Sujet Précédent Sujet Suivant

Trojan ssttr.dll

Résolu
prosper -  
ep44 Messages postés 7432 Statut Contributeur -
Bonjour,
quand je lance avast il fait un test de la mémoire et a chaque démarrage il me trouve un virus SSTTR.DLL que je supprime.
Est ce le meme trojan que ce topic http://www.commentcamarche.net/forum/affich 2151807 trojan infecte par tr dldr conhook y#0 et dois je suivre les mêmes instructions ou c'est un autre pb et dans ce cas la que dois je faire?
Merci
Les scans AVG,spy bot et avast n'ont rien donné.

Logfile of HijackThis v1.99.1
Scan saved at 22:30:55, on 11/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Documents and Settings\HP\Bureau\AVG antispy\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\HP\Bureau\AVG antispy\AVG Anti-Spyware 7.5\avgas .exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\Documents and Settings\HP\Bureau\AVG antispy\AVG Anti-Spyware 7.5\avgas .exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP\Bureau\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\WINDOWS\system32\ssttr.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2AC76C17-A2B4-4665-AB23-079B67BF224C} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D} - C:\WINDOWS\system32\ddcyawv.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: {19b83153-c6f1-e6b8-74b4-f37df290b6db} - {bd6b092f-d73f-4b47-8b6e-1f6c35138b91} - C:\WINDOWS\system32\srhcrkfe.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\HP\Bureau\AVG antispy\AVG Anti-Spyware 7.5\avgas .exe" /minimized
O4 - HKLM\..\Run: [8cb89184] rundll32.exe "C:\WINDOWS\system32\rpovpamg.dll",b
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ddcyawv - ddcyawv.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\HP\Bureau\AVG antispy\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
A voir également:

14 réponses

Réponse 1 / 14
ep44 Messages postés 7432 Statut Contributeur 3
 
Bonsoir

Télécharge sur le Bureau.
http://www.atribune.org/ccount/click.php?id=4

=> Double-clic VundoFix.exe.
=> Clic OK
=> Attendre le redemarrage de Vundofix
=> Clic Scan for Vundo
=> Le scan est assez long , à la fin
=> Clic Remove Vundo
=> Puis yes
=> Le Bureau disparaît un moment lors de la suppression des fichiers.
=> Message shutdown
=> clic OK
=> Redémarrage auto
=> copier le rapport qui est dans C:vundofix.txt

-------------
ensuite
Télécharge sur le bureau
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

=> Double clic sur VirtumundoBeGone.exe
=> Clic Continue ==> clic Start
=> Clic Oui
=> A la fin si Vundo est présent , le PC s’éteint et redémarre
=> Si Ecran bleu et message : Erreur fatale .. pas de problème
=> Poster le rapport VBG.TXT qui est sur le bureau

ensuite une fois ceci fait refais un rapport hijack
@+
0
Réponse 2 / 14
prosper
 
Bonjour, voici les rapports:

VundoFix V6.7.7

Checking Java version...

Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.

Scan started at 10:45:04 12/01/2008

Listing files found while scanning....

C:\WINDOWS\system32\agsaame.dll
C:\WINDOWS\system32\gmapvopr.ini
C:\WINDOWS\system32\rpovpamg.dll
C:\WINDOWS\system32\srhcrkfe.dll
C:\WINDOWS\system32\ssttr.exe

Beginning removal...

Attempting to delete C:\WINDOWS\system32\agsaame.dll
C:\WINDOWS\system32\agsaame.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gmapvopr.ini
C:\WINDOWS\system32\gmapvopr.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\rpovpamg.dll
C:\WINDOWS\system32\rpovpamg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\srhcrkfe.dll
C:\WINDOWS\system32\srhcrkfe.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssttr.exe
C:\WINDOWS\system32\ssttr.exe Has been deleted!

Performing Repairs to the registry.
Done!

Rapport VBG:

[01/12/2008, 11:34:48] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\HP\Bureau\VirtumundoBeGone.exe" )
[01/12/2008, 11:34:53] - Detected System Information:
[01/12/2008, 11:34:53] - Windows Version: 5.1.2600, Service Pack 2
[01/12/2008, 11:34:53] - Current Username: HP (Admin)
[01/12/2008, 11:34:53] - Windows is in NORMAL mode.
[01/12/2008, 11:34:53] - Searching for Browser Helper Objects:
[01/12/2008, 11:34:53] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[01/12/2008, 11:34:53] - BHO 2: {2AC76C17-A2B4-4665-AB23-079B67BF224C} ()
[01/12/2008, 11:34:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/12/2008, 11:34:53] - No filename found. Continuing.
[01/12/2008, 11:34:53] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[01/12/2008, 11:34:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/12/2008, 11:34:53] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[01/12/2008, 11:34:53] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[01/12/2008, 11:34:53] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[01/12/2008, 11:34:53] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/12/2008, 11:34:53] - No filename found. Continuing.
[01/12/2008, 11:34:53] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[01/12/2008, 11:34:54] - BHO 6: {A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D} ()
[01/12/2008, 11:34:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/12/2008, 11:34:54] - Checking for HKLM\...\Winlogon\Notify\ddcyawv
[01/12/2008, 11:34:54] - Found: HKLM\...\Winlogon\Notify\ddcyawv - This is probably Virtumundo.
[01/12/2008, 11:34:54] - Assigning {A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D} MSEvents Object
[01/12/2008, 11:34:54] - BHO list has been changed! Starting over...
[01/12/2008, 11:34:54] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[01/12/2008, 11:34:54] - BHO 2: {2AC76C17-A2B4-4665-AB23-079B67BF224C} ()
[01/12/2008, 11:34:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/12/2008, 11:34:54] - No filename found. Continuing.
[01/12/2008, 11:34:54] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[01/12/2008, 11:34:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/12/2008, 11:34:54] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[01/12/2008, 11:34:54] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[01/12/2008, 11:34:54] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[01/12/2008, 11:34:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/12/2008, 11:34:54] - No filename found. Continuing.
[01/12/2008, 11:34:54] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[01/12/2008, 11:34:54] - BHO 6: {A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D} (MSEvents Object)
[01/12/2008, 11:34:54] - ALERT: Found MSEvents Object!
[01/12/2008, 11:34:54] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[01/12/2008, 11:34:54] - BHO 8: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[01/12/2008, 11:34:54] - BHO 9: {bd6b092f-d73f-4b47-8b6e-1f6c35138b91} ()
[01/12/2008, 11:34:54] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/12/2008, 11:34:54] - Checking for HKLM\...\Winlogon\Notify\srhcrkfe
[01/12/2008, 11:34:54] - Key not found: HKLM\...\Winlogon\Notify\srhcrkfe, continuing.
[01/12/2008, 11:34:54] - Finished Searching Browser Helper Objects
[01/12/2008, 11:34:54] - *** Detected MSEvents Object
[01/12/2008, 11:34:54] - Trying to remove MSEvents Object...
[01/12/2008, 11:34:55] - Terminating Process: IEXPLORE.EXE
[01/12/2008, 11:34:55] - Terminating Process: RUNDLL32.EXE
[01/12/2008, 11:34:55] - Disabling Automatic Shell Restart
[01/12/2008, 11:34:55] - Terminating Process: EXPLORER.EXE
[01/12/2008, 11:34:56] - Suspending the NT Session Manager System Service
[01/12/2008, 11:34:56] - Terminating Windows NT Logon/Logoff Manager
[01/12/2008, 11:39:58] - Re-enabling Automatic Shell Restart
[01/12/2008, 11:39:58] - File to disable: C:\WINDOWS\system32\ddcyawv.dll
[01/12/2008, 11:39:58] - Removing HKLM\...\Browser Helper Objects\{A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D}
[01/12/2008, 11:39:58] - Removing HKCR\CLSID\{A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D}
[01/12/2008, 11:39:59] - Adding Kill Bit for ActiveX for GUID: {A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D}
[01/12/2008, 11:39:59] - Deleting ATLEvents/MSEvents Registry entries
[01/12/2008, 11:39:59] - Removing HKLM\...\Winlogon\Notify\ddcyawv
[01/12/2008, 11:39:59] - Searching for Browser Helper Objects:
[01/12/2008, 11:39:59] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[01/12/2008, 11:39:59] - BHO 2: {2AC76C17-A2B4-4665-AB23-079B67BF224C} ()
[01/12/2008, 11:39:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/12/2008, 11:39:59] - No filename found. Continuing.
[01/12/2008, 11:39:59] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[01/12/2008, 11:39:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/12/2008, 11:39:59] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[01/12/2008, 11:39:59] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[01/12/2008, 11:39:59] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[01/12/2008, 11:39:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/12/2008, 11:39:59] - No filename found. Continuing.
[01/12/2008, 11:39:59] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[01/12/2008, 11:39:59] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[01/12/2008, 11:39:59] - BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[01/12/2008, 11:39:59] - BHO 8: {bd6b092f-d73f-4b47-8b6e-1f6c35138b91} ()
[01/12/2008, 11:39:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/12/2008, 11:39:59] - Checking for HKLM\...\Winlogon\Notify\srhcrkfe
[01/12/2008, 11:39:59] - Key not found: HKLM\...\Winlogon\Notify\srhcrkfe, continuing.
[01/12/2008, 11:39:59] - Finished Searching Browser Helper Objects
[01/12/2008, 11:39:59] - Finishing up...
[01/12/2008, 11:39:59] - A restart is needed.
[01/12/2008, 11:41:05] - Attempting to Restart via STOP error (Blue Screen!)

Logfile of HijackThis v1.99.1
Scan saved at 11:44:16, on 12/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\Documents and Settings\HP\Bureau\AVG antispy\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\HP\Bureau\AVG antispy\AVG Anti-Spyware 7.5\avgas .exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\HP\Bureau\AVG antispy\AVG Anti-Spyware 7.5\avgas

.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP\Bureau\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\WINDOWS\system32\ssttr.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2AC76C17-A2B4-4665-AB23-079B67BF224C} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1

\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} -

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -

C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: {19b83153-c6f1-e6b8-74b4-f37df290b6db} - {bd6b092f-d73f-4b47-8b6e-

1f6c35138b91} - C:\WINDOWS\system32\srhcrkfe.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05

\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\HP\Bureau\AVG

antispy\AVG Anti-Spyware 7.5\avgas .exe" /minimized
O4 - HKLM\..\Run: [8cb89184] rundll32.exe "C:\WINDOWS\system32\rpovpamg.dll",b
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3

\LXCYtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1

\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program

Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-

00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%

\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-

f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-

00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -

http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -

http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

https://www.trendmicro.com/en_us/forHome/products/housecall.html

an53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1

\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1

\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers

communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program

Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil

Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil

Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and

Settings\HP\Bureau\AVG antispy\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY

Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32

\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program

Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program

Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity

Solution\ServiceLayer.exe

A+
0
Réponse 3 / 14
prosper
 
Re, J'ai plus de pb au démarrage d'avast mais au demarrage de windows il me dit impossible de charger SSTTR et RPOVPAMG.
A+
0
Réponse 4 / 14
ep44 Messages postés 7432 Statut Contributeur 3
 
on continu

Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur combofix,
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
@+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 14
prosper
 
Voila mon scan:
ComboFix 08-01-11.3 - HP 2008-01-12 18:28:22.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.618 [GMT 1:00]
Running from: C:\Documents and Settings\HP\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\Documents and Settings\HP\Bureau\AVG antispy\AVG Anti-Spyware 7.5\avgas .exe
C:\Documents and Settings\HP\Bureau\AVG antispy\AVG Anti-Spyware 7.5\avgas .exe
C:\Documents and Settings\HP\Bureau\AVG antispy\AVG Anti-Spyware 7.5\avgas .exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\eoyrnfic.ini
C:\WINDOWS\system32\f1
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\r3
C:\WINDOWS\system32\RCXE.tmp
C:\WINDOWS\system32\rttss.ini
C:\WINDOWS\system32\rttss.ini2
C:\WINDOWS\system32\ssttr.dll
C:\WINDOWS\system32\y2

[code] <pre>
C:\Documents and Settings\HP\Bureau\AVG antispy\AVG Anti-Spyware 7.5\avgas .exe ---> avgas.exe
C:\WINDOWS\system32\ctfmon .exe ---> QooBox
</pre> [/code]
.
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-12 to 2008-01-12 ))))))))))))))))))))))))))))))))))))
.

2008-01-12 18:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 10:45 . 2008-01-12 10:45 <REP> d-------- C:\VundoFix Backups
2008-01-11 22:07 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-11 22:07 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-11 22:07 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-11 22:07 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-11 22:07 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-11 22:07 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-11 22:07 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-11 22:07 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-05 13:58 . 2008-01-05 13:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-12-30 11:27 . 2007-12-30 11:27 <REP> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-30 11:27 . 2007-12-30 11:27 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-30 11:27 . 2007-12-30 11:27 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-30 11:27 . 2007-12-30 11:27 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-30 11:02 . 2007-12-30 11:03 <REP> d-------- C:\Documents and Settings\HP\.housecall6.6
2007-12-30 01:51 . 2007-12-30 01:51 <REP> d-------- C:\WINDOWS\system32\ardCo01
2007-12-30 01:51 . 2007-12-30 01:51 <REP> d-------- C:\Temp\cEeer12
2007-12-30 01:51 . 2008-01-12 18:34 <REP> d-------- C:\Temp
2007-12-23 17:45 . 2007-12-23 17:46 <REP> d-------- C:\Program Files\iTunes
2007-12-23 17:45 . 2007-12-23 17:45 <REP> d-------- C:\Program Files\iPod
2007-12-23 17:43 . 2008-01-05 14:36 <REP> d-------- C:\Program Files\QuickTime
2007-12-23 17:42 . 2007-12-23 17:42 <REP> d-------- C:\Program Files\Apple Software Update
2007-12-23 17:41 . 2007-12-23 17:41 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-12-23 17:41 . 2007-12-23 17:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-17 17:18 . 2007-12-17 17:18 <REP> d-------- C:\Program Files\Codemasters
2007-12-17 17:18 . 1999-04-23 22:22 151,552 --a------ C:\WINDOWS\system32\MSOSS.DLL

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-12 17:25 --------- d-----w C:\Documents and Settings\HP\Application Data\Azureus
2008-01-11 21:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-11 20:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-05 10:32 --------- d-----w C:\Program Files\lx_cats
2007-12-24 08:27 --------- d-----w C:\Documents and Settings\HP\Application Data\Apple Computer
2007-12-23 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-23 13:05 --------- d-----w C:\Program Files\Azureus
2007-12-17 16:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-17 08:52 --------- d-----w C:\Documents and Settings\HP\Application Data\OpenOffice.org2
2007-12-09 15:30 --------- d-----w C:\Program Files\Maxis
2007-12-05 21:05 --------- d-----w C:\Documents and Settings\HP\Application Data\Nokia
2007-12-05 21:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2007-12-05 20:40 --------- d-----w C:\Program Files\Nokia
2007-12-05 20:40 --------- d-----w C:\Program Files\Fichiers communs\PCSuite
2007-12-05 20:40 --------- d-----w C:\Program Files\Fichiers communs\Nokia
2007-12-05 20:39 --------- d-----w C:\Program Files\PC Connectivity Solution
2007-12-05 20:39 --------- d-----w C:\Program Files\DIFX
2007-12-05 20:39 --------- d-----w C:\Documents and Settings\HP\Application Data\PC Suite
2007-12-05 20:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2007-12-01 11:21 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-11-22 13:35 --------- d-----w C:\Program Files\Fichiers communs\DirectX
2007-11-22 12:57 --------- d-----w C:\Program Files\EA GAMES
2007-11-18 12:36 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2007-11-15 17:18 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-15 08:13 --------- d-----w C:\Program Files\Spyware Doctor
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-22 18:46 86,094 ----a-w C:\WINDOWS\BPMNT.dll
2007-10-22 18:46 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2007-10-22 18:46 267,845 ----a-w C:\WINDOWS\tsc.exe
2007-10-22 18:46 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
2007-10-22 18:24 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2007-10-22 18:24 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2007-10-22 18:24 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2006-12-22 21:32 47,360 -c--a-w C:\Documents and Settings\HP\Application Data\pcouffin.sys
2006-06-12 13:15 701,511 ----a-w C:\Documents and Settings\reparation\WinsockFix.zip
2006-04-30 16:52 41,384 ----a-w C:\Documents and Settings\HP\Application Data\GDIPFONTCACHEV1.DAT
2006-01-04 20:20 2,897,821 ----a-w C:\Program Files\bsplayer137.826.exe
2005-05-27 13:22 824,832 ----a-w C:\Documents and Settings\Ad-Aware SE Personal\Ad-Aware.exe
2005-05-25 15:08 162,816 ----a-w C:\Documents and Settings\Ad-Aware SE Personal\unregaaw.exe
2003-05-13 09:06 1,445,888 ----a-w C:\Documents and Settings\reparation\WinsockFix.exe
2001-09-28 16:00 164,864 ----a-w C:\Documents and Settings\Ad-Aware SE Personal\UNWISE.EXE
.
[code]<pre>
----a-w 68,856 2008-01-05 10:32:07 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w 32,881 2008-01-05 10:31:55 C:\Program Files\Java\j2re1.4.2_05\bin\jusched .exe
----a-w 286,720 2007-12-30 10:15:35 C:\Program Files\QuickTime\QTTask .exe
----a-w 688,218 2008-01-05 10:31:57 C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w 98,394 2008-01-05 10:31:55 C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
----a-w 919,016 2008-01-05 13:45:54 C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
</pre>[/code]

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bd6b092f-d73f-4b47-8b6e-1f6c35138b91}]
C:\WINDOWS\system32\srhcrkfe.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [ ]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" [ ]
"!AVG Anti-Spyware"="C:\Documents and Settings\HP\Bureau\AVG antispy\AVG Anti-Spyware 7.5\avgas .exe" [ ]
"8cb89184"="C:\WINDOWS\system32\rpovpamg.dll" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"LXCYCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2005-12-01 19:38 65536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0[/u]]
Source= C:\WINDOWS\warnhp.html
FriendlyName= Desktop Uninstall

R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2005-06-29 01:38]
R3 HidMouse Filter;HidMouse Filter;C:\WINDOWS\system32\Drivers\HidMouse.sys [2004-03-21 22:25]
R3 lxcy_device;lxcy_device;C:\WINDOWS\system32\lxcycoms.exe [2006-02-20 20:23]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2005-12-24 17:40]
S3 el575nd5;Pilote de carte réseau PC Card 3Com Megahertz 10/100 CardBus;C:\WINDOWS\system32\DRIVERS\el575nd5.sys [2001-08-17 19:10]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\Auto\command - C:\meipoidto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL meipoidto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\Launcher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{943b53c2-067d-11db-b0b0-00c09f89de2c}]
\Shell\Auto\command - G:\xkfykveze.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL xkfykveze.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0a6f0d7-9ee2-11da-aff4-00c09f89de2c}]
\Shell\AutoRun\command - E:\jedi.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2006-04-29 13:55:20 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1138368217.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-12 18:38:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-12 18:41:55 - machine was rebooted [HP]
ComboFix-quarantined-files.txt 2008-01-12 17:41:51
.
2008-01-10 02:04:56 --- E O F ---
A+
0
Réponse 6 / 14
ep44 Messages postés 7432 Statut Contributeur 3
 
selectionne ceci

registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bd6b092f-d73f-4b47-8b6e-1f6c35138b91}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"8cb89184"=-


=> Copie le texte sélectionné (CTRL+C).
=> Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
=> Colle le texte copié dans ce bloc-notes (CTRL+V).
=> Sauvegarde ce fichier sous le nom de CFScript.txt
=> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
=> Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
=> Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
=> Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
=> Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

@+
0
Réponse 7 / 14
prosper
 
Voila le rapport combot fix:
ComboFix 08-01-11.3 - HP 2008-01-12 20:13:34.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.562 [GMT 1:00]
Running from: C:\Documents and Settings\HP\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP\Bureau\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((( Fichiers créés 2007-12-12 to 2008-01-12 ))))))))))))))))))))))))))))))))))))
.

2008-01-12 18:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 10:45 . 2008-01-12 10:45 <REP> d-------- C:\VundoFix Backups
2008-01-11 22:07 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-11 22:07 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-11 22:07 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-11 22:07 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-11 22:07 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-11 22:07 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-11 22:07 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-11 22:07 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-05 13:58 . 2008-01-05 13:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-12-30 11:27 . 2007-12-30 11:27 <REP> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-30 11:27 . 2007-12-30 11:27 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-30 11:27 . 2007-12-30 11:27 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-30 11:27 . 2007-12-30 11:27 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-30 11:02 . 2007-12-30 11:03 <REP> d-------- C:\Documents and Settings\HP\.housecall6.6
2007-12-30 01:51 . 2007-12-30 01:51 <REP> d-------- C:\WINDOWS\system32\ardCo01
2007-12-30 01:51 . 2007-12-30 01:51 <REP> d-------- C:\Temp\cEeer12
2007-12-30 01:51 . 2008-01-12 18:34 <REP> d-------- C:\Temp
2007-12-23 17:45 . 2007-12-23 17:46 <REP> d-------- C:\Program Files\iTunes
2007-12-23 17:45 . 2007-12-23 17:45 <REP> d-------- C:\Program Files\iPod
2007-12-23 17:43 . 2008-01-05 14:36 <REP> d-------- C:\Program Files\QuickTime
2007-12-23 17:42 . 2007-12-23 17:42 <REP> d-------- C:\Program Files\Apple Software Update
2007-12-23 17:41 . 2007-12-23 17:41 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2007-12-23 17:41 . 2007-12-23 17:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-17 17:18 . 2007-12-17 17:18 <REP> d-------- C:\Program Files\Codemasters
2007-12-17 17:18 . 1999-04-23 22:22 151,552 --a------ C:\WINDOWS\system32\MSOSS.DLL

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-12 17:25 --------- d-----w C:\Documents and Settings\HP\Application Data\Azureus
2008-01-11 21:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-11 20:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-05 10:32 --------- d-----w C:\Program Files\lx_cats
2007-12-24 08:27 --------- d-----w C:\Documents and Settings\HP\Application Data\Apple Computer
2007-12-23 16:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-23 13:05 --------- d-----w C:\Program Files\Azureus
2007-12-17 16:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-17 08:52 --------- d-----w C:\Documents and Settings\HP\Application Data\OpenOffice.org2
2007-12-09 15:30 --------- d-----w C:\Program Files\Maxis
2007-12-05 21:05 --------- d-----w C:\Documents and Settings\HP\Application Data\Nokia
2007-12-05 21:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2007-12-05 20:40 --------- d-----w C:\Program Files\Nokia
2007-12-05 20:40 --------- d-----w C:\Program Files\Fichiers communs\PCSuite
2007-12-05 20:40 --------- d-----w C:\Program Files\Fichiers communs\Nokia
2007-12-05 20:39 --------- d-----w C:\Program Files\PC Connectivity Solution
2007-12-05 20:39 --------- d-----w C:\Program Files\DIFX
2007-12-05 20:39 --------- d-----w C:\Documents and Settings\HP\Application Data\PC Suite
2007-12-05 20:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2007-12-01 11:21 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-11-22 13:35 --------- d-----w C:\Program Files\Fichiers communs\DirectX
2007-11-22 12:57 --------- d-----w C:\Program Files\EA GAMES
2007-11-18 12:36 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2007-11-15 17:18 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-15 08:13 --------- d-----w C:\Program Files\Spyware Doctor
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-22 18:46 86,094 ----a-w C:\WINDOWS\BPMNT.dll
2007-10-22 18:46 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2007-10-22 18:46 267,845 ----a-w C:\WINDOWS\tsc.exe
2007-10-22 18:46 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
2007-10-22 18:24 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2007-10-22 18:24 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2007-10-22 18:24 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2007-04-23 16:39 16,411,643 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_04_22_13_21_43_full.dmp.zip
2007-04-23 16:39 104,618 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_22_13_14_15_small.dmp.zip
2006-12-22 21:32 47,360 -c--a-w C:\Documents and Settings\HP\Application Data\pcouffin.sys
2006-06-12 13:15 701,511 ----a-w C:\Documents and Settings\reparation\WinsockFix.zip
2006-04-30 16:52 41,384 ----a-w C:\Documents and Settings\HP\Application Data\GDIPFONTCACHEV1.DAT
2006-01-04 20:20 2,897,821 ----a-w C:\Program Files\bsplayer137.826.exe
2005-05-27 13:22 824,832 ----a-w C:\Documents and Settings\Ad-Aware SE Personal\Ad-Aware.exe
2005-05-25 15:08 162,816 ----a-w C:\Documents and Settings\Ad-Aware SE Personal\unregaaw.exe
2003-05-13 09:06 1,445,888 ----a-w C:\Documents and Settings\reparation\WinsockFix.exe
2001-09-28 16:00 164,864 ----a-w C:\Documents and Settings\Ad-Aware SE Personal\UNWISE.EXE
.
[code]<pre>
----a-w 68,856 2008-01-05 10:32:07 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w 32,881 2008-01-05 10:31:55 C:\Program Files\Java\j2re1.4.2_05\bin\jusched .exe
----a-w 286,720 2007-12-30 10:15:35 C:\Program Files\QuickTime\QTTask .exe
----a-w 688,218 2008-01-05 10:31:57 C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w 98,394 2008-01-05 10:31:55 C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
----a-w 919,016 2008-01-05 13:45:54 C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
</pre>[/code]

((((((((((((((((((((((((((((( snapshot@2008-01-12_18.41.37.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-12 17:27:57 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-01-12 19:13:27 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
- 2008-01-12 17:27:57 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-01-12 19:13:27 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
- 2008-01-12 17:27:58 8,519,680 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
+ 2008-01-12 19:13:28 8,519,680 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
- 2008-01-12 17:27:58 49,152 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
+ 2008-01-12 19:13:28 49,152 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
- 2008-01-12 17:27:58 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
+ 2008-01-12 19:13:28 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
- 2008-01-12 17:27:59 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
+ 2008-01-12 19:13:28 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
- 2008-01-12 10:55:02 53,098 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-12 17:42:03 53,098 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-01-12 10:55:02 64,052 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-01-12 17:42:03 64,052 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-01-12 10:55:02 380,684 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-12 17:42:03 380,684 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-01-12 10:55:02 445,672 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-01-12 17:42:03 445,672 ----a-w C:\WINDOWS\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [ ]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" [ ]
"!AVG Anti-Spyware"="C:\Documents and Settings\HP\Bureau\AVG antispy\AVG Anti-Spyware 7.5\avgas .exe" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"LXCYCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll" [2005-12-01 19:38 65536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0[/u]]
Source= C:\WINDOWS\warnhp.html
FriendlyName= Desktop Uninstall

R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2005-06-29 01:38]
R3 HidMouse Filter;HidMouse Filter;C:\WINDOWS\system32\Drivers\HidMouse.sys [2004-03-21 22:25]
R3 lxcy_device;lxcy_device;C:\WINDOWS\system32\lxcycoms.exe [2006-02-20 20:23]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2005-12-24 17:40]
S3 el575nd5;Pilote de carte réseau PC Card 3Com Megahertz 10/100 CardBus;C:\WINDOWS\system32\DRIVERS\el575nd5.sys [2001-08-17 19:10]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\Auto\command - C:\meipoidto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL meipoidto.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\Launcher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{943b53c2-067d-11db-b0b0-00c09f89de2c}]
\Shell\Auto\command - G:\xkfykveze.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL xkfykveze.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0a6f0d7-9ee2-11da-aff4-00c09f89de2c}]
\Shell\AutoRun\command - E:\jedi.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2006-04-29 13:55:20 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1138368217.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-12 20:15:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-12 20:16:05
ComboFix-quarantined-files.txt 2008-01-12 19:15:43
ComboFix2.txt 2008-01-12 17:41:55
.
2008-01-10 02:04:56 --- E O F ---
A+
0
Réponse 8 / 14
ep44 Messages postés 7432 Statut Contributeur 3
 
refais hijack stp
0
Réponse 9 / 14
prosper
 
Dsl, voila le rapport hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 03:41:03, on 13/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Documents and Settings\HP\Bureau\AVG antispy\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Azureus\Azureus.exe
C:\Documents and Settings\HP\Bureau\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\HP\Bureau\AVG antispy\AVG Anti-Spyware 7.5\avgas .exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\HP\Bureau\AVG antispy\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
0
Réponse 10 / 14
ep44 Messages postés 7432 Statut Contributeur 3
 
Bonjour

Regarde ce lien.
http://www.commentcamarche.net/faq/sujet 3446 windows xp mon pc rame que faire
Suit les étapes de ce lien, une fois fait redémarre ton pc et dit moi si tu as encore des soucis
@+
0
Réponse 11 / 14
prosper
 
Bonjour,
Super tout est rentré dans l'ordre
Merci bcp pour le temps et l'attention accordée
A+
0
Réponse 12 / 14
ep44 Messages postés 7432 Statut Contributeur 3
 
Tu peux supprimer tous les logiciels que nous avons utilisés
va dans ajout/suppression de programes et dans programmes files
pour vérifier

ensuite fais ceci (IMPORTANT)

=> démarrer
=> panneau de configuration
=> système
=> onglet Restauration système
=> coche la case (Désactiver la restauration système)
=> redémarre l'ordinateur
=> réactive la ensuite
-------------------------------------------
Logiciels intéressants a avoir

=>CCleaner
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
tuto
https://forums.cnetfrance.fr

=> Ad-aware SE (scan passif )
https://www.google.com ou http://www.lavasoft.de/support/download/#free
Tutos :
http://home.tiscali.be/schouppeguy/adawarese/adawase.htm

=> SpyBot-Search & Destroy 1.5 (scan passif + protection préventive avec ces 2 résidents, ses vaccinations et sa list Hosts )

https://www.safer-networking.org/download/

démo d utilisation
http://perso.orange.fr/rginformatique/section%20virus/demo%20spybot.htm
https://www.malekal.com/spybot-search-destroy-proteger-desinfecter-pc-virus/
Tuto :
http://perso.orange.fr/jesses/Docs/Logiciels/Spybot.htm

=> a² free (anti-trojans) (scan passif )

- Téléchargement : https://www.emsisoft.com/fr/home/antimalware/
- Tuto : http://perso.orange.fr/jesses/Docs/Logiciels/a-squared.htm

=> ZebProtect (application ne nécessitant pas d installation)

https://www.zebulon.fr/dossiers/autres/40-zebprotect.html
http://telechargement.zebulon.fr/123.html

@+
0
Réponse 13 / 14
prosper
 
C'est fait,
Merci encore!
0
Réponse 14 / 14
ep44 Messages postés 7432 Statut Contributeur 3
 
avec plaisir ;-)
0

Discussions similaires

Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
qu'est ce qu'un "trojan agent/gen" ? svp
Saber03 -
jacques.gache -

33 réponses
Comment enlever mon virus trojan:win32/si...
bryanoulet -
juju666 -

58 réponses
Trojan Csrss.exe
stevenw -
stevenw -

4 réponses