Trojan.Win32.BHO.aboRésolu/Fermé

Question

Bonjour,voila mon probleme sa fait 1 moi que se cheval de troie "Trojan.win32.BHO.abo" et dans mon ordinateur a cette emplacement " c:WINDOWS\system32\DOCPOPO.DLL" est pas moyen de le delloger, j'ai essayer avec l'anti virus orange, avast,multi virus cleaner 2007, j'ai meme essaye manuellement de le suprimer, deplacer, rien a faire il me marque "l'accès a cet objet est impossible", et j'ai l'impression qu'il nuit o fonctionement du périphériques  SCSI/RAID HOST controller, qui me marque un point d'interrogation, j'ai essaye de le reinstaller il me marque "une erreur s'est produite lors de l'installlation du periphérique le service spécifié n'existe pas en tant que service installé", merci de votre aide et bonne anné

Utilisateur anonyme · Answer

salut

enleve ton anticirus et telecharge kaspersky internet security et spyware terminator mes les a jour puis fait un scan en mode normale et mode sans echec et supprime tous se qu'ils trouvent

^^Marie^^ · Answer

Salut

Pas besoin de changer d'anti virus

Un log Hijajackthis + ComboFix

lordtoufu · Answer

ok je ferais sa mardi soir apres le boulot merci et bonne année

lordtoufu · Answer

pouvai vous me fournir un lien s'il vous plait pour le Hijajackthis + ComboFix

^^Marie^^ · Answer

F -  Hijackthis - Outil de diagnostic et réparation 
télécharge HijackThis ici: 
http://telechargement.zebulon.fr/138-hijackthis-1991.html 
Dézippe le dans un dossier prévu à cet effet. 
Par exemple C:\hijackthis < Enregistre le bien dans c : ! 
Démo : (Merci a Balltrap34 pour cette réalisation) 
http://pageperso.aol.fr/balltrap34/Hijenr.gif 
Lance le puis: 
clique sur "do a system scan and save logfile" (cf démo) 
faire un copier coller du log entier sur le forum 
Démo : (Merci a Balltrap34 pour cette réalisation) 
http://pageperso.aol.fr/balltrap34/demohijack.htm 
http://www.tutoriaux-excalibur.com/hijackthis.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html 

Bon courage 

A+

lordtoufu · Answer

lol j'en demmandet pas temp, mais elle sont quand meme vachement pratique s'est demo

voila le raport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:06:32, on 02/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\AntivirusFirewall\backweb\4476822\Program\ServiceWrapper-4476822.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AntivirusFirewall\backweb\4476822\Program\fspex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\AntivirusFirewall\Common\FSLAUNCH.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Free Audio Pack\FreeConverter\FreeConverter.exe
E:\Mes documents\Suplement\virus\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.icrfast.com/index.php?rvs=hompag
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\Macrogaming\SweetIMBarForIE	oolbar.dll
O2 - BHO: (no name) - {2B30A026-AB51-4F9F-AA4F-DDFBB8AE6D2E} - C:\WINDOWS\system32\docpropo.dll (file missing)
O2 - BHO: (no name) - {4B4E2687-0459-4DF5-A132-BD4599A761E6} - c:\windows\system32\comctl32r.dll (file missing)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb125\Dealio.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb125\Dealio.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [DAEMON Tools] "E:\program files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [loscurvp1] C:\WINDOWS\system32\loscurvp1.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAIDaid_tool.exe
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKCU\..\Run: [FlapSave] C:\DOCUME~1\Administrateur\Application Data\DrvAmen\Byteplay.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [loscurvp1] C:\WINDOWS\system32\loscurvp1.exe
O4 - HKCU\..\Run: [Eyeball Chat] "C:\PROGRA~1\Eyeball\Eyeball Chat\EyeballChat.exe" -min
O4 - Global Startup: F-Secure 2006.lnk = C:\Program Files\AntivirusFirewall\backweb\4476822\Program\fspex.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Administrateur\Application Data\Dealio\kb125es\DealioSearch.html
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb125\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb125\Dealio.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: dxrosamc - comctl32r.dll (file missing)
O20 - Winlogon Notify: tt - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\AntivirusFirewall\backweb\4476822\Program\ServiceWrapper-4476822.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\AntivirusFirewall\backweb\6588780\Program\ServiceWrapper-6588780.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe

lordtoufu · Answer

donc d'apres se que je compris mon virus et la ?



O2 - BHO: (no name) - {2B30A026-AB51-4F9F-AA4F-DDFBB8AE6D2E} - C:\WINDOWS\system32\docpropo.dll (file missing)

^^Marie^^ · Answer

Evite surtout d'aller voir le ROBOT qui risque de faire planter ton PC.

1/ tu as deux anti-virus &#9658; source de conflits &#9658; supprimes en un.
2/ Macrogaming\SweetIM &#9658;  rogue à supprimer



Tu me refais un log Hijackthis

lordtoufu · Answer

programme suprimer voila le rapport

voila le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:47:12, on 02/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\AntivirusFirewall\backweb\4476822\Program\ServiceWrapper-4476822.exe
C:\PROGRA~1\AntivirusFirewall\backweb\6588780\Program\ServiceWrapper-6588780.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\Program Files\AntivirusFirewall\backweb\4476822\Program\fspex.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\PROGRA~1\AntivirusFirewall\Anti-Spyware\fsaw.exe
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
E:\Mes documents\Suplement\virus\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.icrfast.com/index.php?rvs=hompag
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\Macrogaming\SweetIMBarForIE	oolbar.dll (file missing)
O2 - BHO: (no name) - {2B30A026-AB51-4F9F-AA4F-DDFBB8AE6D2E} - C:\WINDOWS\system32\docpropo.dll
O2 - BHO: (no name) - {4B4E2687-0459-4DF5-A132-BD4599A761E6} - c:\windows\system32\comctl32r.dll (file missing)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb125\Dealio.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll (file missing)
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb125\Dealio.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [DAEMON Tools] "E:\program files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [loscurvp1] C:\WINDOWS\system32\loscurvp1.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAIDaid_tool.exe
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKCU\..\Run: [FlapSave] C:\DOCUME~1\Administrateur\Application Data\DrvAmen\Byteplay.exe
O4 - HKCU\..\Run: [loscurvp1] C:\WINDOWS\system32\loscurvp1.exe
O4 - HKCU\..\Run: [Eyeball Chat] "C:\PROGRA~1\Eyeball\Eyeball Chat\EyeballChat.exe" -min
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
O4 - Global Startup: F-Secure 2006.lnk = C:\Program Files\AntivirusFirewall\backweb\4476822\Program\fspex.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Administrateur\Application Data\Dealio\kb125es\DealioSearch.html
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb125\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb125\Dealio.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: dxrosamc - comctl32r.dll (file missing)
O20 - Winlogon Notify: tt - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\AntivirusFirewall\backweb\4476822\Program\ServiceWrapper-4476822.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\AntivirusFirewall\backweb\6588780\Program\ServiceWrapper-6588780.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe

^^Marie^^ · Answer

télécharge combofix (par sUBs)ici : 
Combofix est un programme qui supprime des trojans/backdoor connues et rootkits
http://download.bleepingcomputer.com/sUBs/ComboFix.exe 


et enregistre le sur le bureau. 

2 double-clique sur combofix.exe et suis les instructions 

3 à la fin, il va produire un rapport C:\ComboFix.txt 

4 copie/colle ce rapport dans ta prochaine réponse. 

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi. 

Poste aussi un nouveau rapport Hijackthis.

lordtoufu · Answer

rapport de combofix : ComboFix 08-01-03.3 - Administrateur 2008-01-02 21:55:24.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.623 [GMT 1:00] Running from: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-03 to 2008-01-03 )))))))))))))))))))))))))))))))))))) . 2008-01-02 21:54 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-02 21:01 . 2008-01-02 21:01 d-------- C:\Documents and Settings\Administrateur\Application Data\Search Settings 2008-01-02 20:42 . 2008-01-02 20:42 d-------- C:\Program Files\Search Settings 2008-01-02 20:42 . 2008-01-02 20:42 d-------- C:\Program Files\Dealio 2008-01-02 20:42 . 2008-01-02 21:41 d-------- C:\Documents and Settings\Administrateur\Application Data\Dealio 2008-01-02 20:41 . 2008-01-02 20:41 d-------- C:\Program Files\Free Audio Pack 2008-01-02 19:15 . 2008-01-02 19:15 d-------- C:\Program Files\Illustrate 2008-01-02 19:15 . 2008-01-02 19:15 131,072 --a------ C:\WINDOWS\system32\SpoonUninstall.exe 2007-12-31 16:37 . 2007-12-31 16:37 d-------- C:\Documents and Settings est\Application Data\ispnews 2007-12-31 16:36 . 2007-07-11 18:40 d--h----- C:\Documents and Settings est\Voisinage r‚seau 2007-12-31 16:36 . 2007-07-11 18:40 d--h----- C:\Documents and Settings est\Voisinage d'impression 2007-12-31 16:36 . 2007-07-11 16:45 d--h----- C:\Documents and Settings est\ModŠles 2007-12-31 16:36 . 2007-12-31 16:36 dr------- C:\Documents and Settings est\Mes documents 2007-12-31 16:36 . 2007-07-11 18:40 dr------- C:\Documents and Settings est\Menu D‚marrer 2007-12-31 16:36 . 2007-12-31 16:36 dr------- C:\Documents and Settings est\Favoris 2007-12-31 16:36 . 2007-07-11 18:40 d-------- C:\Documents and Settings est\Bureau 2007-12-31 00:04 . 2007-12-31 00:04 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.123-4476822L.exe 2007-12-30 20:35 . 2007-12-30 20:35 d-------- C:\Documents and Settings\Administrateur\Application Data\Logitech 2007-12-30 20:32 . 2006-10-08 21:51 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-12-30 20:32 . 2007-12-30 20:32 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2007-12-30 20:32 . 2007-12-30 20:32 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf 2007-12-30 20:31 . 2007-12-30 20:31 d-------- C:\Program Files\Logitech 2007-12-30 20:31 . 2007-12-30 20:31 d-------- C:\Documents and Settings\All Users\Application Data\Logitech 2007-12-30 20:31 . 2007-01-23 15:45 1,419,024 --a------ C:\WINDOWS\system32\WdfCoInstaller01005.dll 2007-12-30 20:31 . 2007-01-30 01:46 163,840 --a------ C:\WINDOWS\system32\kemutb.dll 2007-12-30 20:31 . 2007-01-30 01:46 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll 2007-12-30 20:31 . 2007-01-30 01:46 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll 2007-12-30 20:31 . 2007-01-23 15:44 101,136 --a------ C:\WINDOWS\KHALMNPR.Exe 2007-12-30 20:31 . 2007-01-30 01:46 69,632 --a------ C:\WINDOWS\system32\KemXML.dll 2007-12-30 20:31 . 2007-01-23 15:45 34,576 --a------ C:\WINDOWS\system32\drivers\LHidFilt.Sys 2007-12-30 20:31 . 2007-01-23 15:45 33,296 --a------ C:\WINDOWS\system32\drivers\LMouFilt.Sys 2007-12-30 20:30 . 2007-12-30 20:30 d-------- C:\SWSetup 2007-12-30 20:30 . 2007-12-30 20:31 d-------- C:\Program Files\Fichiers communs\Logitech 2007-12-30 20:13 . 2007-09-20 10:43 331,184 --------- C:\WINDOWS\system32\difxapi.dll 2007-12-30 20:12 . 2007-03-29 11:36 9,216 --a------ C:\WINDOWS\system32\drivers\videX32.sys 2007-12-30 19:28 . 2007-12-30 19:28 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS 2007-12-26 12:50 . 2007-12-26 12:50 24 ---hs---- C:\WINDOWS\S2237C0A9.tmp 2007-12-26 12:49 . 2008-01-02 21:45 d-------- C:\Program Files\SlySoft 2007-12-23 02:12 . 2007-12-23 02:12 d-------- C:\Program Files\Opera 2007-12-23 02:11 . 2007-12-23 02:11 d-------- C:\Program Files\Alwil Software 2007-12-07 12:55 . 2007-12-19 17:30 171 --a------ C:\WINDOWS\system\CmiCnfg.ini 2007-12-06 21:08 . 2004-08-12 08:50 2,568,192 -ra------ C:\WINDOWS\system\cmicnfg.cpl 2007-12-06 21:08 . 2004-02-17 03:51 1,458,176 -ra------ C:\WINDOWS\system\SmWizard.exe 2007-12-06 21:08 . 2002-04-29 08:04 917,504 -ra------ C:\WINDOWS\system\cmids3d.dll 2007-12-06 21:08 . 2004-08-23 09:21 821,760 -ra------ C:\WINDOWS\system32\drivers\cmuda.sys 2007-12-06 21:08 . 2001-11-23 05:08 712,704 -ra------ C:\WINDOWS\system32\Audio3D.dll 2007-12-06 21:08 . 2004-04-23 08:02 233,472 -ra------ C:\WINDOWS\system32\cmirmdrv.exe 2007-12-06 21:08 . 2004-08-26 11:25 163,840 -ra------ C:\WINDOWS\system32\cmuda.dll 2007-12-06 21:08 . 2003-04-24 06:29 32,768 -ra------ C:\WINDOWS\system32\udaprop.dll 2007-12-06 21:08 . 2003-02-18 11:26 28,672 -ra------ C:\WINDOWS\system32\cmirmdrv.dll 2007-12-06 18:31 . 2007-12-30 15:23 d-------- C:\Documents and Settings\Administrateur\amsn 2007-12-06 18:29 . 2007-12-06 18:30 d-------- C:\Program Files\aMSN . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-30 19:31 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-23 13:01 --------- d-----w C:\Program Files\Wanadoo 2007-12-23 10:24 --------- d-----w C:\Program Files\DaemonTools_WhenUSave_Installer 2007-12-19 16:30 --------- d-----w C:\Program Files\C-Media 3D Audio 2007-12-12 20:06 --------- d-----w C:\Program Files\Google 2007-12-06 18:55 19,456 ----a-w C:\WINDOWS\system32\drivers\fyniqdhr.dat 2007-12-05 19:42 --------- d-----w C:\Documents and Settings\Administrateur\Application Data eamspeak2 2007-12-03 19:36 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll 2007-12-03 19:36 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll 2007-12-03 19:36 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll 2007-12-02 19:21 --------- d-----w C:\Program Files\Teamspeak2_RC2 2007-11-22 16:54 --------- d-----w C:\Program Files\directx 2007-11-20 17:26 --------- d-----w C:\Program Files\EA GAMES 2007-11-15 19:21 --------- d-----w C:\Program Files\Ahead 2007-11-15 19:19 --------- d-----w C:\Program Files\Multi_Media 2007-11-15 19:19 --------- d-----w C:\Program Files\MSN Skin 2007-11-15 18:45 107,888 -c--a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-11-15 18:45 --------- d--h--r C:\Documents and Settings\Administrateur\Application Data\SecuROM 2007-11-07 17:16 152 ----a-w C:\Documents and Settings\Administrateur\brdgInst.bat 2007-11-07 16:58 --------- d-----w C:\Program Files\SAGEM 2007-11-05 16:41 --------- d-----w C:\Program Files\Lavasoft 2007-11-05 16:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-11-05 16:39 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-10-15 15:26 246,545 -c--a-w C:\WINDOWS\system32\libssl32.dll 2007-10-15 15:26 1,188,375 -c--a-w C:\WINDOWS\system32\libeay32.dll 2001-11-23 04:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B30A026-AB51-4F9F-AA4F-DDFBB8AE6D2E}] 2001-08-24 13:00 99840 --a------ C:\WINDOWS\system32\docpropo.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B4E2687-0459-4DF5-A132-BD4599A761E6}] c:\windows\system32\comctl32r.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}] 2007-12-06 11:58 1198432 --a------ C:\Program Files\Search Settings\kb125\SearchSettings.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WOOKIT"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [ ] "FlapSave"="C:\DOCUME~1\Administrateur\Application Data\DrvAmen\Byteplay.exe" [ ] "loscurvp1"="C:\WINDOWS\system32\loscurvp1.exe" [ ] "Eyeball Chat"="C:\PROGRA~1\Eyeball\Eyeball Chat\EyeballChat.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-02-13 19:29 35328] "F-Secure Manager"="C:\Program Files\AntivirusFirewall\Common\FSM32.exe" [2005-10-26 02:51 122929] "F-Secure TNB"="C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" [2005-07-18 15:51 700416] "F-Secure Startup Wizard"="C:\Program Files\AntivirusFirewall\FSGUI\FSSW.exe" [2005-10-18 09:29 372736] "News Service"="C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" [2005-05-31 13:45 356352] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 12:26 7700480] "nwiz"="nwiz.exe" [2007-04-19 12:26 1626112 C:\WINDOWS\system32 wiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 12:26 86016] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [ ] "DAEMON Tools"="E:\program files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592] "loscurvp1"="C:\WINDOWS\system32\loscurvp1.exe" [ ] "Cmaudio"="cmicnfg.cpl" [] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe] "RaidTool"="C:\Program Files\VIA\RAID aid_tool.exe" [2005-04-26 11:22 589824] "au"="C:\Program Files\Dealio\DealioAU.exe" [2007-12-06 11:57 546144] "SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [2007-12-06 11:58 1069920] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ClearDocsOnExit"= 64 (0x40) "NoSMHelp"= 1 (0x1) "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoDesktopCleanupWizard"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) "NoAutoUpdate"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ClearDocsOnExit"= 64 (0x40) "NoSMHelp"= 1 (0x1) "MemCheckBoxInRunDlg"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoDesktopCleanupWizard"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) "NoAutoUpdate"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\dxrosamc] comctl32r.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify t] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-11-18 16:04] R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys [2005-04-26 11:22] R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-03-29 11:36] R0 yinnwuui;yinnwuui;C:\WINDOWS\system32\drivers\fyniqdhr.dat [] R2 BackWeb Plug-in - 4476822;F-Secure 2006;C:\PROGRA~1\AntivirusFirewall\backweb\4476822\Program\ServiceWrapper-4476822.exe [2007-12-31 00:09] R2 BackWeb Plug-in - 6588780;Antivirus Firewall;C:\PROGRA~1\AntivirusFirewall\backweb\6588780\Program\ServiceWrapper-6588780.exe [2007-07-15 19:29] R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [2004-09-10 16:14] R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [2007-07-15 19:41] R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [2004-06-01 10:03] R2 X4HSX32;X4HSX32;C:\Program Files\Metaboli Player\X4HSX32.Sys [2006-12-13 08:34] S2 vhdjeavl;USB Bus ad177 Helper;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:55] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs vhdjeavl [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8937395a-6f90-11dc-a9af-000e2ebdf7ae}] \Shell\ar32i301\command - F:\goodies\ar32i301.exe \Shell\AutoRun\command - F:\aoesetup.exe /autorun \Shell\dxdiag\command - F:\goodies\DirectX\dplay60a.exe \Shell\ie4stNT\command - F:\goodies\ie40\ie4setup.exe \Shell\ie4stw95\command - F:\goodies\ie40\ie4setup.exe \Shell\msinfo\command - F:\goodies\msinfo\msinfo32.exe \Shell\sampler\command - F:\Sampler\Sampler.exe \Shell\setup\command - F:\aoesetup.exe /autorun \Shell\zone\command - F:\sampler\demos\zone\zoneA501.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{94b8ac9c-2f98-11dc-9be4-806d6172696f}] \Shell\AutoRun\command - D:\INSTALL.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-03 22:02:34 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-03 22:04:29 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-03 21:04:23 raport de Hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:12:24, on 03/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\PROGRA~1\AntivirusFirewall\backweb\4476822\Program\ServiceWrapper-4476822.exe C:\PROGRA~1\AntivirusFirewall\backweb\6588780\Program\ServiceWrapper-6588780.exe C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe C:\WINDOWS\system32 vsvc32.exe C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe C:\Program Files\AntivirusFirewall\backweb\4476822\Program\fspex.exe C:\Program Files\AntivirusFirewall\Common\FCH32.EXE C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe C:\Program Files\AntivirusFirewall\Common\FSM32.EXE C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Search Settings\SearchSettings.exe C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe C:\Program Files\RALINK\Common\RaUI.exe C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe C:\PROGRA~1\AntivirusFirewall\Anti-Spyware\fsaw.exe C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe C:\Program Files\internet explorer\iexplore.exe E:\Mes documents\Suplement\virus\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.icrfast.com/index.php?rvs=hompag R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE oolbar.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\Macrogaming\SweetIMBarForIE oolbar.dll (file missing) O2 - BHO: (no name) - {2B30A026-AB51-4F9F-AA4F-DDFBB8AE6D2E} - C:\WINDOWS\system32\docpropo.dll O2 - BHO: (no name) - {4B4E2687-0459-4DF5-A132-BD4599A761E6} - c:\windows\system32\comctl32r.dll (file missing) O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb125\Dealio.dll O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE oolbar.dll (file missing) O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb125\Dealio.dll O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [DAEMON Tools] "E:\program files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [loscurvp1] C:\WINDOWS\system32\loscurvp1.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID aid_tool.exe O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe O4 - HKCU\..\Run: [FlapSave] C:\DOCUME~1\Administrateur\Application Data\DrvAmen\Byteplay.exe O4 - HKCU\..\Run: [loscurvp1] C:\WINDOWS\system32\loscurvp1.exe O4 - HKCU\..\Run: [Eyeball Chat] "C:\PROGRA~1\Eyeball\Eyeball Chat\EyeballChat.exe" -min O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe O4 - Global Startup: F-Secure 2006.lnk = C:\Program Files\AntivirusFirewall\backweb\4476822\Program\fspex.exe O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Administrateur\Application Data\Dealio\kb125 es\DealioSearch.html O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb125\Dealio.dll O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb125\Dealio.dll O10 - Unknown file in Winsock LSP: c:\windows\system32 wprovau.dll O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29 O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab O20 - Winlogon Notify: dxrosamc - comctl32r.dll (file missing) O20 - Winlogon Notify: tt - C:\WINDOWS\ O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\AntivirusFirewall\backweb\4476822\Program\ServiceWrapper-4476822.exe O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\AntivirusFirewall\backweb\6588780\Program\ServiceWrapper-6588780.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32 vsvc32.exe

lordtoufu · Answer

alors docteur s'est grave?

^^Marie^^ · Answer

1/ Télécharge et installe CCleaner 

http://www.clubic.com/lancer-le-telechargement-20932-0-ccleaner-crap-cleaner-.html

2/ 2/ Télécharge AVG 
https://www.avg.com/en-ww/free-antivirus-download
Lance AVG Anti-Spyware et clique sur le bouton Mise à jour. 
Tu fermes


 
3/ Redémarre en mode sans échec (Pour cela : démarrer le PC en tapotant sur la touche F8 du clavier jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionner Mode sans échec puis appuyer sur la touche Entrée...) 
Attention tu n'as pas accès à Internet dans ce mode donc note ou imprime les consignes qui suivent. 
 
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\Macrogaming\SweetIMBarForIE	oolbar.dll (file missing)
O2 - BHO: (no name) - {2B30A026-AB51-4F9F-AA4F-DDFBB8AE6D2E} - C:\WINDOWS\system32\docpropo.dll
O2 - BHO: (no name) - {4B4E2687-0459-4DF5-A132-BD4599A761E6} - c:\windows\system32\comctl32r.dll (file missing)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb125\Dealio.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll (file missing)
O4 - HKLM\..\Run: [loscurvp1] C:\WINDOWS\system32\loscurvp1.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKCU\..\Run: [FlapSave] C:\DOCUME~1\Administrateur\Application Data\DrvAmen\Byteplay.exe
O4 - HKCU\..\Run: [loscurvp1] C:\WINDOWS\system32\loscurvp1.exe
O4 - HKCU\..\Run: [Eyeball Chat] "C:\PROGRA~1\Eyeball\Eyeball Chat\EyeballChat.exe" –min
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb125\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb125\Dealio.dll
O20 - Winlogon Notify: dxrosamc - comctl32r.dll (file missing)
O20 - Winlogon Notify: tt - C:\WINDOWS\



5/ Assure-toi que tu as accès aux fichiers cachés.   
(Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage   
"Afficher les fichiers et dossiers cachés" ->coché   
"Masquer les extensions des fichiers dont le type est connu" ->décoché) 
 
6/ ensuite supprime les fichiers et/ou dossiers suivants si présents : 

C:\Program Files\Macrogaming\SweetIMBarForIE
C:\Program Files\Search Settings
C:\Program Files\Dealio\kb125

7/ Lance CCleaner 
puis bouton Analyse ensuite Bouton Lancer le Nettoyage 

8/ Lance AVG
Lance AVG Anti-Spyware 
Clique sur le bouton Analyse (de la barre d'outils) 
Puis sur l'onglets Comment réagir, clique sur Actions recommandées. 
Reviens à l'onglet Analyse. Clique sur Analyse complète du système. 
/!\ Si un fichier est infecté en fin d'analyse /!\
choisis l'option " Appliquer toutes les actions " en bas. 
Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous" 
Enregistre ce fichier texte sur ton bureau.
Copie/colle le rapport 



9/ Redémarre normalement et poste un nouveau rapport HijackThis. 
 
as-tu encore des dysfonctionnements ?

lordtoufu · Answer

dsl passer 15 an apres mais probleme resolu, j'avai enmener mon pc pour un pti uprague (cm + pros) et il ma formater le disque dur (snif) donc pu de virus merci encore

Trojan.Win32.BHO.abo

14 réponses

Discussions similaires

Newsletters