A l'aide urgent win32 : trat BHO[tRJ]

paulchette Messages postés 1 Statut Membre -  
 paulchette -
Bonjour,

je n' y connais pas grand chose, mais Avast a détecté ce virus, suivant certains forums j'ai changer avast pour antivir(perso plus pénible car il indique sans arrêt la rpésence des virus et bloque l'utilisation du scan)
Après désactivation de l'antivirus j'ai lancé un scan
puis un highjack.
Pouvez vous m'aider à résoudre mon problème svp.

Finallement j'ai remis avast.

log file antivir :

AntiVir PersonalEdition Classic
Report file date: mardi 8 janvier 2008 19:47

Scanning for 1017413 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: DCFC0Q2J

Version information:
BUILD.DAT : 270 15603 Bytes 19.09.07 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23.08.07 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16.08.07 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14.08.07 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21.08.07 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18.07.07 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14.12.07 17:51:48
ANTIVIR2.VDF : 7.0.1.205 620544 Bytes 08.01.08 17:51:48
ANTIVIR3.VDF : 7.0.1.208 9728 Bytes 08.01.08 17:51:48
AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 08.01.08 17:51:50
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26.02.07 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18.07.07 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16.04.07 13:16:24
AVPACK32.DLL : 7.6.0.2 360488 Bytes 08.01.08 17:51:50
AVREG.DLL : 7.0.1.6 30760 Bytes 18.07.07 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28.08.07 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18.07.07 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08.03.07 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07.08.07 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21.08.07 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23.07.07 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 8 janvier 2008 19:47

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'HOTSYNC.EXE' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'DSAgnt.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
Scan process 'PicasaMediaDetector.exe' - '1' Module(s) have been scanned
Scan process 'vVX3000.exe' - '1' Module(s) have been scanned
Scan process 'BacsTray.exe' - '1' Module(s) have been scanned
Scan process 'E_FATIBVE.EXE' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'Corel Photo Downloader.exe' - '1' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
Scan process 'issch.exe' - '1' Module(s) have been scanned
Scan process 'DMXLauncher.exe' - '1' Module(s) have been scanned
Scan process 'stsystra.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'MSCamS32.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
50 processes with 50 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
Master boot sector HD1
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD2
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD3
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD4
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD5
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
C:\WINDOWS\system32\jkkifec.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\jkkifec.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen

The registry was scanned ( '39' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\dany rabory\Local Settings\Temp\temp.frAD4F\bin\10.0.370.0\ZangoUnInstaller.exe
[DETECTION] Contains detection pattern of the dropper DR/180Solutions.BJ.4
[INFO] The file was moved to '47f1c67d.qua'!
C:\Documents and Settings\dany rabory\Local Settings\Temp\temp.frE868\bin\10.0.370.0\SeekmoUnInstaller.exe
[DETECTION] Contains detection pattern of the dropper DR/180Solutions.BJ.9
[INFO] The file was moved to '47e8c688.qua'!
C:\Documents and Settings\dany rabory\Local Settings\Temporary Internet Files\Content.IE5\8TFJ9WSD\md5[1]
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47b8c699.qua'!
C:\Documents and Settings\dany rabory\Local Settings\Temporary Internet Files\Content.IE5\8TFJ9WSD\md5[2]
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47b8c69c.qua'!
C:\Documents and Settings\dany rabory\Local Settings\Temporary Internet Files\Content.IE5\IMGES7XK\md5[1]
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47b8c6b0.qua'!
C:\Documents and Settings\dany rabory\Local Settings\Temporary Internet Files\Content.IE5\IMGES7XK\md5[2]
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47b8c6b4.qua'!
C:\Documents and Settings\dany rabory\Local Settings\Temporary Internet Files\Content.IE5\IMGES7XK\md5[3]
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47b8c6b7.qua'!
C:\Documents and Settings\dany rabory\Local Settings\Temporary Internet Files\Content.IE5\RTZTO57D\md5[1]
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47b8c6c8.qua'!
C:\Documents and Settings\dany rabory\Local Settings\Temporary Internet Files\Content.IE5\RTZTO57D\md5[2]
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47b8c6cb.qua'!
C:\Documents and Settings\dany rabory\Local Settings\Temporary Internet Files\Content.IE5\VSGL9YAV\md5[1]
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47b8c6de.qua'!
C:\Documents and Settings\dany rabory\Local Settings\Temporary Internet Files\Content.IE5\VSGL9YAV\md5[2]
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '461a6d0f.qua'!
C:\Documents and Settings\dany rabory\Local Settings\Temporary Internet Files\Content.IE5\VSGL9YAV\md5[3]
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '47b8c6df.qua'!
C:\Documents and Settings\paulo lourenço\Local Settings\Temporary Internet Files\Content.IE5\9KDMU2IR\trace[1].htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '47e4c84b.qua'!
C:\Program Files\Panda Security\TotalScan\pskavs.dll
[DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738
[INFO] The file was moved to '47eecd8d.qua'!
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP332\A0084238.exe
[DETECTION] Contains detection pattern of the dropper DR/180Solutions.BJ.9
[INFO] The file was moved to '47b3d03e.qua'!
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP357\A0091441.exe
[DETECTION] Contains detection pattern of the dropper DR/180Solutions.BJ.4
[INFO] The file was moved to '47b3d093.qua'!
C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP363\A0095924.dll
[DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738
[INFO] The file was moved to '47b3d0ad.qua'!
C:\WINDOWS\system32\ddabx.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\jkkifec.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\sstqo.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47f7e0d8.qua'!

End of the scan: mardi 8 janvier 2008 21:44
Used time: 1:57:06 min

The scan has been done completely.

7817 Scanning directories
409763 Files were scanned
20 viruses and/or unwanted programs were found
1 Files were classified as suspicious:
0 files were deleted
0 files were repaired
18 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
409743 Files not concerned
4635 Archives were scanned
5 Warnings
2 Notes

log file HIGHJACK :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:30:29, on 09/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE
C:\Program Files\Broadcom\BACS\BacsTray.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=4070116
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=4070116
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Zango - {07AA283A-43D7-4CBE-A064-32A21112D94D} - C:\Program Files\Zango\bin\10.0.370.0\HostIE.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_S9A.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [bacstray] C:\Program Files\Broadcom\BACS\BacsTray.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SeekmoOE] C:\Program Files\Seekmo\bin\10.0.370.0\OEAddOn.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RESEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 9926 bytes

Merci pour votre aide

paulchette
Configuration: Windows XP
Internet Explorer 7.0

24 réponses

  • 1
  • 2
  1. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    1) Tu sembles ne pas avoir de parefeu contrôlant les connexions sortantes, ce qui est un risque de sécurité.

    Si c'est le cas tu as le choix entre ces deux possibilités :

    Zone Alarm Tuto et lien de téléchargement ici :
    https://www.malekal.com/tutoriel-zonealarm-firewall/

    Kerio Tuto et lien de téléchargement ici :
    http://www.malekal.com/kerio_firewall.php

    Il y en a d'autres que tu peux trouver en ouvrant ce lien :
    http://www.malekal.com/menu_tutorials_logiciels.php

    Il faut que tu désactives le parefeu de Windows (panneau de configuration, parefeu de Windows) après le téléchargement et avant l'installation (déconnecte toi du Net à ce moment là).
    2) Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
    http://www.atribune.org/ccount/click.php?id=4
    Double-clique VundoFix.exe afin de le lancer.

    Clique sur le bouton Scan for Vundo.
    Lorsque le scan est complété, clique sur le bouton Remove Vundo.
    Une invite te demandera si tu veux supprimer les fichiers, clique YES
    Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
    Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
    Démarre ton PC à nouveau.
    Copie/colle le rapport (c:\vundofix.txt) dans ta réponse
    3) Télécharge BTFix de Bibi26
    http://cluster1.easy-hebergement.net/ de Bibi26
    Dézippe l'archive sur ton Bureau.
    Ouvre le dossier BTFix.
    Double clique sur BTFix.exe.
    Clique sur Rechercher.
    Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.
    0
  2. paulchette
     
    Slt,
    Merci pour ton aide,
    le rapport btfix :

    BTFix 1.068 (par bibi26) - 12/01/2008 11:14:54 - Analyse
    Lanc§Û depuis C:\Documents and Settings\dany rabory\Bureau\BTFix\BTFix\BTFix.exe

    ---> Fichiers/Dossiers trouv§Ûs

    - C:\Program Files\ShoppingReport
    - C:\Documents and Settings\dany rabory\Application Data\ShoppingReport
    - C:\Documents and Settings\All Users\Application Data\ZangoSA
    - C:\Documents and Settings\All Users\Application Data\SeekmoSA
    - C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
    - C:\Documents and Settings\All Users\Menu Demarrer\Programmes\Seekmo

    ---> Analyse termin§Ûe

    par contre vundo n'a rien d¨¦tect¨¦, pas de rapport.

    j'ai install¨¦ zona alarm avant mais il me bloquait l'acces a internet(donc ¨¤ ton msg pour pouvoir faire les manip)car 26 intrusions, je l'ai donc d¨¦sactiv¨¦ et remis celui de windows le temps de faire vundo.

    j'attend la suite de la proc¨¦dure.

    paulchette
    0
  3. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    Démarre en mode sans échec :
    Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter.
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
    (Si F8 ne marche pas utilise la touche F5).
    ----------------------------------------------------------------------------
    Double clique sur BTFix.exe.
    Clique sur Nettoyer.

    Redémarre en mode normal;

    télécharge combofix (par sUBs)ici :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    et enregistre le sur le bureau.

    2 double-clique sur combofix.exe et suis les instructions

    3 à la fin, il va produire un rapport C:\ComboFix.txt

    4 copie/colle ce rapport dans ta prochaine réponse.

    Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
    Poste le rapport dans ta réponse avec un nouveau rapport Hijackthis.
    0
  4. paulchette
     
    Slt,

    ComboFix 08-01-13.1 - dany rabory 2008-01-13 9:38:21.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1251.996.1036.18.588 [GMT 1:00]
    Running from: C:\Documents and Settings\dany rabory\Bureau\ComboFix.exe
    * Created a new restore point

    [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\SeekmoSA
    C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSA.dat
    C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSA_kyf.dat
    C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAAbout.mht
    C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAau.dat
    C:\Documents and Settings\All Users\Application Data\SeekmoSA\SeekmoSAEula.mht
    C:\Documents and Settings\dany rabory\Application Data\ShoppingReport
    C:\Documents and Settings\dany rabory\Application Data\ShoppingReport\cs\Config.xml
    C:\Documents and Settings\dany rabory\Application Data\ShoppingReport\cs\db\Aliases.dbs
    C:\Documents and Settings\dany rabory\Application Data\ShoppingReport\cs\db\Sites.dbs
    C:\Documents and Settings\dany rabory\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
    C:\Documents and Settings\dany rabory\Application Data\ShoppingReport\cs\report\aggr_storage.xml
    C:\Documents and Settings\dany rabory\Application Data\ShoppingReport\cs\report\send_storage.xml
    C:\Documents and Settings\dany rabory\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
    C:\Program Files\ShoppingReport
    C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
    C:\WINDOWS\system32\pqtss.ini
    C:\WINDOWS\system32\pqtss.ini2

    .
    ((((((((((((((((((((((((((((( Fichiers cr©©s 2007-12-13 to 2008-01-13 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-13 09:37 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-12 10:53 . 2008-01-12 10:53 <REP> d-------- C:\VundoFix Backups
    2008-01-12 10:37 . 2008-01-12 10:37 132,608 --a------ C:\Program Files\VundoFix.exe
    2008-01-12 09:34 . 2008-01-13 09:45 227,360 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2008-01-12 09:34 . 2008-01-13 09:42 3,620 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
    2008-01-12 09:31 . 2008-01-12 09:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
    2008-01-12 09:31 . 2007-12-13 19:27 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
    2008-01-12 09:31 . 2007-12-13 19:27 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
    2008-01-12 09:31 . 2007-12-13 19:27 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
    2008-01-12 09:31 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
    2008-01-12 09:31 . 2008-01-12 09:32 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
    2008-01-12 09:29 . 2008-01-12 10:47 <REP> d-------- C:\WINDOWS\Internet Logs
    2008-01-12 09:25 . 2008-01-12 09:25 210,416 --a------ C:\Program Files\zaSetup_fr.exe
    2008-01-09 21:24 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
    2008-01-09 21:24 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
    2008-01-09 21:24 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AVASTSS.scr
    2008-01-09 21:24 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2008-01-09 21:24 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2008-01-09 21:24 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2008-01-09 21:24 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2008-01-09 21:24 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2008-01-08 19:16 . 2008-01-08 19:16 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
    2008-01-08 18:49 . 2008-01-09 21:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-01-08 18:31 . 2008-01-08 18:31 <REP> d-------- C:\Program Files\Panda Security
    2008-01-08 18:01 . 2008-01-09 20:29 <REP> d-------- C:\Program Files\HTJ
    2008-01-08 18:01 . 2008-01-08 18:01 318,369 --a------ C:\HiJackThis.zip
    2008-01-06 13:39 . 2008-01-06 13:39 <REP> d-------- C:\Documents and Settings\dany rabory\Application Data\Snapfish
    2008-01-01 11:38 . 2008-01-02 10:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ZangoSA

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-13 08:46 --------- d-----w C:\Program Files\Steam
    2008-01-08 17:36 --------- d-----w C:\Documents and Settings\dany rabory\Application Data\Lavasoft
    2008-01-02 17:39 --------- d-----w C:\Documents and Settings\dany rabory\Application Data\Skype
    2007-12-13 18:27 75,248 ----a-w C:\WINDOWS\zllsputility.exe
    2007-11-19 10:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-03-20 01:24 251 ----a-w C:\Program Files\wt3d.ini
    2007-01-19 16:17 0 ----a-w C:\Documents and Settings\dany rabory\Application Data\wklnhst.dat
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ©l©ments vides & les ©l©ments initiaux l©gitimes ne sont pas list©s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{014B52FC-3FF4-472C-A0F7-B0E52C924052}]
    C:\WINDOWS\system32\sstqp.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EBF2F087-EDCC-42E7-BA9B-25A8DBBC43A6}]
    C:\WINDOWS\system32\ddabx.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-08-28 22:57 395776]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 17:05 68856]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]
    "Steam"="c:\program files\steam\steam.exe" [2007-11-30 00:38 1266936]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 00:07 8491008]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 04:00 282624 C:\WINDOWS\stsystra.exe]
    "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 04:12 94208]
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-22 22:36 1838592]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-06-28 21:29 32768]
    "Corel Photo Downloader"="C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2006-08-14 15:20 462336]
    "DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
    "bacstray"="C:\Program Files\Broadcom\BACS\BacsTray.exe" [2006-06-03 23:37 118784]
    "MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 13:49 1121280]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 00:06 487424]
    "VX3000"="C:\WINDOWS\vVX3000.exe" [2006-10-13 16:04 707376]
    "LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 16:01 277296]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-16 00:15 366400]
    "nwiz"="nwiz.exe" [2007-09-17 00:07 1626112 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 00:07 81920]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

    R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys [2005-12-06 16:11]
    R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2006-10-13 16:01]
    R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
    S3 se57bus;Sony Ericsson Device 087 driver (WDM);C:\WINDOWS\system32\DRIVERS\se57bus.sys [2006-11-30 14:12]
    S3 se57mdfl;Sony Ericsson Device 087 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se57mdfl.sys [2006-11-30 14:12]
    S3 se57mdm;Sony Ericsson Device 087 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se57mdm.sys [2006-11-30 14:12]
    S3 se57mgmt;Sony Ericsson Device 087 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se57mgmt.sys [2006-11-30 14:12]
    S3 se57nd5;Sony Ericsson Device 087 USB Ethernet Emulation SEMC57 (NDIS);C:\WINDOWS\system32\DRIVERS\se57nd5.sys [2006-11-30 14:12]
    S3 se57obex;Sony Ericsson Device 087 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se57obex.sys [2006-11-30 14:12]
    S3 se57unic;Sony Ericsson Device 087 USB Ethernet Emulation SEMC57 (WDM);C:\WINDOWS\system32\DRIVERS\se57unic.sys [2006-11-30 14:12]

    .
    Contenu du dossier 'Scheduled Tasks/T¢ches planifi©es'
    "2008-01-12 10:34:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-13 09:46:12
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-13 9:48:41 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-01-13 08:48:38
    .
    2008-01-08 11:41:15 --- E O F ---

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 09:53:16, on 13/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Broadcom\BACS\BacsTray.exe
    C:\WINDOWS\vVX3000.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\program files\steam\steam.exe
    C:\Program Files\Sony Handheld\HOTSYNC.EXE
    C:\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=4070116
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {014B52FC-3FF4-472C-A0F7-B0E52C924052} - C:\WINDOWS\system32\sstqp.dll (file missing)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O2 - BHO: (no name) - {EBF2F087-EDCC-42E7-BA9B-25A8DBBC43A6} - C:\WINDOWS\system32\ddabx.dll (file missing)
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [bacstray] C:\Program Files\Broadcom\BACS\BacsTray.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RESEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM)
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
    O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
    O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.fr/ImageUploader4.cab
    O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    je pourrais avoir le rapport de BTFix.
    0
  7. paulchette
     
    BTFix 1.069 (par bibi26) - 13/01/2008 11:43:16 - Analyse
    Lancй depuis C:\Documents and Settings\dany rabory\Bureau\BTFix\BTFix.exe

    ---> Fichiers/Dossiers trouvйs

    - C:\Documents and Settings\All Users\Application Data\ZangoSA
    - C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
    - C:\Documents and Settings\All Users\Menu Demarrer\Programmes\Seekmo

    ---> Analyse terminйe
    0
  8. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    tu as raté ça au post 3 :

    Démarre en mode sans échec :
    Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter.
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
    (Si F8 ne marche pas utilise la touche F5).
    ----------------------------------------------------------------------------
    Double clique sur BTFix.exe.
    Clique sur Nettoyer.

    refais le et poste le rapport ensuite.
    0
  9. paulchette
     
    BTFix 1.069 (par bibi26) - 13/01/2008 13:24:16 - Nettoyage - Mode sans йchec
    Lancй depuis C:\Documents and Settings\dany rabory\Bureau\BTFix\BTFix.exe

    ---> Fichiers/dossiers supprimйs (Premiиre passe)

    - Fichiers temporaires effacйs
    - C:\Documents and Settings\All Users\Application Data\ZangoSA\*.*
    - C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65\*.*
    - C:\Documents and Settings\All Users\Menu Demarrer\Programmes\Seekmo\*.*

    ---> Nettoyage terminй
    0
  10. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    comment va l'ordi ?

    remets un rapport Hijackthis.
    0
  11. paulchette
     
    Je ne pense pas qu'il soit guerri, quaund je l'allume zone alarm me met : Le parefeu a bloqué l'accès à votre ordinateur [session net BIOS]depuis car 75.8.88.166.207.102.Fbx.proxad.net

    et il me dit que 11 intrusions bloquées alerte de niveau élévé.

    Je suis obligé de désactiver le parefeu pour aller sur internet.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:18:57, on 13/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Broadcom\BACS\BacsTray.exe
    C:\WINDOWS\vVX3000.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\program files\steam\steam.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Sony Handheld\HOTSYNC.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=4070116
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {014B52FC-3FF4-472C-A0F7-B0E52C924052} - C:\WINDOWS\system32\sstqp.dll (file missing)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O2 - BHO: (no name) - {EBF2F087-EDCC-42E7-BA9B-25A8DBBC43A6} - C:\WINDOWS\system32\ddabx.dll (file missing)
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [bacstray] C:\Program Files\Broadcom\BACS\BacsTray.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RESEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM)
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
    O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
    O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.fr/ImageUploader4.cab
    O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
    0
  12. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    aucune raison pour que ZA bloque tes accès internet.

    Tu autorises generic host process ... (c:\windows\system32\svchosts.exe) à accéder à Internet ?
    0
  13. paulchette
     
    JE NE COMPRENDS PAS TA QUESTION
    ZA fait que d'envoyer des alertes j'autorise tout mais ça ne fait rien, je suis obligée de couper quand même pour l'accés internet, qu'est ce que je dois faire ?
    0
  14. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    remets le parefeu de windows, désinstalel ZA.

    fais ça :

    Lis bien et exécute cette manip dans l’ordre.

    #Télécharge et installe ces logiciels (si tu ne les as pas) pour les 3 premiers
    mets les à jour, comme indiqué dans les démos ou tutos.

    Ne les utilise pas tout de suite.

    Antispywares et autres :

    *Ad-Aware (gratuit)
    Téléchargement :
    http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/11643.html
    Le patch en Français pour Ad-Aware (gratuit) :
    http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/25543.html
    Tuto :
    http://perso.orange.fr/rginformatique/section%20virus/adawrevid.asf

    *Spybot (gratuit) :
    Téléchargement :
    http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/26157.html
    voir demo d utilisation (merci Balltrap)
    http://perso.orange.fr/rginformatique/section%20virus/demo%20spybot.htm

    * AVG AS

    AVG anti spyware
    https://www.01net.com/telecharger/
    Mets le a jour avant de lancer le scan.
    Tuto :
    http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

    Nettoyeurs (de fichiers inutiles) et autres :

    *Ccleaner (gratuit)
    Téléchargement :
    https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
    Tuto :
    https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

    Lors de l’installation, [décoche] l’option qui t’installerait la barre Yahoo !

    ========================================
    ->Affiche tous les fichiers et dossiers :
    clique sur démarrer/panneau de configuration (en affichage classique)/option des dossiers/affichage

    [Coche] « afficher les dossiers et fichiers cachés »

    [Décoche] la case « Masquer les fichiers protégés du système d'exploitation (recommandé) »

    [Décoche] « masquer les extensions dont le type est connu »

    Puis fais [appliquer] pour valider les changements.

    Et [Ok]
    =
    =======================================

    ->Démarre en mode sans échec :
    Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec
    puis tape « entrée ».
    Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
    (Si F8 ne marche pas utilise la touche F5).
    ========================================
    -
    ->Lance CCleaner.

    Suppression des fichiers temporaires

    Va dans la section "Options" situé dans la marge gauche.
    Décoche "Avancé"
    Retourne ensuite dans la section "Nettoyeur"
    Fais bien attention de cocher toutes ces cases dans la marge gauche (Internet Explorer/Windows Explorer/Système)
    • Clique sur [Analyse]
    • Patiente le temps du scan, qui peut prendre un peu de temps si c'est la première fois.
    • Une fois le scan terminé, clique sur [Lancer le Nettoyage]

    ========================================
    ->Lance AVG pour un scan complet "Analyse" ->"Paramètres"

    Sous la question "Comment réagir ?" :

    -> clique sur "Actions recommandées" et choisis "Quarantaines"
    -> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

    Si un fichier est infecté en fin d'analyse

    ->Clique sur "Appliquer toutes les actions "

    ->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".

    ->Enregistre ce fichier texte sur ton bureau et [copie/colle le rapport en forum]
    ========================================
    ->Passe Ad-Aware et supprime tout ce qu’il trouve + supprime les quarantaines…
    ========================================
    ->Passe Spybot et corrige tout ce qu’il trouve + vaccine + supprime les quarantaines…
    ========================================
    ->Relance CCleaner.
    Suppression des incohérences du registre

    • Clique sur l'icône [Erreurs] situés dans la marge à gauche
    • Puis clique sur [Analyser les erreurs]
    • Patiente pendant que CCleaner scan ton registre.
    • Une fois le scan terminé, coche toutes les entrèes qu'il t'aura trouvée.
    • Tu peux cliquer ensuite sur [Corriger les erreurs].

    Si tu n'est pas sur de ce que tu fais, tu peux choisir de sauvegarder les entrées cochées pour les restaurer ultérieurement.
    ========================================
    ->Vide ta Corbeille.
    ========================================
    ->Redémarre en mode normal,

    - > Ouvre ce lien pour scanner ton PC avec un BitDefender en ligne (uniquement sous Internet Explorer) :

    https://www.bitdefender.com/toolbox/

    Utilisation :
    Cliquer sur "J'accepte" puis accepter également l'ActiveX bloqué par la barre anti-popup du SP2 qui clignotera en haut et l'installer.
    Ensuite, cliquer sur "Cliquez ici pour scanner".
    Patienter jusqu'à la fin du scan qui peut durer assez longtemps...

    Copier/coller le rapport entier sur le forum.

    Tutoriel en images ici : http://pageperso.aol.fr/rginformatique/mapage/defender.htm (merci à Balltrap34 pour cette réalisation)
    [Recoche] la case « Masquer les fichiers protégés du système d'exploitation (recommandé) »

    Relance Hijackthis et copie/colle un nouveau rapport sur le forum.
    0
  15. paulchette
     
    les 3 rapports :

    ---------------------------------------------------------
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 19:16:05 13/01/2008

    + Résultat de l'analyse:

    C:\Documents and Settings\paulo lourenço\Cookies\paulo_lourenco@247realmedia[2].txt -> TrackingCookie.247realmedia : Nettoyé.
    C:\Documents and Settings\paulo lourenço\Cookies\paulo_lourenco@adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé.
    C:\Documents and Settings\paulo lourenço\Cookies\paulo_lourenco@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé.
    C:\Documents and Settings\paulo lourenço\Cookies\paulo_lourenco@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Nettoyé.
    C:\Documents and Settings\paulo lourenço\Cookies\paulo_lourenco@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
    C:\Documents and Settings\paulo lourenço\Cookies\paulo_lourenco@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
    C:\Documents and Settings\paulo lourenço\Cookies\paulo_lourenco@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Nettoyé.
    C:\Documents and Settings\paulo lourenço\Cookies\paulo_lourenco@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
    C:\Documents and Settings\paulo lourenço\Cookies\paulo_lourenco@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
    C:\Documents and Settings\paulo lourenço\Cookies\paulo_lourenco@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
    C:\Documents and Settings\paulo lourenço\Cookies\paulo_lourenco@site.skype[1].txt -> TrackingCookie.Skype : Nettoyé.
    C:\Documents and Settings\paulo lourenço\Cookies\paulo_lourenco@skype[1].txt -> TrackingCookie.Skype : Nettoyé.
    C:\Documents and Settings\paulo lourenço\Cookies\paulo_lourenco@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé.
    C:\Documents and Settings\paulo lourenço\Cookies\paulo_lourenco@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
    C:\Documents and Settings\paulo lourenço\Cookies\paulo_lourenco@m.webtrends[2].txt -> TrackingCookie.Webtrends : Nettoyé.
    C:\Documents and Settings\paulo lourenço\Cookies\paulo_lourenco@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé.

    Fin du rapport

    BitDefender Online Scanner

    Scan report generated at: Sun, Jan 13, 2008 - 21:51:26

    Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;

    Statistics

    Time
    00:50:38

    Files
    323331

    Folders
    7306

    Boot Sectors
    4

    Archives
    4380

    Packed Files
    18908

    Results

    Identified Viruses
    2

    Infected Files
    16

    Suspect Files
    0

    Warnings
    0

    Disinfected
    0

    Deleted Files
    16

    Engines Info

    Virus Definitions
    889930

    Engine build
    AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

    Scan plugins
    14

    Archive plugins
    38

    Unpack plugins
    7

    E-mail plugins
    6

    System plugins
    1

    Scan Settings

    First Action
    Disinfect

    Second Action
    Delete

    Heuristics
    Yes

    Enable Warnings
    Yes

    Scanned Extensions
    *;

    Exclude Extensions

    Scan Emails
    Yes

    Scan Archives
    Yes

    Scan Packed
    Yes

    Scan Files
    Yes

    Scan Boot
    Yes

    Scanned File
    Status

    C:\QooBox\Quarantine\C\WINDOWS\system32\pqtss.ini.vir
    Infected with: Trojan.Vundo.DVS

    C:\QooBox\Quarantine\C\WINDOWS\system32\pqtss.ini.vir
    Disinfection failed

    C:\QooBox\Quarantine\C\WINDOWS\system32\pqtss.ini.vir
    Deleted

    C:\QooBox\Quarantine\C\WINDOWS\system32\pqtss.ini2.vir
    Infected with: Trojan.Vundo.DVS

    C:\QooBox\Quarantine\C\WINDOWS\system32\pqtss.ini2.vir
    Disinfection failed

    C:\QooBox\Quarantine\C\WINDOWS\system32\pqtss.ini2.vir
    Deleted

    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP358\A0092436.ini
    Infected with: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP358\A0092436.ini
    Disinfection failed

    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP358\A0092436.ini
    Deleted

    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP358\A0092445.ini
    Infected with: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP358\A0092445.ini
    Disinfection failed

    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP358\A0092445.ini
    Deleted

    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP358\A0093447.ini
    Infected with: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP358\A0093447.ini
    Disinfection failed

    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP358\A0093447.ini
    Deleted

    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP359\A0093515.ini
    Infected with: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP359\A0093515.ini
    Disinfection failed

    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP359\A0093515.ini
    Deleted

    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP359\A0094447.ini
    Infected with: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP359\A0094447.ini
    Disinfection failed

    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP359\A0094447.ini
    Deleted

    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP360\A0094539.ini
    Infected with: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP360\A0094539.ini
    Disinfection failed

    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP360\A0094539.ini
    Deleted

    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP361\A0094613.ini
    Infected with: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP361\A0094613.ini
    Disinfection failed

    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP361\A0094613.ini
    Deleted

    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP363\A0094937.ini
    Infected with: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP363\A0094937.ini
    Disinfection failed

    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP363\A0094937.ini
    Deleted

    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP363\A0095908.ini
    Infected with: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP363\A0095908.ini
    Disinfection failed

    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP363\A0095908.ini
    Deleted

    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP363\A0095916.ini
    Infected with: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP363\A0095916.ini
    Disinfection failed

    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP363\A0095916.ini
    Deleted

    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP363\A0095931.ini
    Infected with: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP363\A0095931.ini
    Disinfection failed

    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP363\A0095931.ini
    Deleted

    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP363\A0095939.ini
    Infected with: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP363\A0095939.ini
    Disinfection failed

    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP363\A0095939.ini
    Deleted

    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP365\A0097374.dll
    Infected with: Trojan.Vundo.DVO

    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP365\A0097374.dll
    Disinfection failed

    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP365\A0097374.dll
    Deleted

    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP366\A0097417.ini
    Infected with: Trojan.Vundo.DVS

    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP366\A0097417.ini
    Disinfection failed

    C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP366\A0097417.ini
    Deleted

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:06:29, on 13/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Broadcom\BACS\BacsTray.exe
    C:\WINDOWS\vVX3000.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Sony Handheld\HOTSYNC.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=4070116
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {014B52FC-3FF4-472C-A0F7-B0E52C924052} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O2 - BHO: (no name) - {EBF2F087-EDCC-42E7-BA9B-25A8DBBC43A6} - (no file)
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [bacstray] C:\Program Files\Broadcom\BACS\BacsTray.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RESEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM)
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
    O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
    O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.fr/ImageUploader4.cab
    O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
    0
  16. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    1) Relance HijackThis.

    Choisis Do a scan only

    Coche la case devant les lignes suivantes

    O2 - BHO: (no name) - {014B52FC-3FF4-472C-A0F7-B0E52C924052} - (no file)
    O2 - BHO: (no name) - {EBF2F087-EDCC-42E7-BA9B-25A8DBBC43A6} - (no file)


    Ferme toutes les fenêtres (hormis HijackThis), y compris ton navigateur.

    Clique sur fix checked.

    Ferme Hijackthis.

    2) ouvre ce lien

    http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20020830101856924

    en suivant ces indications, tu désactives la restauration système, tu fermes pour revenir sur le bureau et tu réactives la restauration.

    Tu redémarres l"ordi.

    3) * Télécharge ToolsCleaner de A.Roshtein sur ton Bureau.

    http://pagesperso-orange.fr/AceRothstein/ToolsCleaner2.exe

    * Clique sur Recherche et laisse le scan se terminer.

    * Clique, sur Suppression pour finaliser.

    * Tu peux, si tu le souhaites, te servir des Options facultatives.

    * Clique sur Quitter, pour que le rapport puisse se créer.

    * Poste moi le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur( C:\).
    0
  17. paulchette
     
    La page de toolscleaner n'existe plus je remplace par autre chose ?
    0
  18. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    on va attendre, elle devrait revenir.

    Tu retélécharges ZA et tu l'installes (coupé d'internet).

    Tu le règles sur "demander".

    tu acceptes pour svchost (generic hosts process pour windows)

    tu acceptes pour les autres (sauf si ils te paraissent suspects).

    Un lien pour savoir où le logiciel veut aller :

    https://generic-nic.net/

    tu colles l'ip de destination (ZA te la donne).
    0
  19. paulchette
     
    slt,

    La page n'est toujours pas dispo, il faut encore attendre ? est-ce que je peut me servir normalement de mon ordi, aller sur internet, jouer en réseau ... sans endommager quoique ce soit ?

    MErci

    @+
    0
  20. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    * Télécharge ToolsCleaner de A.Roshtein sur ton Bureau.

    http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe

    * Clique sur Recherche et laisse le scan se terminer.

    * Clique, sur Suppression pour finaliser.

    * Tu peux, si tu le souhaites, te servir des Options facultatives.

    * Clique sur Quitter, pour que le rapport puisse se créer.

    * Poste moi le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur( C:\).

    Comment ça se passe averc ZA ?

    Pour le reste, tu peux utiliser l'ordi normalement.
    0
  21. paulchette
     
    slt,

    bon pour le rapport j'ai un peu merdé, vu que je ne le trouvais pas, je j'ai refais un scan donc le rapport est vide !
    Et pour ZA ça marche,
    Mais tout ça, ça m'donne quoi pour mon virus, parcqu'au bout du compte il est tjrs là !
    0
  • 1
  • 2