocks_eu.exe=>(NSIS o)
Update failed
C:\Program Files\WildArcade\BlasterBlocks\blasterblocks_eu.exe=>(NSIS o)=>zlib_nsis0002
Infected with: Dropped:Adware.Statblaster.T
C:\Program Files\WildArcade\BlasterBlocks\blasterblocks_eu.exe=>(NSIS o)=>zlib_nsis0002
Disinfection failed
C:\Program Files\WildArcade\BlasterBlocks\blasterblocks_eu.exe=>(NSIS o)=>zlib_nsis0002
Deleted
C:\Program Files\WildArcade\BlasterBlocks\blasterblocks_eu.exe=>(NSIS o)
Update failed
C:\System Volume Information\_restore{C397EDB1-F5CA-474F-AFEB-654F70B073B4}\RP450\A0151307.exe=>(NSIS o)=>lzma_nsis0005=>(NSIS o)=>lzma_solid_nsis0007
Detected with: Adware.Fotomoto.I
C:\System Volume Information\_restore{C397EDB1-F5CA-474F-AFEB-654F70B073B4}\RP450\A0151307.exe=>(NSIS o)=>lzma_nsis0005=>(NSIS o)=>lzma_solid_nsis0007
Disinfection failed
C:\System Volume Information\_restore{C397EDB1-F5CA-474F-AFEB-654F70B073B4}\RP450\A0151307.exe=>(NSIS o)=>lzma_nsis0005=>(NSIS o)=>lzma_solid_nsis0007
Deleted
C:\System Volume Information\_restore{C397EDB1-F5CA-474F-AFEB-654F70B073B4}\RP450\A0151307.exe=>(NSIS o)=>lzma_nsis0005=>(NSIS o)
Update failed
C:\WINDOWS\$NtUninstallKB925398_WMP64$\dxmasf.dll
Clean
C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\
Clean
C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe
Clean
C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.inf
Clean
C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.txt
Clean
C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\updspapi.dll
Clean
C:\WINDOWS\$NtUninstallKB925398_WMP64$\strmdll.dll
Clean
C:\WINDOWS\$NtUninstallKB925486$\
Clean
C:\WINDOWS\$NtUninstallKB925486$\spuninst\
Clean
C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe
Clean
C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.inf
Clean
C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.txt
Clean
C:\WINDOWS\$NtUninstallKB925486$\spuninst\updspapi.dll
Clean
C:\WINDOWS\$NtUninstallKB925486$\vgx.dll
Clean
C:\WINDOWS\$NtUninstallKB925902$\
Clean
C:\WINDOWS\$NtUninstallKB925902$\gdi32.dll
Clean
C:\WINDOWS\$NtUninstallKB925902$\mf3216.dll
Clean
C:\WINDOWS\$NtUninstallKB925902$\spuninst\
Clean
C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe
Clean
C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.inf
Clean
C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.txt
Clean
C:\WINDOWS\$NtUninstallKB925902$\spuninst\updspapi.dll
Clean
C:\WINDOWS\$NtUninstallKB925902$\user32.dll
Clean
C:\WINDOWS\$NtUninstallKB925902$\win32k.sys
Clean
C:\WINDOWS\$NtUninstallKB926255$\
Clean
C:\WINDOWS\$NtUninstallKB926255$\spuninst\
Clean
C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe
Clean
C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.inf
Clean
C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.txt
Clean
3.Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:25:30, on 27/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ECB.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\l?ass.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\CROSOF~1\nopdb.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Realtek\Rtl8180\RtlWake.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1A0C6FA0-8E4C-D6B1-4A41-A62FF2E5AC96} - (no file)
O2 - BHO: (no name) - {23797386-8754-B0F3-4C86-B520C2B9DDAC} - (no file)
O2 - BHO: (no name) - {2A215FA7-A37F-9281-6771-9F02C0D181AE} - (no file)
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: (no name) - {448B2C63-8FE3-EC4B-FA2D-EA35639BE0F8} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {959B6A53-D2B7-A911-BB5A-F98A37F02BC2} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {B0DEAF38-1285-6A2A-DA5C-39E671870891} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NAV Scan Service] NAVscan32.exe
O4 - HKLM\..\Run: [03nS3sj] navax13s.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [eCarteBleue-LP-P1] "C:\Program Files\ECB.exe" /dontopenmycards
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [NAV Scan Service] NAVscan32.exe
O4 - HKLM\..\RunServices: [mswkork Service] msework.exe
O4 - HKCU\..\Run: [NAV Scan Service] NAVscan32.exe
O4 - HKCU\..\Run: [mswkork Service] msework.exe
O4 - HKCU\..\Run: [Xtxevzci] C:\WINDOWS\system32\l?ass.exe
O4 - HKCU\..\Run: [H042RiH4U] mycrddlg.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Eeos] "C:\PROGRA~1\CROSOF~1\nopdb.exe" -vt ndrv
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [mswkork Service] msework.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: RtlWake.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-windows-i586-jc.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.wisup.net/album-photo/wistiti/Upload/ImageUploader35.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://tiragesphoto.fnac.com/
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
A voir également:
- Virus pub intempestives
- Supprimer pub youtube - Accueil - Streaming
- Virus mcafee - Accueil - Piratage
- Stop pub gratuit - Télécharger - Divers Utilitaires
- Supprimer la pub - Guide
- Softonic virus ✓ - Forum Virus
57 réponses
Bonsoir à toi
on progresse :-)
je ne sais pas trop pourquoi mais il est difficile de le supprimer
tu vas refaire la manip avec combofix mais cette fois-ci tu copie que ceci
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"NAV Scan Service"=-
et poste le rapport
@+
on progresse :-)
je ne sais pas trop pourquoi mais il est difficile de le supprimer
tu vas refaire la manip avec combofix mais cette fois-ci tu copie que ceci
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"NAV Scan Service"=-
et poste le rapport
@+
OK mais je n'ai apparemment plus de fenêtres pub qui s'ouvrent.
voilà le rapport :
ComboFix 08-01-03.3 - Moi 2008-01-05 22:12:35.6 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.282 [GMT 1:00]
Running from: C:\Documents and Settings\Moi\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Moi\Bureau\CFscript.txt
* Created a new restore point
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-05 to 2008-01-05 ))))))))))))))))))))))))))))))))))))
.
2008-01-02 22:36 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-31 13:53 . 2007-12-31 18:03 369,928 --a------ C:\WINDOWS\system32\perfh040.dat
2007-12-31 13:53 . 2007-12-31 18:03 49,992 --a------ C:\WINDOWS\system32\perfc040.dat
2007-12-29 19:27 . 2008-01-05 22:17 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-12-28 22:07 . 2007-12-29 22:35 9,259,531 --a------ C:\upload_moi_MARTINE.tar.gz
2007-12-28 21:48 . 2007-12-28 21:58 <REP> d-------- C:\Program Files\Navilog1
2007-12-17 22:06 . 2007-12-17 22:06 <REP> d-------- C:\Documents and Settings\Moi\Application Data\Grisoft
2007-12-17 22:05 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-01 21:06 --------- d-----w C:\Program Files\Fichiers communs\Nikon
2008-01-01 21:05 --------- d-----w C:\Program Files\Google
2007-12-28 21:46 12,620 ----a-w C:\Documents and Settings\Moi\Application Data\wklnhst.dat
2007-12-03 17:36 87,952 ------w C:\WINDOWS\system32\drivers\bdfndisf.sys
2007-11-25 09:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-23 20:51 --------- d-----w C:\Program Files\Trend Micro
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 18:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-08 20:51 --------- d-----w C:\Program Files\Common Files
2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-01-02 09:44 60,800 ----a-w C:\Documents and Settings\Moi\Application Data\GDIPFONTCACHEV1.DAT
2006-06-01 17:17 1,683,871 ----a-w C:\Program Files\photofiltre_photofiltre_6.2.5_francais_10731.exe
2005-12-13 14:37 200,704 ----a-w C:\Program Files\ECB.exe
2005-12-13 14:37 117 ----a-w C:\Program Files\Config.ini
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{381FFDE8-2394-4F90-B10D-FC6124A40F8C}
[HKEY_CLASSES_ROOT\clsid\{381ffde8-2394-4f90-b10d-fc6124a40f8c}]
[HKEY_CLASSES_ROOT\BitDefender Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-11-10 16:06 406016]
"EPSON Stylus CX3200"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-07-01 04:05 74752]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2007-12-03 18:36 319488]
"OEM-Reset"="" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NAV Scan Service"="NAVscan32.exe" []
"mswkork Service"="msework.exe" []
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^eFax DllCmd 4.0.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\eFax DllCmd 4.0.lnk
backup=C:\WINDOWS\pss\eFax DllCmd 4.0.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^eFax Tray Menu 4.0.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\eFax Tray Menu 4.0.lnk
backup=C:\WINDOWS\pss\eFax Tray Menu 4.0.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^FotoStation Easy AutoLaunch.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\FotoStation Easy AutoLaunch.lnk
backup=C:\WINDOWS\pss\FotoStation Easy AutoLaunch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WD Backup Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WD Backup Monitor.lnk
backup=C:\WINDOWS\pss\WD Backup Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Moi^Menu Démarrer^Programmes^Démarrage^wkcalrem.LNK]
path=C:\Documents and Settings\Moi\Menu Démarrer\Programmes\Démarrage\wkcalrem.LNK
backup=C:\WINDOWS\pss\wkcalrem.LNKStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-03 22:10 68856 --a------ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41878ed0-6611-11dc-8c8b-000272b00026}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-05 21:22:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 22:20:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
Completion time: 2008-01-05 22:24:31 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-05 21:24:06
ComboFix2.txt 2008-01-04 20:45:07
ComboFix3.txt 2008-01-03 22:10:09
ComboFix4.txt 2007-12-30 18:44:10
ComboFix5.txt 2007-12-27 21:38:21
.
2007-12-11 21:05:19 --- E O F ---
voilà le rapport :
ComboFix 08-01-03.3 - Moi 2008-01-05 22:12:35.6 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.282 [GMT 1:00]
Running from: C:\Documents and Settings\Moi\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Moi\Bureau\CFscript.txt
* Created a new restore point
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-05 to 2008-01-05 ))))))))))))))))))))))))))))))))))))
.
2008-01-02 22:36 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-31 13:53 . 2007-12-31 18:03 369,928 --a------ C:\WINDOWS\system32\perfh040.dat
2007-12-31 13:53 . 2007-12-31 18:03 49,992 --a------ C:\WINDOWS\system32\perfc040.dat
2007-12-29 19:27 . 2008-01-05 22:17 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-12-28 22:07 . 2007-12-29 22:35 9,259,531 --a------ C:\upload_moi_MARTINE.tar.gz
2007-12-28 21:48 . 2007-12-28 21:58 <REP> d-------- C:\Program Files\Navilog1
2007-12-17 22:06 . 2007-12-17 22:06 <REP> d-------- C:\Documents and Settings\Moi\Application Data\Grisoft
2007-12-17 22:05 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-01 21:06 --------- d-----w C:\Program Files\Fichiers communs\Nikon
2008-01-01 21:05 --------- d-----w C:\Program Files\Google
2007-12-28 21:46 12,620 ----a-w C:\Documents and Settings\Moi\Application Data\wklnhst.dat
2007-12-03 17:36 87,952 ------w C:\WINDOWS\system32\drivers\bdfndisf.sys
2007-11-25 09:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-23 20:51 --------- d-----w C:\Program Files\Trend Micro
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 18:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-08 20:51 --------- d-----w C:\Program Files\Common Files
2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-01-02 09:44 60,800 ----a-w C:\Documents and Settings\Moi\Application Data\GDIPFONTCACHEV1.DAT
2006-06-01 17:17 1,683,871 ----a-w C:\Program Files\photofiltre_photofiltre_6.2.5_francais_10731.exe
2005-12-13 14:37 200,704 ----a-w C:\Program Files\ECB.exe
2005-12-13 14:37 117 ----a-w C:\Program Files\Config.ini
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{381FFDE8-2394-4F90-B10D-FC6124A40F8C}
[HKEY_CLASSES_ROOT\clsid\{381ffde8-2394-4f90-b10d-fc6124a40f8c}]
[HKEY_CLASSES_ROOT\BitDefender Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-11-10 16:06 406016]
"EPSON Stylus CX3200"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-07-01 04:05 74752]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2007-12-03 18:36 319488]
"OEM-Reset"="" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NAV Scan Service"="NAVscan32.exe" []
"mswkork Service"="msework.exe" []
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^eFax DllCmd 4.0.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\eFax DllCmd 4.0.lnk
backup=C:\WINDOWS\pss\eFax DllCmd 4.0.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^eFax Tray Menu 4.0.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\eFax Tray Menu 4.0.lnk
backup=C:\WINDOWS\pss\eFax Tray Menu 4.0.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^FotoStation Easy AutoLaunch.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\FotoStation Easy AutoLaunch.lnk
backup=C:\WINDOWS\pss\FotoStation Easy AutoLaunch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WD Backup Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WD Backup Monitor.lnk
backup=C:\WINDOWS\pss\WD Backup Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Moi^Menu Démarrer^Programmes^Démarrage^wkcalrem.LNK]
path=C:\Documents and Settings\Moi\Menu Démarrer\Programmes\Démarrage\wkcalrem.LNK
backup=C:\WINDOWS\pss\wkcalrem.LNKStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-03 22:10 68856 --a------ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41878ed0-6611-11dc-8c8b-000272b00026}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-05 21:22:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 22:20:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
Completion time: 2008-01-05 22:24:31 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-05 21:24:06
ComboFix2.txt 2008-01-04 20:45:07
ComboFix3.txt 2008-01-03 22:10:09
ComboFix4.txt 2007-12-30 18:44:10
ComboFix5.txt 2007-12-27 21:38:21
.
2007-12-11 21:05:19 --- E O F ---
Bonjour
oups erreur de ma part j'ai oublié de te faire marqué REGEDIT4
toujours présent
tu vas refaire la manip avec ceci
REGEDIT4
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NAV Scan Service"=-
"mswkork Service"=-
comme avant tu l'enregistre sur le bloc notes
mais avant de la faire glisser sur l'icone de combofix
tu redémarre ton pc en mode sans échec
et tu le fais glisser une fois en mode sans échec
si ça ne veux pas marcher fait le en mode normal
@+
oups erreur de ma part j'ai oublié de te faire marqué REGEDIT4
toujours présent
tu vas refaire la manip avec ceci
REGEDIT4
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NAV Scan Service"=-
"mswkork Service"=-
comme avant tu l'enregistre sur le bloc notes
mais avant de la faire glisser sur l'icone de combofix
tu redémarre ton pc en mode sans échec
et tu le fais glisser une fois en mode sans échec
si ça ne veux pas marcher fait le en mode normal
@+
Bonjour,
Voilà le rapportfait en mode sans échec :
ComboFix 08-01-03.3 - Moi 2008-01-06 18:49:50.7 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.376 [GMT 1:00]
Running from: C:\Documents and Settings\Moi\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Moi\Bureau\CFScript.txt.txt
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-06 to 2008-01-06 ))))))))))))))))))))))))))))))))))))
.
2008-01-02 22:36 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-31 13:53 . 2007-12-31 18:03 369,928 --a------ C:\WINDOWS\system32\perfh040.dat
2007-12-31 13:53 . 2007-12-31 18:03 49,992 --a------ C:\WINDOWS\system32\perfc040.dat
2007-12-29 19:27 . 2008-01-06 18:56 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-12-28 22:07 . 2007-12-29 22:35 9,259,531 --a------ C:\upload_moi_MARTINE.tar.gz
2007-12-28 21:48 . 2007-12-28 21:58 <REP> d-------- C:\Program Files\Navilog1
2007-12-17 22:06 . 2007-12-17 22:06 <REP> d-------- C:\Documents and Settings\Moi\Application Data\Grisoft
2007-12-17 22:05 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-01 21:06 --------- d-----w C:\Program Files\Fichiers communs\Nikon
2008-01-01 21:05 --------- d-----w C:\Program Files\Google
2007-12-28 21:46 12,620 ----a-w C:\Documents and Settings\Moi\Application Data\wklnhst.dat
2007-12-03 17:36 87,952 ------w C:\WINDOWS\system32\drivers\bdfndisf.sys
2007-11-25 09:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-23 20:51 --------- d-----w C:\Program Files\Trend Micro
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 18:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-08 20:51 --------- d-----w C:\Program Files\Common Files
2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-01-02 09:44 60,800 ----a-w C:\Documents and Settings\Moi\Application Data\GDIPFONTCACHEV1.DAT
2006-06-01 17:17 1,683,871 ----a-w C:\Program Files\photofiltre_photofiltre_6.2.5_francais_10731.exe
2005-12-13 14:37 200,704 ----a-w C:\Program Files\ECB.exe
2005-12-13 14:37 117 ----a-w C:\Program Files\Config.ini
2005-09-02 21:05 10,834,615 ----a-w C:\WINDOWS\Internet Logs\GLBF_2nd_2005_09_02_18_56_06.dmp.zip
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{381FFDE8-2394-4F90-B10D-FC6124A40F8C}
[HKEY_CLASSES_ROOT\clsid\{381ffde8-2394-4f90-b10d-fc6124a40f8c}]
[HKEY_CLASSES_ROOT\BitDefender Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-11-10 16:06 406016]
"EPSON Stylus CX3200"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-07-01 04:05 74752]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2007-12-03 18:36 319488]
"OEM-Reset"="" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NAV Scan Service"="NAVscan32.exe" []
"mswkork Service"="msework.exe" []
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^eFax DllCmd 4.0.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\eFax DllCmd 4.0.lnk
backup=C:\WINDOWS\pss\eFax DllCmd 4.0.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^eFax Tray Menu 4.0.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\eFax Tray Menu 4.0.lnk
backup=C:\WINDOWS\pss\eFax Tray Menu 4.0.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^FotoStation Easy AutoLaunch.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\FotoStation Easy AutoLaunch.lnk
backup=C:\WINDOWS\pss\FotoStation Easy AutoLaunch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WD Backup Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WD Backup Monitor.lnk
backup=C:\WINDOWS\pss\WD Backup Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Moi^Menu Démarrer^Programmes^Démarrage^wkcalrem.LNK]
path=C:\Documents and Settings\Moi\Menu Démarrer\Programmes\Démarrage\wkcalrem.LNK
backup=C:\WINDOWS\pss\wkcalrem.LNKStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-03 22:10 68856 --a------ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
R1 bdftdif;bdftdif;C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys [2007-11-28 18:15]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2007-12-03 18:36]
R3 bdfsfltr;bdfsfltr;C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys [2007-08-02 16:03]
R3 BDSelfPr;BDSelfPr;C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys [2007-09-30 17:05]
S2 FILESpy;FILESpy;C:\Program Files\Softwin\BitDefender9\filespy.sys []
S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 11:35]
S3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS [2003-09-10 16:20]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41878ed0-6611-11dc-8c8b-000272b00026}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-06 17:57:04 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 18:57:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
Completion time: 2008-01-06 19:00:25 - machine was rebooted [Moi]
ComboFix-quarantined-files.txt 2008-01-06 17:59:55
ComboFix2.txt 2008-01-05 21:24:32
ComboFix3.txt 2008-01-04 20:45:07
ComboFix4.txt 2008-01-03 22:10:09
ComboFix5.txt 2007-12-30 18:44:10
.
2007-12-11 21:05:19 --- E O F ---
Voilà le rapportfait en mode sans échec :
ComboFix 08-01-03.3 - Moi 2008-01-06 18:49:50.7 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.376 [GMT 1:00]
Running from: C:\Documents and Settings\Moi\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Moi\Bureau\CFScript.txt.txt
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-06 to 2008-01-06 ))))))))))))))))))))))))))))))))))))
.
2008-01-02 22:36 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-31 13:53 . 2007-12-31 18:03 369,928 --a------ C:\WINDOWS\system32\perfh040.dat
2007-12-31 13:53 . 2007-12-31 18:03 49,992 --a------ C:\WINDOWS\system32\perfc040.dat
2007-12-29 19:27 . 2008-01-06 18:56 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-12-28 22:07 . 2007-12-29 22:35 9,259,531 --a------ C:\upload_moi_MARTINE.tar.gz
2007-12-28 21:48 . 2007-12-28 21:58 <REP> d-------- C:\Program Files\Navilog1
2007-12-17 22:06 . 2007-12-17 22:06 <REP> d-------- C:\Documents and Settings\Moi\Application Data\Grisoft
2007-12-17 22:05 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-01 21:06 --------- d-----w C:\Program Files\Fichiers communs\Nikon
2008-01-01 21:05 --------- d-----w C:\Program Files\Google
2007-12-28 21:46 12,620 ----a-w C:\Documents and Settings\Moi\Application Data\wklnhst.dat
2007-12-03 17:36 87,952 ------w C:\WINDOWS\system32\drivers\bdfndisf.sys
2007-11-25 09:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-23 20:51 --------- d-----w C:\Program Files\Trend Micro
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 18:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-08 20:51 --------- d-----w C:\Program Files\Common Files
2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-01-02 09:44 60,800 ----a-w C:\Documents and Settings\Moi\Application Data\GDIPFONTCACHEV1.DAT
2006-06-01 17:17 1,683,871 ----a-w C:\Program Files\photofiltre_photofiltre_6.2.5_francais_10731.exe
2005-12-13 14:37 200,704 ----a-w C:\Program Files\ECB.exe
2005-12-13 14:37 117 ----a-w C:\Program Files\Config.ini
2005-09-02 21:05 10,834,615 ----a-w C:\WINDOWS\Internet Logs\GLBF_2nd_2005_09_02_18_56_06.dmp.zip
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{381FFDE8-2394-4F90-B10D-FC6124A40F8C}
[HKEY_CLASSES_ROOT\clsid\{381ffde8-2394-4f90-b10d-fc6124a40f8c}]
[HKEY_CLASSES_ROOT\BitDefender Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-11-10 16:06 406016]
"EPSON Stylus CX3200"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-07-01 04:05 74752]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2007-12-03 18:36 319488]
"OEM-Reset"="" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NAV Scan Service"="NAVscan32.exe" []
"mswkork Service"="msework.exe" []
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^eFax DllCmd 4.0.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\eFax DllCmd 4.0.lnk
backup=C:\WINDOWS\pss\eFax DllCmd 4.0.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^eFax Tray Menu 4.0.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\eFax Tray Menu 4.0.lnk
backup=C:\WINDOWS\pss\eFax Tray Menu 4.0.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^FotoStation Easy AutoLaunch.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\FotoStation Easy AutoLaunch.lnk
backup=C:\WINDOWS\pss\FotoStation Easy AutoLaunch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WD Backup Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WD Backup Monitor.lnk
backup=C:\WINDOWS\pss\WD Backup Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Moi^Menu Démarrer^Programmes^Démarrage^wkcalrem.LNK]
path=C:\Documents and Settings\Moi\Menu Démarrer\Programmes\Démarrage\wkcalrem.LNK
backup=C:\WINDOWS\pss\wkcalrem.LNKStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-03 22:10 68856 --a------ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
R1 bdftdif;bdftdif;C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys [2007-11-28 18:15]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2007-12-03 18:36]
R3 bdfsfltr;bdfsfltr;C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys [2007-08-02 16:03]
R3 BDSelfPr;BDSelfPr;C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys [2007-09-30 17:05]
S2 FILESpy;FILESpy;C:\Program Files\Softwin\BitDefender9\filespy.sys []
S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 11:35]
S3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS [2003-09-10 16:20]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{41878ed0-6611-11dc-8c8b-000272b00026}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-06 17:57:04 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 18:57:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
Completion time: 2008-01-06 19:00:25 - machine was rebooted [Moi]
ComboFix-quarantined-files.txt 2008-01-06 17:59:55
ComboFix2.txt 2008-01-05 21:24:32
ComboFix3.txt 2008-01-04 20:45:07
ComboFix4.txt 2008-01-03 22:10:09
ComboFix5.txt 2007-12-30 18:44:10
.
2007-12-11 21:05:19 --- E O F ---
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
bonsoir marlie
j'ai besoin d'aide pour ton sujet
car une chose m'échappe et je n'arrive pas à la saisir
je te contacte un peu plus tard
@+ ;-)
j'ai besoin d'aide pour ton sujet
car une chose m'échappe et je n'arrive pas à la saisir
je te contacte un peu plus tard
@+ ;-)
Ouvre le bloc-notes et fais un copier coller de ce qui est en citation ci-dessous (copie tout d'un trait) :
REGEDIT4
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NAV Scan Service"=-
"mswkork Service"=-
Puis "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : fix.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"
L'icône de fix.reg doit ressembler à cela
quitte internet et double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"
ensuite un nouveau rapport hijack stp
@+
REGEDIT4
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NAV Scan Service"=-
"mswkork Service"=-
Puis "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : fix.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"
L'icône de fix.reg doit ressembler à cela
quitte internet et double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"
ensuite un nouveau rapport hijack stp
@+
Voilà le rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:34:07, on 06/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Realtek\Rtl8180\RtlWake.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RtlWake.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-windows-i586-jc.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.wisup.net/album-photo/wistiti/Upload/ImageUploader35.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://tiragesphoto.fnac.com/
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:34:07, on 06/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Realtek\Rtl8180\RtlWake.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RtlWake.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-windows-i586-jc.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.wisup.net/album-photo/wistiti/Upload/ImageUploader35.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://tiragesphoto.fnac.com/
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
YES !!!!
maintenant Fais un scan antivirus en ligne avec Internet Explorer
https://www.bitdefender.fr/
=> En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
=> Dans la nouvelle fenêtre, clique sur I agree
=> La fenêtre change encore, clique sur Click here to scan
=> Les signatures se chargent, etc.
=> copie colle le résultat ici
tuto en image
http://pageperso.aol.fr/rginformatique/mapage/defender.htm
@+
maintenant Fais un scan antivirus en ligne avec Internet Explorer
https://www.bitdefender.fr/
=> En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
=> Dans la nouvelle fenêtre, clique sur I agree
=> La fenêtre change encore, clique sur Click here to scan
=> Les signatures se chargent, etc.
=> copie colle le résultat ici
tuto en image
http://pageperso.aol.fr/rginformatique/mapage/defender.htm
@+
bonsoir,
je trouve ton message ce soir seulement, je n"étais pas chez moi. Je lance le scan et te poste le rapport dès que possible.
A+ et merci.
je trouve ton message ce soir seulement, je n"étais pas chez moi. Je lance le scan et te poste le rapport dès que possible.
A+ et merci.
Cette fois, je crois que c'est gagné !!! Encore merci pour tout le temps que tu as consacré à mon problème.
Voici le rapport :
BitDefender Online Scanner
Scan report generated at: Mon, Jan 07, 2008 - 23:05:12
Scan path: C:\;D:\;E:\;F:\;
Statistics
Time
01:47:23
Files
181704
Folders
4888
Boot Sectors
4
Archives
8490
Packed Files
10160
Results
Identified Viruses
0
Infected Files
0
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
0
Engines Info
Virus Definitions
885677
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins
14
Archive plugins
38
Unpack plugins
7
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
No virus found.
Voici le rapport :
BitDefender Online Scanner
Scan report generated at: Mon, Jan 07, 2008 - 23:05:12
Scan path: C:\;D:\;E:\;F:\;
Statistics
Time
01:47:23
Files
181704
Folders
4888
Boot Sectors
4
Archives
8490
Packed Files
10160
Results
Identified Viruses
0
Infected Files
0
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
0
Engines Info
Virus Definitions
885677
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins
14
Archive plugins
38
Unpack plugins
7
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
No virus found.
Voila ce que tu m'as demandé :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:13:41, on 08/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Realtek\Rtl8180\RtlWake.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RtlWake.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-windows-i586-jc.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.wisup.net/album-photo/wistiti/Upload/ImageUploader35.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://tiragesphoto.fnac.com/
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:13:41, on 08/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Realtek\Rtl8180\RtlWake.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RtlWake.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u1-windows-i586-jc.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.wisup.net/album-photo/wistiti/Upload/ImageUploader35.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://tiragesphoto.fnac.com/
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
je ne vois plus rien sur ton rapport
je pense que ton soucis est résolu
pour finir Tu peux supprimer tous les logiciels que nous avons utilisés
va dans ajout/suppression de programes et dans programmes files
pour vérifier
ensuite fais ceci (IMPORTANT)
=> démarrer
=> panneau de configuration
=> système
=> onglet Restauration système
=> coche la case (Désactiver la restauration système)
=> redémarre l'ordinateur
=> réactive la ensuite
----------------------------------------
ensuite
Logiciels intéressants a avoir
=>CCleaner
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
tuto
https://forums.cnetfrance.fr
=> Ad-aware SE (scan passif )
https://www.google.com ou http://www.lavasoft.de/support/download/#free
Tutos :
http://home.tiscali.be/schouppeguy/adawarese/adawase.htm
=> SpyBot-Search & Destroy 1.5 (scan passif + protection préventive avec ces 2 résidents, ses vaccinations et sa list Hosts )
https://www.safer-networking.org/download/
démo d utilisation
http://perso.orange.fr/rginformatique/section%20virus/demo%20spybot.htm
https://www.malekal.com/spybot-search-destroy-proteger-desinfecter-pc-virus/
Tuto :
http://perso.orange.fr/jesses/Docs/Logiciels/Spybot.htm
=> a² free (anti-trojans) (scan passif )
- Téléchargement : https://www.emsisoft.com/fr/home/antimalware/
- Tuto : http://perso.orange.fr/jesses/Docs/Logiciels/a-squared.htm
=> ZebProtect (application ne nécessitant pas d installation)
https://www.zebulon.fr/dossiers/autres/40-zebprotect.html
http://telechargement.zebulon.fr/123.html
-------------------------------
bon courage à toi pour la suite
et bone chance
;-)
@+
je pense que ton soucis est résolu
pour finir Tu peux supprimer tous les logiciels que nous avons utilisés
va dans ajout/suppression de programes et dans programmes files
pour vérifier
ensuite fais ceci (IMPORTANT)
=> démarrer
=> panneau de configuration
=> système
=> onglet Restauration système
=> coche la case (Désactiver la restauration système)
=> redémarre l'ordinateur
=> réactive la ensuite
----------------------------------------
ensuite
Logiciels intéressants a avoir
=>CCleaner
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
tuto
https://forums.cnetfrance.fr
=> Ad-aware SE (scan passif )
https://www.google.com ou http://www.lavasoft.de/support/download/#free
Tutos :
http://home.tiscali.be/schouppeguy/adawarese/adawase.htm
=> SpyBot-Search & Destroy 1.5 (scan passif + protection préventive avec ces 2 résidents, ses vaccinations et sa list Hosts )
https://www.safer-networking.org/download/
démo d utilisation
http://perso.orange.fr/rginformatique/section%20virus/demo%20spybot.htm
https://www.malekal.com/spybot-search-destroy-proteger-desinfecter-pc-virus/
Tuto :
http://perso.orange.fr/jesses/Docs/Logiciels/Spybot.htm
=> a² free (anti-trojans) (scan passif )
- Téléchargement : https://www.emsisoft.com/fr/home/antimalware/
- Tuto : http://perso.orange.fr/jesses/Docs/Logiciels/a-squared.htm
=> ZebProtect (application ne nécessitant pas d installation)
https://www.zebulon.fr/dossiers/autres/40-zebprotect.html
http://telechargement.zebulon.fr/123.html
-------------------------------
bon courage à toi pour la suite
et bone chance
;-)
@+
