InfectionVundo et autres

Résolu
nonoy54 Messages postés 452 Date d'inscription   Statut Membre Dernière intervention   -  
^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   -
Bonjour à tous.
Je me permets de demander de l'aide. Mon PC rame de plus en plus, bien que j'essaie de le nettoyer depuis hier avec spybot, ccleaner...
Avast ne semble plus guère fonctionner malgres la reinstallation et un scan en ligne avec bitdefender me trouve au moins 4 virus (vundo.d, agent AFSZ..) dont un dans avast!!!

Un rapport Hijackthis analysé en ligne me signalait quelques problème que j'ai résolu mais je suis toujours infesté.
Quelque fois mon bureau disparait et Avast de mnde toujours à redemarrer le système.

Merci de votre aide
Configuration: Windows XP
Internet Explorer 7.0

29 réponses

  • 1
  • 2
  1. internetasso Messages postés 1054 Date d'inscription   Statut Membre Dernière intervention   177
     
    refais un rapport et post le
    0
  2. nonoy54 Messages postés 452 Date d'inscription   Statut Membre Dernière intervention   7
     
    Voilà

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:25:55, on 29/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\taskswitch.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\System32\taskswitch .exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp .exe
    C:\WINDOWS\system32\ctfmon .exe
    C:\Program Files\Windows Media Player\WMPNSCFG .exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F3 - REG:win.ini: load=C:\WINDOWS\system32\geedd.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [105d73d6] rundll32.exe "C:\WINDOWS\system32\mqexyefu.dll",b
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Voir la &source de la destination - file://C:\Program Files\web\v-source.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
    O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://surechat.com:9000/Java/cfs31229.cab
    O16 - DPF: Interface Chat Wanadoo - http://chat14.x-echo.com/version5/Applet/wchatsign.cab
    O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} - http://www.1-click.com/common/files/installer-hidden-test.cab
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://support.norton.com/sp/en/us/home/current/info
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB
    O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
    O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
    O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://E:\Content\include\msSecUcd.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://support.norton.com/sp/en/us/home/current/info
    O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\wlxwanul.exe (file missing)
    O23 - Service: Intel Alert Handler - Intel Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
    O23 - Service: Intel Alert Originator - Unknown owner - C:\WINDOWS\system32\ams_ii\iao.exe (file missing)
    O23 - Service: Intel File Transfer - Intel Corporation - C:\WINDOWS\system32\cba\xfr.exe
    O23 - Service: Intel PDS - Intel Corporation - C:\WINDOWS\system32\cba\pds.exe
    O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Unknown owner - C:\Program Files\Norton AntiVirus\isPwdSvc.exe (file missing)
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    0
  3. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    Slt

    Fais un clic droit sur hijackthis,

    choisis "renommer" marque : ► tu écris ► PROUT.exe
    Puis remet un rapport stp
    0
  4. nonoy54 Messages postés 452 Date d'inscription   Statut Membre Dernière intervention   7
     
    Et voici mon prout..

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:31:58, on 29/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\taskswitch.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\System32\taskswitch .exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp .exe
    C:\WINDOWS\system32\ctfmon .exe
    C:\Program Files\Windows Media Player\WMPNSCFG .exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F3 - REG:win.ini: load=C:\WINDOWS\system32\geedd.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [105d73d6] rundll32.exe "C:\WINDOWS\system32\mqexyefu.dll",b
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Voir la &source de la destination - file://C:\Program Files\web\v-source.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
    O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://surechat.com:9000/Java/cfs31229.cab
    O16 - DPF: Interface Chat Wanadoo - http://chat14.x-echo.com/version5/Applet/wchatsign.cab
    O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} - http://www.1-click.com/common/files/installer-hidden-test.cab
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://support.norton.com/sp/en/us/home/current/info
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB
    O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
    O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
    O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://E:\Content\include\msSecUcd.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://support.norton.com/sp/en/us/home/current/info
    O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\wlxwanul.exe (file missing)
    O23 - Service: Intel Alert Handler - Intel Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
    O23 - Service: Intel Alert Originator - Unknown owner - C:\WINDOWS\system32\ams_ii\iao.exe (file missing)
    O23 - Service: Intel File Transfer - Intel Corporation - C:\WINDOWS\system32\cba\xfr.exe
    O23 - Service: Intel PDS - Intel Corporation - C:\WINDOWS\system32\cba\pds.exe
    O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Unknown owner - C:\Program Files\Norton AntiVirus\isPwdSvc.exe (file missing)
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    Tu l'as renommé ???
    Pourquoi t'as pas écrit ""prout"" ???

    Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
    http://www.atribune.org/ccount/click.php?id=4

    * Double-clique VundoFix.exe afin de le lancer.
    * Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
    * Clique sur le bouton Scan for Vundo.
    * Lorsque le scan est complété, clique sur le bouton Remove Vundo
    * Une invite te demandera si tu veux supprimer les fichiers, clique YES
    * Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
    * Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
    * Démarre ton PC à nouveau.
    * Copie/colle le contenu du rapport situé dans C:\vundofix.txt

    Télécharge VirtumundoBegone sur le bureau:
    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

    Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
    Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse

    ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

    0
  7. nonoy54 Messages postés 452 Date d'inscription   Statut Membre Dernière intervention   7
     
    Ok merci, vundofix est en route..
    Au fait, je 'ai bien renommé pout!!
    A+
    0
  8. nonoy54 Messages postés 452 Date d'inscription   Statut Membre Dernière intervention   7
     
    Voila les rapport. J'ai eu un petit soucis, mon ordi a planté au redemarage apres vundofix et j'ai un message : C:\WINDOWS\system32\mqexyefu.dll est introuvable?

    VundoFix V6.7.7

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.11

    Scan started at 11:37:47 29/12/2007

    Listing files found while scanning....

    VundoFix V6.7.7

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.11

    Scan started at 16:38:33 29/12/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\chlxelth.dll
    C:\WINDOWS\system32\ddeeg.ini
    C:\WINDOWS\system32\ddeeg.ini2
    C:\WINDOWS\system32\fcccyvv.dll
    C:\WINDOWS\system32\geedd.dll
    C:\WINDOWS\system32\geedd.exe
    C:\WINDOWS\system32\mqexyefu.dll
    C:\WINDOWS\system32\pmnopmn.dll
    C:\WINDOWS\system32\qomkllm.dll
    C:\WINDOWS\system32\taskswitch.exe
    C:\WINDOWS\system32\urqonlj.dll
    C:\WINDOWS\system32\xxyaxya.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\chlxelth.dll
    C:\WINDOWS\system32\chlxelth.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ddeeg.ini
    C:\WINDOWS\system32\ddeeg.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ddeeg.ini2
    C:\WINDOWS\system32\ddeeg.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\fcccyvv.dll
    C:\WINDOWS\system32\fcccyvv.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\geedd.dll
    C:\WINDOWS\system32\geedd.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\geedd.exe
    C:\WINDOWS\system32\geedd.exe Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mqexyefu.dll
    C:\WINDOWS\system32\mqexyefu.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmnopmn.dll
    C:\WINDOWS\system32\pmnopmn.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qomkllm.dll
    C:\WINDOWS\system32\qomkllm.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\taskswitch.exe
    C:\WINDOWS\system32\taskswitch.exe Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\urqonlj.dll
    C:\WINDOWS\system32\urqonlj.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xxyaxya.dll
    C:\WINDOWS\system32\xxyaxya.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.7.7

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.11

    Scan started at 17:35:42 29/12/2007

    Listing files found while scanning....

    [12/29/2007, 17:45:29] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\claude\Bureau\VirtumundoBeGone.exe" )
    [12/29/2007, 17:45:32] - Detected System Information:
    [12/29/2007, 17:45:32] - Windows Version: 5.1.2600, Service Pack 2
    [12/29/2007, 17:45:32] - Current Username: claude (Admin)
    [12/29/2007, 17:45:32] - Windows is in NORMAL mode.
    [12/29/2007, 17:45:32] - Searching for Browser Helper Objects:
    [12/29/2007, 17:45:32] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [12/29/2007, 17:45:32] - BHO 2: {24979561-033f-4428-aed5-bca0c28c79fc} ()
    [12/29/2007, 17:45:32] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [12/29/2007, 17:45:32] - Checking for HKLM\...\Winlogon\Notify\chlxelth
    [12/29/2007, 17:45:32] - Key not found: HKLM\...\Winlogon\Notify\chlxelth, continuing.
    [12/29/2007, 17:45:32] - BHO 3: {276E41DC-3D65-466D-902B-22954CD04961} ()
    [12/29/2007, 17:45:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [12/29/2007, 17:45:33] - Checking for HKLM\...\Winlogon\Notify\geedd
    [12/29/2007, 17:45:33] - Key not found: HKLM\...\Winlogon\Notify\geedd, continuing.
    [12/29/2007, 17:45:33] - BHO 4: {2B3CBDC2-8AB6-45B1-B59E-7B0DEE595917} ()
    [12/29/2007, 17:45:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [12/29/2007, 17:45:33] - Checking for HKLM\...\Winlogon\Notify\fcccyvv
    [12/29/2007, 17:45:33] - Key not found: HKLM\...\Winlogon\Notify\fcccyvv, continuing.
    [12/29/2007, 17:45:33] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} ()
    [12/29/2007, 17:45:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [12/29/2007, 17:45:33] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [12/29/2007, 17:45:33] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [12/29/2007, 17:45:33] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [12/29/2007, 17:45:33] - BHO 7: {8D59C37A-704E-4A73-B86B-88C3757A9E9B} ()
    [12/29/2007, 17:45:33] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [12/29/2007, 17:45:33] - Checking for HKLM\...\Winlogon\Notify\jkkli
    [12/29/2007, 17:45:33] - Key not found: HKLM\...\Winlogon\Notify\jkkli, continuing.
    [12/29/2007, 17:45:33] - Finished Searching Browser Helper Objects
    [12/29/2007, 17:45:33] - Finishing up...
    [12/29/2007, 17:45:33] - Nothing found! Exiting...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:52:40, on 29/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\WINDOWS\System32\taskswitch.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\taskswitch .exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp .exe
    C:\Program Files\Windows Media Player\WMPNSCFG .exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F3 - REG:win.ini: load=C:\WINDOWS\system32\jkkli.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [105d73d6] rundll32.exe "C:\WINDOWS\system32\mqexyefu.dll",b
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Voir la &source de la destination - file://C:\Program Files\web\v-source.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
    O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://surechat.com:9000/Java/cfs31229.cab
    O16 - DPF: Interface Chat Wanadoo - http://chat14.x-echo.com/version5/Applet/wchatsign.cab
    O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} - http://www.1-click.com/common/files/installer-hidden-test.cab
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://support.norton.com/sp/en/us/home/current/info
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB
    O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
    O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
    O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://E:\Content\include\msSecUcd.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://support.norton.com/sp/en/us/home/current/info
    O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\wlxwanul.exe (file missing)
    O23 - Service: Intel Alert Handler - Intel Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
    O23 - Service: Intel Alert Originator - Unknown owner - C:\WINDOWS\system32\ams_ii\iao.exe (file missing)
    O23 - Service: Intel File Transfer - Intel Corporation - C:\WINDOWS\system32\cba\xfr.exe
    O23 - Service: Intel PDS - Intel Corporation - C:\WINDOWS\system32\cba\pds.exe
    O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Unknown owner - C:\Program Files\Norton AntiVirus\isPwdSvc.exe (file missing)
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    0
  9. nonoy54 Messages postés 452 Date d'inscription   Statut Membre Dernière intervention   7
     
    Pour la DLL, j'ai réglé le problème. J'ai lu sur le forum que cela pouvait être un résidu de virus, alors je l'ai supprimé dans le registre.
    0
  10. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    télécharge combofix (par sUBs)ici :
    Combofix est un programme qui supprime des trojans/backdoor connues et rootkits
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le bureau.

    2 double-clique sur combofix.exe et suis les instructions

    3 à la fin, il va produire un rapport C:\ComboFix.txt

    4 copie/colle ce rapport dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

    Poste aussi un nouveau rapport Hijackthis.
    0
  11. nonoy54 Messages postés 452 Date d'inscription   Statut Membre Dernière intervention   7
     
    Voici les rapports

    ComboFix 07-12-21.4 - claude 2007-12-29 19:57:46.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.142 [GMT 1:00]
    Running from: C:\Documents and Settings\claude\Bureau\ComboFix.exe
    * Created a new restore point
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\cookies.ini
    C:\WINDOWS\Downloaded Program Files\rave
    C:\WINDOWS\Downloaded Program Files\rave\avirexe.vdm
    C:\WINDOWS\Downloaded Program Files\rave\avirscr.vdm
    C:\WINDOWS\Downloaded Program Files\rave\base.vdm
    C:\WINDOWS\Downloaded Program Files\rave\daily.vdm
    C:\WINDOWS\Downloaded Program Files\rave\daily.vdt
    C:\WINDOWS\Downloaded Program Files\rave\filters.vdm
    C:\WINDOWS\Downloaded Program Files\rave\kernel.vdk
    C:\WINDOWS\Downloaded Program Files\rave\keyring.vdk
    C:\WINDOWS\Downloaded Program Files\rave\mapi_vdm.vdm
    C:\WINDOWS\Downloaded Program Files\rave\modules.vdk
    C:\WINDOWS\Downloaded Program Files\rave\rav8def.vdm
    C:\WINDOWS\Downloaded Program Files\rave\rufs.vdm
    C:\WINDOWS\Downloaded Program Files\rave\rufsplg.vdm
    C:\WINDOWS\Downloaded Program Files\rave\unarch.vdm
    C:\WINDOWS\Downloaded Program Files\rave\unmail.vdm
    C:\WINDOWS\Downloaded Program Files\rave\unpack.vdm
    C:\WINDOWS\Fonts\a.zip
    C:\WINDOWS\Fonts\acrsecI.fon
    C:\WINDOWS\Fonts\Crack.exe
    C:\WINDOWS\system32\fcccyvv.dll
    C:\WINDOWS\system32\ilkkj.ini
    C:\WINDOWS\system32\ilkkj.ini2
    C:\WINDOWS\system32\jkkli.dll
    C:\WINDOWS\system32\SysPr.prx

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_DOMAINSERVICE
    -------\LEGACY_M_HOOK
    -------\LEGACY_NWSAPAGENT

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-28 to 2007-12-29 ))))))))))))))))))))))))))))))))))))
    .

    2007-12-29 20:30 . 2007-12-29 20:30 319 --ahs---- C:\WINDOWS\system32\ilkkj.ini
    2007-12-29 20:28 . 2007-12-29 20:28 344,576 --------- C:\WINDOWS\system32\jkkli.dll
    2007-12-29 17:40 . 2007-12-29 20:29 348,160 --a------ C:\WINDOWS\system32\jkkli.exe
    2007-12-29 14:42 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2007-12-29 14:42 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
    2007-12-29 14:42 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-12-29 14:42 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2007-12-29 11:37 . 2007-12-29 17:35 <REP> d----c--- C:\VundoFix Backups
    2007-12-29 10:22 . 2007-12-29 10:22 <REP> d-------- C:\Program Files\Trend Micro
    2007-12-29 10:00 . 2007-12-29 16:02 1,031,458 ---hs---- C:\WINDOWS\system32\ufeyxeqm.ini
    2007-12-27 22:39 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2007-12-27 22:39 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-12-27 22:39 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-12-27 22:39 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-27 22:38 . 2007-12-27 22:38 <REP> d-------- C:\Program Files\Alwil Software
    2007-12-27 22:38 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
    2007-12-27 22:38 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-12-27 22:38 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2007-12-27 22:36 . 2007-12-27 22:36 18,764,248 --a------ C:\Program Files\setupfre.exe
    2007-12-27 17:57 . 2007-12-29 18:35 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
    2007-12-27 06:51 . 2007-12-29 20:28 45,632 --a------ C:\WINDOWS\system32\taskswitch .exe
    2007-12-26 21:47 . 2007-12-26 21:47 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
    2007-12-10 21:46 . 2007-12-10 21:46 6,688 --a------ C:\WINDOWS\movexe.exe
    2007-12-10 21:45 . 2007-12-10 21:47 <REP> d----c--- C:\Accord
    2007-12-09 15:52 . 2007-12-24 16:05 <REP> d-------- C:\Program Files\TubeMaster
    2007-12-04 14:52 . 2007-12-04 14:52 <REP> d-------- C:\Documents and Settings\Administrateur.CLAUDE-6E5OYUA3\Application Data\Lavasoft
    2007-11-30 16:22 . 2007-11-30 16:22 <REP> d-------- C:\Documents and Settings\NetworkService\Mes documents

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-29 17:35 393,728 ----a-w C:\WINDOWS\system32\taskswitch.exe
    2007-12-29 09:21 839,687 ----a-w C:\WINDOWS\Fonts\svchost .exe
    2007-12-29 09:21 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2007-12-28 00:34 --------- d-----w C:\Program Files\QuickTime
    2007-12-24 15:41 --------- d-----w C:\Program Files\Navilog1
    2007-12-11 21:03 --------- d-----w C:\Program Files\Mp3 My Mp3 2.0
    2007-12-05 20:37 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\eerd
    2007-12-04 13:49 --------- d-----w C:\Program Files\VirtualDJ
    2007-12-01 07:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-01 07:45 --------- d-----w C:\Program Files\Digidesign
    2007-12-01 07:44 --------- d-----w C:\Program Files\Fichiers communs\Digidesign
    2007-11-27 15:13 --------- d-----w C:\Program Files\Fichiers communs\PACE Anti-Piracy
    2007-11-27 15:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
    2007-11-26 17:39 --------- d-----w C:\Documents and Settings\claude\Application Data\Canon
    2007-11-25 17:19 --------- d-----w C:\Program Files\Acoustica Beatcraft
    2007-11-25 17:07 --------- d-----w C:\Program Files\Acoustica Shared Effects
    2007-11-25 16:19 --------- d-----w C:\Program Files\Sony Setup
    2007-11-25 14:35 --------- d-----w C:\Program Files\VstPlugins
    2007-11-25 14:34 --------- d-----w C:\Program Files\Image-Line
    2007-11-24 22:48 --------- d-----w C:\Program Files\Power Tab Software
    2007-11-15 21:14 --------- d-----w C:\Documents and Settings\claude\Application Data\Sibelius Software
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRSTITL.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRSTEXT.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRSSTMP.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRSSPEC.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRSSCRP.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRSREH_.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRSMET_.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRSCHOR.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRS____.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSTEXT.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSSE__.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSS___.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSROMC.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSPC__.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSP___.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSO___.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSNN__.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSM___.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSJAPC.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSFS__.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSFBE_.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSFB__.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSCSC_.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSCS__.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSC___.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUS____.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\INKPEN2_.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\INK2TEXT.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\INK2SPEC.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\INK2SCRI.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\INK2METR.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\INK2CHOR.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\HELST___.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\HELSS___.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\HELSM___.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\HELSINKI.FOT
    2007-11-15 21:09 --------- d-----w C:\Program Files\Sibelius Software
    2007-11-13 10:25 20,480 ----a-r C:\WINDOWS\system32\drivers\secdrv.sys
    2007-11-10 10:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-03 17:06 --------- d-----w C:\Documents and Settings\claude\Application Data\SolidDocuments
    2007-11-01 14:40 --------- d-----w C:\Program Files\TablEdit
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-28 22:40 --------- d-----w C:\Program Files\Real Alternative
    2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-20 19:32 4,981,232 ----a-w C:\Program Files\camfrog.exe
    2007-10-14 15:33 45,056 ----a-w C:\WINDOWS\NCUNINST.EXE
    2007-10-12 08:40 86,094 ----a-w C:\WINDOWS\BPMNT.dll
    2007-10-12 08:40 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
    2007-10-12 08:38 71,749 ----a-w C:\WINDOWS\HCExtOutput.dll
    2007-10-12 08:38 267,845 ----a-w C:\WINDOWS\Tsc.exe
    2007-09-15 07:50 59,656 ----a-w C:\Documents and Settings\claude\Application Data\GDIPFONTCACHEV1.DAT
    2007-06-16 14:55 412,303 ----a-w C:\Program Files\GSpot270a-fr-Colok.zip
    2007-03-14 21:37 5,397,560 ----a-w C:\Program Files\VOFR230FOGTB6.EXE
    2007-03-08 20:17 2,685,104 ----a-w C:\Program Files\ccsetup138.exe
    2007-01-21 17:52 59,272 ----a-w C:\Documents and Settings\lucas\Application Data\GDIPFONTCACHEV1.DAT
    2007-01-20 07:53 5,063,192 ----a-w C:\Program Files\cfc.exe
    2007-01-11 13:07 58,032,562 ----a-w C:\Program Files\Samsung_PC_Studio_311_FKB.exe
    2006-11-19 15:53 47,360 ----a-w C:\Documents and Settings\claude\Application Data\pcouffin.sys
    2006-10-28 08:34 359,112 ----a-w C:\Program Files\LimeWireWin.exe
    2006-09-13 20:01 10,162,173 ----a-w C:\Program Files\SN-510.exe
    2006-08-26 13:49 26,892 ----a-w C:\Program Files\torbutton-1.0.4-fx+tb.xpi
    2006-08-26 11:38 326,263 ----a-w C:\Program Files\spell-fr-FR.xpi
    2006-04-30 05:54 5,037,072 ----a-w C:\Program Files\spybotsd14.exe
    2006-03-30 16:09 3,643 -c--a-w C:\Program Files\ads_err.dbf
    2006-03-03 10:32 237,568 ----a-w C:\Program Files\ispare.exe
    2005-10-31 15:56 700,416 -c--a-w C:\Program Files\StubInstaller.exe
    2005-09-22 05:06 1,076,480 -c--a-w C:\Program Files\setupfr.exe
    2005-06-02 18:45 14,896 -c--a-w C:\Program Files\MACDR005.CST
    2005-01-02 10:44 8,192 ----a-w C:\Program Files\Signatures.reg
    2005-01-02 10:44 49,152 ----a-w C:\Program Files\Expblock.reg
    2005-01-02 10:44 24,576 ----a-w C:\Program Files\MailRules.reg
    2004-11-01 17:00 106,240 -c--a-w C:\Program Files\Windows-KB870669-x86-ENU.exe
    2004-10-03 15:55 352,032 -c--a-w C:\Program Files\WindowsXP-KB822603-x86-FRA.exe
    2004-08-04 11:17 1,128,203 -c--a-w C:\Program Files\dvdshrink32setup_FR.exe
    2004-07-08 19:58 884,390 ----a-w C:\Program Files\bootvis1337fr.exe
    2004-04-15 06:34 1,089,660 -c--a-w C:\Program Files\data256.dbb
    2004-03-13 18:07 381,012 ----a-w C:\Program Files\plmessengerctrl.exe
    2004-03-13 07:23 389,376 -c--a-w C:\Program Files\Q831167.exe
    2004-02-22 10:42 39 -c--a-w C:\Program Files\CTJINI.INI
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24979561-033f-4428-aed5-bca0c28c79fc}]
    C:\WINDOWS\system32\chlxelth.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{276E41DC-3D65-466D-902B-22954CD04961}]
    C:\WINDOWS\system32\geedd.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6624506A-9F64-4983-9E41-23441CCCC0F8}]
    2007-12-29 20:28 344576 --------- C:\WINDOWS\system32\jkkli.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" []
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2007-12-29 18:35]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="RUNDLL32.exe" [2004-08-19 15:10 C:\WINDOWS\system32\rundll32.exe]
    "CoolSwitch"="C:\WINDOWS\System32\taskswitch.exe" [2007-12-29 18:35]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" []
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 15:10 C:\WINDOWS\system32\bthprops.cpl]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-29 20:29]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:09]
    "NVIDIA Video drivers"="video_32sD.exe" []
    "NAV Scan Service"="NAVscan32.exe" []

    [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
    "load"=C:\WINDOWS\system32\jkkli.exe

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\jkkli

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk
    backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^claude^Menu Démarrer^Programmes^Démarrage^reminder-Enregistrement du produit ScanSoft.lnk]
    backup=C:\WINDOWS\pss\reminder-Enregistrement du produit ScanSoft.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Instant Access]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /install

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniPage]
    1998-10-28 11:09 44032 --a------ C:\Program Files\Caere\OmniPagePro90\opware32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2007-09-25 00:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    R1 lusbaudio;Microphone USB Logitech;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 22:05]
    R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-02-26 20:44]
    R3 QCEmerald;QuickCam Web Logitech;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 22:05]
    S2 CoachCap;Concord EyeQ Duo LCD USB Video Capture V1.00;C:\WINDOWS\system32\drivers\CoachCap.sys []
    S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 13:23]
    S3 W700bus;Sony Ericsson W700 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\W700bus.sys [2007-02-10 12:06]
    S3 W700mdfl;Sony Ericsson W700 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\W700mdfl.sys [2007-02-10 12:06]
    S3 W700mdm;Sony Ericsson W700 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\W700mdm.sys [2007-02-10 12:06]
    S3 W700mgmt;Sony Ericsson W700 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\W700mgmt.sys [2007-02-10 12:06]
    S3 W700obex;Sony Ericsson W700 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\W700obex.sys [2007-02-10 12:06]

    *Newly Created Service* - DOMAINSERVICE
    *Newly Created Service* - NWSAPAGENT
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2007-12-28 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-29 20:30:30
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\system32\winlogon.exe
    -> C:\WINDOWS\System32\NavLogon.dll

    PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
    -> C:\WINDOWS\system32\jkkli.dll
    -> C:\Program Files\WIDCOMM\Logiciel Bluetooth\btkeyind.dll
    .
    Completion time: 2007-12-29 20:34:14 - machine was rebooted
    .
    2007-12-12 07:03:44 --- E O F ---

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:35:34, on 29/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\taskswitch.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\System32\taskswitch .exe
    C:\Program Files\Windows Media Player\WMPNSCFG .exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F3 - REG:win.ini: load=C:\WINDOWS\system32\jkkli.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Voir la &source de la destination - file://C:\Program Files\web\v-source.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
    O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://surechat.com:9000/Java/cfs31229.cab
    O16 - DPF: Interface Chat Wanadoo - http://chat14.x-echo.com/version5/Applet/wchatsign.cab
    O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} - http://www.1-click.com/common/files/installer-hidden-test.cab
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://support.norton.com/sp/en/us/home/current/info
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB
    O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
    O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
    O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://E:\Content\include\msSecUcd.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://support.norton.com/sp/en/us/home/current/info
    O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\wlxwanul.exe (file missing)
    O23 - Service: Intel Alert Handler - Intel Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
    O23 - Service: Intel Alert Originator - Unknown owner - C:\WINDOWS\system32\ams_ii\iao.exe (file missing)
    O23 - Service: Intel File Transfer - Intel Corporation - C:\WINDOWS\system32\cba\xfr.exe
    O23 - Service: Intel PDS - Intel Corporation - C:\WINDOWS\system32\cba\pds.exe
    O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Unknown owner - C:\Program Files\Norton AntiVirus\isPwdSvc.exe (file missing)
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    0
  12. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    Fais un clic droit sur hijackthis,

    choisis "renommer" marque :► tu écris ► PROUT.exe
    Il faut impérativement que les lignes 02 apparaissent, sinon c'est pas bon

    Puis remet un rapport stp

    Pourquoi renommer HT

    Parce que qu'il semble que les infections Vundo aient la particularité de se "cacher"
    à la détection de HJT proprement dite ou à son analyse : la modification du nom de l'exe pallie ce problème...
    https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

    0
  13. nonoy54 Messages postés 452 Date d'inscription   Statut Membre Dernière intervention   7
     
    Je suis au bureau actuellement. je fais tout ça cet aprés midi à la maison.
    Merci de ton aide
    0
    1. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
       
      ok
      0
  14. nonoy54 Messages postés 452 Date d'inscription   Statut Membre Dernière intervention   7
     
    Voici le rapport

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:00:49, on 31/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    C:\WINDOWS\system32\safbhjna.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp .exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
    C:\WINDOWS\system32\ctfmon .exe
    C:\Program Files\Windows Media Player\WMPNSCFG .exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\prout\prout.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F3 - REG:win.ini: load=C:\WINDOWS\system32\jkkli.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {0FF6578E-A869-4A1B-8CB3-701FFC637508} - C:\WINDOWS\system32\jkkli.dll
    O2 - BHO: (no name) - {168EDE18-EC13-4922-8CDA-BD284F90F673} - C:\WINDOWS\system32\jkkli.dll
    O2 - BHO: (no name) - {276E41DC-3D65-466D-902B-22954CD04961} - (no file)
    O2 - BHO: {ab2bd84d-dcb7-285b-3264-82b02776f005} - {500f6772-0b28-4623-b582-7bcdd48db2ba} - C:\WINDOWS\system32\ulmfnfbc.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [105d73d6] rundll32.exe "C:\WINDOWS\system32\usiyftuo.dll",b
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Voir la &source de la destination - file://C:\Program Files\web\v-source.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
    O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://surechat.com:9000/Java/cfs31229.cab
    O16 - DPF: Interface Chat Wanadoo - http://chat14.x-echo.com/version5/Applet/wchatsign.cab
    O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} - http://www.1-click.com/common/files/installer-hidden-test.cab
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://support.norton.com/sp/en/us/home/current/info
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB
    O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
    O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
    O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://E:\Content\include\msSecUcd.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://support.norton.com/sp/en/us/home/current/info
    O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    O23 - Service: DomainService - - C:\WINDOWS\system32\safbhjna.exe
    O23 - Service: Intel Alert Handler - Intel Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
    O23 - Service: Intel Alert Originator - Unknown owner - C:\WINDOWS\system32\ams_ii\iao.exe (file missing)
    O23 - Service: Intel File Transfer - Intel Corporation - C:\WINDOWS\system32\cba\xfr.exe
    O23 - Service: Intel PDS - Intel Corporation - C:\WINDOWS\system32\cba\pds.exe
    O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Unknown owner - C:\Program Files\Norton AntiVirus\isPwdSvc.exe (file missing)
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    0
  15. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    C'est normal pour bitdefender

    A)- Pour cette ligne
    O23 - Service: DomainService - - C:\WINDOWS\system32\safbhjna.exe
    Vas dans le menu « Démarrer » , « Exécuter » et tu fais un copier/coller de services.msc
    dans la lucarne de saisie.
    Valide par [OK]
    La fenêtre des Services s'ouvre => vérifier dans la partie inférieure que l'onglet "Etendu" est bien sélectionné,
    sinon faites-le.
    Cherche le service suivant: DomainService et double-clique dessus.
    Une nouvelle fenêtre "Propriétés" s'ouvre alors : < https://www.zebulon.fr/images/dossiers/propriete.gif >
    -dans le champ"Status du service" mets-le sur "arrêté"
    -dans le champ"Type de démarrage" mets-le sur "désactivé"
    -puis clique sur "Appliquer" puis"ok"
    -Quitte les services.

    Refais un ComboFix dans la foulée

    Refais un Combofix
    stp
    0
  16. nonoy54 Messages postés 452 Date d'inscription   Statut Membre Dernière intervention   7
     
    Et voili

    ComboFix 07-12-21.4 - claude 2007-12-31 16:49:22.3 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.121 [GMT 1:00]
    Running from: C:\Documents and Settings\claude\Bureau\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\ilkkj.ini
    C:\WINDOWS\system32\ilkkj.ini2
    C:\WINDOWS\system32\jkkli.dll
    C:\WINDOWS\system32\outfyisu.ini
    C:\WINDOWS\system32\safbhjna.exe
    C:\WINDOWS\system32\ulmfnfbc.dll
    C:\WINDOWS\system32\usiyftuo.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_DOMAINSERVICE
    -------\LEGACY_M_HOOK
    -------\DomainService

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-28 to 2007-12-31 ))))))))))))))))))))))))))))))))))))
    .

    2007-12-31 12:26 . 2007-12-31 16:49 348,160 --a------ C:\WINDOWS\system32\jkkli.exe
    2007-12-30 22:51 . 2007-10-12 09:38 38,118,973 --a------ C:\WINDOWS\LPT$VPN.771
    2007-12-30 22:49 . 2007-12-30 22:49 <REP> d-------- C:\WINDOWS\AU_Temp
    2007-12-30 11:55 . 2007-12-30 11:55 <REP> d-------- C:\Program Files\Ashampoo
    2007-12-30 10:46 . 2007-12-30 10:46 167 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
    2007-12-29 14:42 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
    2007-12-29 14:42 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
    2007-12-29 14:42 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-12-29 14:42 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
    2007-12-29 11:37 . 2007-12-31 09:10 <REP> d----c--- C:\VundoFix Backups
    2007-12-29 10:22 . 2007-12-31 15:00 <REP> d-------- C:\Program Files\Trend Micro
    2007-12-29 10:00 . 2007-12-29 16:02 1,031,458 ---hs---- C:\WINDOWS\system32\ufeyxeqm.ini
    2007-12-27 22:39 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2007-12-27 22:39 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-12-27 22:39 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-12-27 22:39 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-27 22:38 . 2007-12-27 22:38 <REP> d-------- C:\Program Files\Alwil Software
    2007-12-27 22:38 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
    2007-12-27 22:38 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-12-27 22:38 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2007-12-27 22:36 . 2007-12-27 22:36 18,764,248 --a------ C:\Program Files\setupfre.exe
    2007-12-27 17:57 . 2007-12-31 07:12 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
    2007-12-27 06:51 . 2007-12-29 22:13 45,632 --a------ C:\WINDOWS\system32\taskswitch .exe
    2007-12-26 21:47 . 2007-12-26 21:47 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
    2007-12-10 21:46 . 2007-12-10 21:46 6,688 --a------ C:\WINDOWS\movexe.exe
    2007-12-10 21:45 . 2007-12-10 21:47 <REP> d----c--- C:\Accord
    2007-12-09 15:52 . 2007-12-24 16:05 <REP> d-------- C:\Program Files\TubeMaster
    2007-12-04 14:52 . 2007-12-04 14:52 <REP> d-------- C:\Documents and Settings\Administrateur.CLAUDE-6E5OYUA3\Application Data\Lavasoft
    2007-11-30 16:22 . 2007-11-30 16:22 <REP> d-------- C:\Documents and Settings\NetworkService\Mes documents
    2007-11-27 16:41 . 2004-10-08 00:42 577,536 --a------ C:\WINDOWS\system32\DSI.dll
    2007-11-27 16:41 . 2004-10-08 01:06 90,112 --a------ C:\WINDOWS\system32\WinMMFix.dll
    2007-11-27 16:41 . 2004-10-08 00:39 15,872 --a------ C:\WINDOWS\system32\KeyFilter.dll
    2007-11-27 16:41 . 2002-10-31 16:33 3,478 --a------ C:\WINDOWS\system32\digicoin.dll
    2007-11-27 16:40 . 2004-10-08 00:54 892,928 --a------ C:\WINDOWS\system32\DirectIO.dll
    2007-11-27 16:40 . 2004-10-08 00:54 74,240 --a------ C:\WINDOWS\system32\drivers\Dalwdm.sys
    2007-11-27 16:15 . 2007-11-27 16:15 <REP> d----c--- C:\Digidesign Databases
    2007-11-27 16:13 . 2007-11-27 16:13 <REP> d-------- C:\Program Files\Fichiers communs\PACE Anti-Piracy
    2007-11-27 16:13 . 2007-11-27 16:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
    2007-11-27 16:07 . 2003-11-06 11:19 540,672 --a------ C:\WINDOWS\system32\ilinet.dll
    2007-11-27 16:07 . 2003-11-06 12:04 68,320 --a------ C:\WINDOWS\system32\drivers\TPkd.sys
    2007-11-27 16:07 . 2003-07-07 13:26 26,541 --a------ C:\WINDOWS\system32\drivers\iLokDrvr.sys
    2007-11-27 16:02 . 2001-06-27 10:13 217,088 --a------ C:\WINDOWS\system32\qtmlClient.dll
    2007-11-27 16:01 . 2007-12-01 08:44 <REP> d-------- C:\Program Files\Fichiers communs\Digidesign
    2007-11-27 16:01 . 2007-12-01 08:45 <REP> d-------- C:\Program Files\Digidesign
    2007-11-25 18:07 . 2007-11-25 18:07 <REP> d-------- C:\Program Files\Acoustica Shared Effects
    2007-11-25 18:07 . 2007-11-25 18:19 <REP> d-------- C:\Program Files\Acoustica Beatcraft
    2007-11-25 17:19 . 2007-11-25 17:19 <REP> d-------- C:\Program Files\Sony Setup
    2007-11-24 18:18 . 2007-11-25 15:35 <REP> d-------- C:\Program Files\VstPlugins
    2007-11-24 18:18 . 2002-07-08 00:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
    2007-11-24 18:18 . 2003-04-07 12:07 217,088 -ra------ C:\WINDOWS\system32\rewire.dll
    2007-11-24 18:16 . 2007-11-25 15:34 <REP> d-------- C:\Program Files\Image-Line
    2007-11-24 17:56 . 2007-11-24 23:48 <REP> d-------- C:\Program Files\Power Tab Software
    2007-11-23 15:23 . 2004-10-01 14:44 44,003 --a------ C:\WINDOWS\system32\drivers\btwhid.sys
    2007-11-15 22:14 . 2007-11-15 22:14 <REP> d-------- C:\Documents and Settings\claude\Application Data\Sibelius Software
    2007-11-15 22:09 . 2007-11-15 22:09 <REP> d-------- C:\Program Files\Sibelius Software

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-31 11:32 --------- d-----w C:\Program Files\MSN Messenger
    2007-12-29 09:21 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2007-12-28 00:34 --------- d-----w C:\Program Files\QuickTime
    2007-12-11 21:03 --------- d-----w C:\Program Files\Mp3 My Mp3 2.0
    2007-12-05 20:37 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\eerd
    2007-12-04 13:49 --------- d-----w C:\Program Files\VirtualDJ
    2007-12-01 07:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-11-26 17:39 --------- d-----w C:\Documents and Settings\claude\Application Data\Canon
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRSTITL.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRSTEXT.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRSSTMP.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRSSPEC.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRSSCRP.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRSREH_.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRSMET_.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRSCHOR.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\RPRS____.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSTEXT.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSSE__.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSS___.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSROMC.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSPC__.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSP___.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSO___.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSNN__.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSM___.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSJAPC.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSFS__.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSFBE_.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSFB__.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSCSC_.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSCS__.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUSC___.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\OPUS____.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\INKPEN2_.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\INK2TEXT.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\INK2SPEC.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\INK2SCRI.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\INK2METR.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\INK2CHOR.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\HELST___.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\HELSS___.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\HELSM___.FOT
    2007-11-15 21:09 1,409 ----a-w C:\WINDOWS\Fonts\HELSINKI.FOT
    2007-11-13 10:25 20,480 ----a-r C:\WINDOWS\system32\drivers\secdrv.sys
    2007-11-10 10:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-03 17:06 --------- d-----w C:\Documents and Settings\claude\Application Data\SolidDocuments
    2007-11-01 14:40 --------- d-----w C:\Program Files\TablEdit
    2007-10-28 22:40 --------- d-----w C:\Program Files\Real Alternative
    2007-10-20 19:32 4,981,232 ----a-w C:\Program Files\camfrog.exe
    2007-10-14 15:33 45,056 ----a-w C:\WINDOWS\NCUNINST.EXE
    2007-10-12 08:40 86,094 ----a-w C:\WINDOWS\BPMNT.dll
    2007-10-12 08:40 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
    2007-10-12 08:38 71,749 ----a-w C:\WINDOWS\HCExtOutput.dll
    2007-10-12 08:38 267,845 ----a-w C:\WINDOWS\Tsc.exe
    2007-09-15 07:50 59,656 ----a-w C:\Documents and Settings\claude\Application Data\GDIPFONTCACHEV1.DAT
    2007-06-16 14:55 412,303 ----a-w C:\Program Files\GSpot270a-fr-Colok.zip
    2007-03-14 21:37 5,397,560 ----a-w C:\Program Files\VOFR230FOGTB6.EXE
    2007-03-08 20:17 2,685,104 ----a-w C:\Program Files\ccsetup138.exe
    2007-01-21 17:52 59,272 ----a-w C:\Documents and Settings\lucas\Application Data\GDIPFONTCACHEV1.DAT
    2007-01-20 07:53 5,063,192 ----a-w C:\Program Files\cfc.exe
    2007-01-11 13:07 58,032,562 ----a-w C:\Program Files\Samsung_PC_Studio_311_FKB.exe
    2006-11-19 15:53 47,360 ----a-w C:\Documents and Settings\claude\Application Data\pcouffin.sys
    2006-10-28 08:34 359,112 ----a-w C:\Program Files\LimeWireWin.exe
    2006-09-13 20:01 10,162,173 ----a-w C:\Program Files\SN-510.exe
    2006-08-26 13:49 26,892 ----a-w C:\Program Files\torbutton-1.0.4-fx+tb.xpi
    2006-08-26 11:38 326,263 ----a-w C:\Program Files\spell-fr-FR.xpi
    2006-04-30 05:54 5,037,072 ----a-w C:\Program Files\spybotsd14.exe
    2006-03-30 16:09 3,643 -c--a-w C:\Program Files\ads_err.dbf
    2006-03-03 10:32 237,568 ----a-w C:\Program Files\ispare.exe
    2005-10-31 15:56 700,416 -c--a-w C:\Program Files\StubInstaller.exe
    2005-09-22 05:06 1,076,480 -c--a-w C:\Program Files\setupfr.exe
    2005-06-02 18:45 14,896 -c--a-w C:\Program Files\MACDR005.CST
    2005-01-02 10:44 8,192 ----a-w C:\Program Files\Signatures.reg
    2005-01-02 10:44 49,152 ----a-w C:\Program Files\Expblock.reg
    2005-01-02 10:44 24,576 ----a-w C:\Program Files\MailRules.reg
    2004-11-01 17:00 106,240 -c--a-w C:\Program Files\Windows-KB870669-x86-ENU.exe
    2004-10-03 15:55 352,032 -c--a-w C:\Program Files\WindowsXP-KB822603-x86-FRA.exe
    2004-08-04 11:17 1,128,203 -c--a-w C:\Program Files\dvdshrink32setup_FR.exe
    2004-07-08 19:58 884,390 ----a-w C:\Program Files\bootvis1337fr.exe
    2004-04-15 06:34 1,089,660 -c--a-w C:\Program Files\data256.dbb
    2004-03-13 18:07 381,012 ----a-w C:\Program Files\plmessengerctrl.exe
    2004-03-13 07:23 389,376 -c--a-w C:\Program Files\Q831167.exe
    2004-02-22 10:42 39 -c--a-w C:\Program Files\CTJINI.INI
    2004-01-10 10:29 471,744 -c--a-w C:\Program Files\GoogleToolbarInstaller.exe
    2003-03-18 10:33 2,100,352 ----a-w C:\Program Files\q810847.exe
    2003-03-15 13:43 824 ----a-w C:\Program Files\FT1047735746-6099.ins
    2003-02-09 07:31 824 ------w C:\Program Files\FT1044775858-4406.ins
    2003-01-25 17:17 59,992 ----a-w C:\Program Files\msnaddin.exe
    2003-01-03 14:02 134 -c--a-w C:\Program Files\install.txt
    2002-12-30 11:43 495,432 -c--a-w C:\Program Files\ie6setup
    2002-12-22 15:52 1,309 -c--a-w C:\Program Files\data1024.dbb
    2001-12-14 11:57 432,683 -c--a-w C:\Program Files\tv-radio.exe
    2001-09-19 09:26 291 -c--a-w C:\Program Files\FILE_ID.DIZ
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CBA09EEE-CC2C-4F8B-8122-CBF1207512DD}]
    2007-12-31 17:04 344576 --a------ C:\WINDOWS\system32\jkkli.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" []
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2007-12-31 07:11]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="RUNDLL32.exe" [2004-08-19 15:10 C:\WINDOWS\system32\rundll32.exe]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 15:10 C:\WINDOWS\system32\bthprops.cpl]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-31 17:04]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:09]
    "NVIDIA Video drivers"="video_32sD.exe" []
    "NAV Scan Service"="NAVscan32.exe" []

    [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
    "load"=C:\WINDOWS\system32\jkkli.exe

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\jkkli

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^BTTray.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk
    backup=C:\WINDOWS\pss\BTTray.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^claude^Menu Démarrer^Programmes^Démarrage^reminder-Enregistrement du produit ScanSoft.lnk]
    backup=C:\WINDOWS\pss\reminder-Enregistrement du produit ScanSoft.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Instant Access]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /install

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OmniPage]
    1998-10-28 11:09 44032 --a------ C:\Program Files\Caere\OmniPagePro90\opware32.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2007-09-25 00:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    R1 lusbaudio;Microphone USB Logitech;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 22:05]
    R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-02-26 20:44]
    R3 QCEmerald;QuickCam Web Logitech;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 22:05]
    S2 CoachCap;Concord EyeQ Duo LCD USB Video Capture V1.00;C:\WINDOWS\system32\drivers\CoachCap.sys []
    S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 13:23]
    S3 W700bus;Sony Ericsson W700 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\W700bus.sys [2007-02-10 12:06]
    S3 W700mdfl;Sony Ericsson W700 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\W700mdfl.sys [2007-02-10 12:06]
    S3 W700mdm;Sony Ericsson W700 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\W700mdm.sys [2007-02-10 12:06]
    S3 W700mgmt;Sony Ericsson W700 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\W700mgmt.sys [2007-02-10 12:06]
    S3 W700obex;Sony Ericsson W700 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\W700obex.sys [2007-02-10 12:06]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2007-12-28 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-31 17:03:27
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    C:\WINDOWS\system32\ilkkj.ini 6516 bytes
    C:\WINDOWS\system32\ilkkj.ini2 319 bytes

    scan completed successfully
    hidden files: 2

    **************************************************************************
    .
    Completion time: 2007-12-31 17:09:04 - machine was rebooted
    C:\ComboFix2.txt ... 2007-12-30 10:31
    C:\ComboFix3.txt ... 2007-12-29 20:34
    .
    2007-12-12 07:03:44 --- E O F ---
    0
  17. nonoy54 Messages postés 452 Date d'inscription   Statut Membre Dernière intervention   7
     
    Je pense que le problème est là:

    C:\WINDOWS\system32\ilkkj.ini 6516 bytes
    C:\WINDOWS\system32\ilkkj.ini2 319 bytes

    mais comment l'eliminer?
    0
  18. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    Refais un log Hijakthis
    Stp
    0
  19. nonoy54 Messages postés 452 Date d'inscription   Statut Membre Dernière intervention   7
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:44:25, on 01/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
    C:\Program Files\Windows Media Player\WMPNSCFG .exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\prout\prout.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F3 - REG:win.ini: load=C:\WINDOWS\system32\jkkli.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {51D03C49-5B91-4171-BB5F-195E577B9D6A} - C:\WINDOWS\system32\jkkli.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {B86EAC34-4D8F-4E8C-82F4-E89E579D2FCB} - C:\WINDOWS\system32\jkkli.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Voir la &source de la destination - file://C:\Program Files\web\v-source.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
    O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://surechat.com:9000/Java/cfs31229.cab
    O16 - DPF: Interface Chat Wanadoo - http://chat14.x-echo.com/version5/Applet/wchatsign.cab
    O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} - http://www.1-click.com/common/files/installer-hidden-test.cab
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://support.norton.com/sp/en/us/home/current/info
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB
    O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
    O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
    O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://E:\Content\include\msSecUcd.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://support.norton.com/sp/en/us/home/current/info
    O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    O23 - Service: Intel Alert Handler - Intel Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
    O23 - Service: Intel Alert Originator - Unknown owner - C:\WINDOWS\system32\ams_ii\iao.exe (file missing)
    O23 - Service: Intel File Transfer - Intel Corporation - C:\WINDOWS\system32\cba\xfr.exe
    O23 - Service: Intel PDS - Intel Corporation - C:\WINDOWS\system32\cba\pds.exe
    O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Unknown owner - C:\Program Files\Norton AntiVirus\isPwdSvc.exe (file missing)
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    0
  20. nonoy54 Messages postés 452 Date d'inscription   Statut Membre Dernière intervention   7
     
    J'ai desinstallé Avast et installé Antivir. Il trouve sans arret drop.agent. DGO.8 et drop.agent DGO.21
    0
  21. ^^Marie^^ Messages postés 41884 Date d'inscription   Statut Membre Dernière intervention   3 280
     
    Re

    Désactive tes protections résidentes (antivirus...) !
    Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

    C:\WINDOWS\system32\jkkli.exe

    Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précédemment copié.
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe

    Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
    NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.
    0
  • 1
  • 2