Win32.delf.my + win32.BHO.ati - Page 2

Précédent
  • 1
  • 2
  1. Scarecrow
     
    Je vois que le scan par bitdefender risque de prendre un peu de temps, je le poste ici des que j'en ai la possibilite.
    0
  2. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    ok
    @+
    0
  3. Scarecrow
     
    C:\Documents and Settings\Scarecrow\Bureau\ComboFix.exe=>(RAR Sfx o)
    Infected with: Trojan.Bat.Sdel.B

    C:\Documents and Settings\Scarecrow\Bureau\ComboFix.exe=>(RAR Sfx o)
    Deleted

    C:\Documents and Settings\Scarecrow\Bureau\ComboFix.exe
    Update failed

    C:\Program Files\Alcohol Soft\Alcohol 120\patch.exe
    Infected with: Packer.FSG.A

    C:\Program Files\Alcohol Soft\Alcohol 120\patch.exe
    Disinfection failed

    C:\Program Files\Alcohol Soft\Alcohol 120\patch.exe
    Deleted

    C:\Program Files\True Sword 4\backuped\1\system3.exe
    Infected with: Trojan.PWS

    C:\Program Files\True Sword 4\backuped\1\system3.exe
    Deleted

    C:\QooBox\Quarantine\C\Program Files\system2.exe.vir
    Infected with: Trojan.Agent.BFB

    C:\QooBox\Quarantine\C\Program Files\system2.exe.vir
    Deleted

    C:\System Volume Information\_restore{EAE57FAC-FE9E-4449-9DB8-0B310B96187B}\RP3\A0000107.exe
    Infected with: Trojan.Agent.BFB

    C:\System Volume Information\_restore{EAE57FAC-FE9E-4449-9DB8-0B310B96187B}\RP3\A0000107.exe
    Deleted

    C:\System Volume Information\_restore{EAE57FAC-FE9E-4449-9DB8-0B310B96187B}\RP3\A0000367.exe
    Infected with: Packer.FSG.A

    C:\System Volume Information\_restore{EAE57FAC-FE9E-4449-9DB8-0B310B96187B}\RP3\A0000367.exe
    Disinfection failed

    C:\System Volume Information\_restore{EAE57FAC-FE9E-4449-9DB8-0B310B96187B}\RP3\A0000367.exe
    Deleted

    C:\System Volume Information\_restore{EAE57FAC-FE9E-4449-9DB8-0B310B96187B}\RP3\A0000368.exe
    Infected with: Trojan.PWS

    C:\System Volume Information\_restore{EAE57FAC-FE9E-4449-9DB8-0B310B96187B}\RP3\A0000368.exe
    Deleted

    E:\Download\Crack\Alcohol 120% v1[1].9.5.3105\Alcohol 120% v1.9.5.3105\patch.exe
    Infected with: Packer.FSG.A

    E:\Download\Crack\Alcohol 120% v1[1].9.5.3105\Alcohol 120% v1.9.5.3105\patch.exe
    Disinfection failed

    E:\Download\Crack\Alcohol 120% v1[1].9.5.3105\Alcohol 120% v1.9.5.3105\patch.exe
    Deleted

    E:\Download\Util\DomPlayer-1.3.0.0-setup-3.exe=>(Instyler o)=>(Instyler Module 0)
    Detected with: Adware.Lop.BJ

    E:\Download\Util\DomPlayer-1.3.0.0-setup-3.exe=>(Instyler o)=>(Instyler Module 0)
    Disinfection failed

    E:\Download\Util\DomPlayer-1.3.0.0-setup-3.exe=>(Instyler o)=>(Instyler Module 0)
    Deleted

    E:\Download\Util\DomPlayer-1.3.0.0-setup-3.exe=>(Instyler o)
    Update failed

    E:\Download\Util\smitRem.exe=>(ZIP Sfx o)
    Detected with: Application.Prcviewer.U

    E:\Download\Util\smitRem.exe=>(ZIP Sfx o)
    Deleted

    E:\Download\Util\smitRem.exe
    Update failed

    E:\System Volume Information\_restore{EAE57FAC-FE9E-4449-9DB8-0B310B96187B}\RP3\A0000369.exe
    Infected with: Packer.FSG.A

    E:\System Volume Information\_restore{EAE57FAC-FE9E-4449-9DB8-0B310B96187B}\RP3\A0000369.exe
    Disinfection failed

    E:\System Volume Information\_restore{EAE57FAC-FE9E-4449-9DB8-0B310B96187B}\RP3\A0000369.exe
    Deleted

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:44:25, on 1/02/2008
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\DvzCommon\DvzMsgr.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Microsoft Office\Office\WINWORD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pyrodeathsquad.com/mofo/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {D0AA522F-6255-499C-93D1-FA3CFF944F63} - c:\windows\system32\6to4svcq.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\CarbonPoker\Poker.exe (file missing) (HKCU)
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.be/ImageUploader4.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A2FFD5CA-BD04-408B-A765-6EDEAC7A893E}: NameServer = 213.177.64.2 213.177.65.2
    O20 - Winlogon Notify: fblqzubr - C:\WINDOWS\SYSTEM32\6to4svcq.dll
    O20 - Winlogon Notify: twpR32 - twpR32.dll (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    0
  4. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir
    relance vundofix
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Scarecrow
     
    eginning removal...

    Attempting to delete c:\windows\system32\6to4svcq.dll
    c:\windows\system32\6to4svcq.dll Could not be deleted.

    Attempting to delete c:\windows\system32\6to4svcq.dll
    c:\windows\system32\6to4svcq.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\System32\cmpbk32a.dll
    C:\WINDOWS\System32\cmpbk32a.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\System32\cmpbk32a.dll
    C:\WINDOWS\System32\cmpbk32a.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete c:\windows\system32\6to4svcq.dll
    c:\windows\system32\6to4svcq.dll Could not be deleted.

    Attempting to delete c:\windows\system32\6to4svcq.dll
    c:\windows\system32\6to4svcq.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\System32\cmpbk32a.dll
    C:\WINDOWS\System32\cmpbk32a.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\System32\cmpbk32a.dll
    C:\WINDOWS\System32\cmpbk32a.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Beginning removal...

    Attempting to delete c:\windows\system32\6to4svcq.dll
    c:\windows\system32\6to4svcq.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\System32\cmpbk32a.dll
    C:\WINDOWS\System32\cmpbk32a.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete c:\windows\system32\6to4svcq.dll
    c:\windows\system32\6to4svcq.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\System32\cmpbk32a.dll
    C:\WINDOWS\System32\cmpbk32a.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    VundoFix V6.7.7

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Scan started at 9:53:19 5/02/2008

    Listing files found while scanning....

    No infected files were found.
    0
  7. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir

    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec

    ------
    = Redémarre en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
    Attention, pas d’accès à internet dans ce mode. Enregistre ou imprime les consignes.

    Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
    Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
    -------

    = Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
    = Appuie sur Y pour commencer le processus de nettoyage.
    = Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    = Appuie sur une touche pour redémarrer le PC.
    = Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    = Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    = Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    = Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    = Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse
    @+
    0
  8. Scarecrow
     
    SDFix: Version 1.131

    Run by Scarecrow on dim. 10/02/2008 at 11:21

    Microsoft Windows XP [version 5.1.2600]

    Running From: C:\DOCUME~1\SCAREC~1\Bureau\SDFix

    Safe Mode:
    Checking Services:

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...

    Normal Mode:
    Checking Files:

    No Trojan Files Found

    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\explorer.exe
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.

    Final Check:

    catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-10 11:25:49
    Windows 5.1.2600 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:2df9c43f
    "s2"=dword:110480d0
    "h0"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:90,7f,4e,28,8d,d9,ed,e8,40,dd,b6,f0,dd,d7,2c,45,41,8f,b9,83,e7,..
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vax347s\Config\jdgg40]
    "ujdew"=hex:20,02,00,00,7e,f1,33,69,c8,b6,30,4f,9a,ba,71,c5,0c,d4,c6,6b,d9,..
    "ljej40"=hex:90,23,93,44,25,e6,67,b1,45,88,d1,1f,4a,36,6a,a9,6a,20,43,fc,8a,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:90,7f,4e,28,8d,d9,ed,e8,40,dd,b6,f0,dd,d7,2c,45,41,8f,b9,83,e7,..

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
    "DisplayName"="Alcohol 120% (Trial Version)"

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    Remaining Services:
    ------------------

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    Remaining Files:
    ---------------

    Files with Hidden Attributes:

    Mon 2 Oct 2006 15,960 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
    Tue 15 Feb 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Wed 9 Feb 2005 37,888 A..H. --- "C:\Documents and Settings\Scarecrow\Mes documents\~WRL0078.tmp"
    Wed 9 Feb 2005 40,448 A..H. --- "C:\Documents and Settings\Scarecrow\Mes documents\~WRL1152.tmp"
    Wed 9 Feb 2005 21,504 A..H. --- "C:\Documents and Settings\Scarecrow\Mes documents\~WRL1215.tmp"
    Wed 9 Feb 2005 32,256 A..H. --- "C:\Documents and Settings\Scarecrow\Mes documents\~WRL3556.tmp"
    Wed 9 Feb 2005 23,040 A..H. --- "C:\Documents and Settings\Scarecrow\Mes documents\~WRL3689.tmp"
    Wed 9 Feb 2005 30,720 A..H. --- "C:\Documents and Settings\Scarecrow\Mes documents\~WRL3746.tmp"
    Wed 9 Feb 2005 37,888 A..H. --- "C:\Documents and Settings\Scarecrow\Mes documents\~WRL3924.tmp"
    Wed 9 Feb 2005 28,672 A..H. --- "C:\Documents and Settings\Scarecrow\Application Data\Microsoft\Word\~WRL0834.tmp"
    Wed 9 Feb 2005 19,456 A..H. --- "C:\Documents and Settings\Scarecrow\Application Data\Microsoft\Word\~WRL1044.tmp"
    Wed 9 Feb 2005 26,112 A..H. --- "C:\Documents and Settings\Scarecrow\Application Data\Microsoft\Word\~WRL1811.tmp"
    Wed 9 Feb 2005 45,568 A..H. --- "C:\Documents and Settings\Scarecrow\Application Data\Microsoft\Word\~WRL3049.tmp"
    Wed 9 Feb 2005 43,520 A..H. --- "C:\Documents and Settings\Scarecrow\Application Data\Microsoft\Word\~WRL3714.tmp"
    Wed 9 Feb 2005 40,960 A..H. --- "C:\Documents and Settings\Scarecrow\Application Data\Microsoft\Word\~WRL4082.tmp"
    Tue 15 Feb 2005 4,348 A..H. --- "C:\Documents and Settings\Scarecrow\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
    Tue 29 Aug 2006 20 A..H. --- "C:\Documents and Settings\Scarecrow\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
    Tue 22 Feb 2005 400 A.SH. --- "C:\Documents and Settings\Scarecrow\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"

    Finished!
    0
  9. Scarecrow
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:33:25, on 10/02/2008
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
    C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\WINDOWS\DvzCommon\DvzMsgr.exe
    C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ***
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {D0AA522F-6255-499C-93D1-FA3CFF944F63} - c:\windows\system32\6to4svcq.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\CarbonPoker\Poker.exe (file missing) (HKCU)
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.be/ImageUploader4.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A2FFD5CA-BD04-408B-A765-6EDEAC7A893E}: NameServer = ***
    O20 - Winlogon Notify: fblqzubr - C:\WINDOWS\SYSTEM32\6to4svcq.dll
    O20 - Winlogon Notify: twpR32 - twpR32.dll (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    0
  10. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    BONJOUR ! Scarecrow,

    un bonjour et toujours apprécié surtout quand tu ne donne pas de nouvelle pendant plusieurs jours
    nous ne sommes pas des machines, je suis un hêtre humain tout comme toi :-))

    refais un combofix stp plus un nouveau hijack

    Bon dimanche

    @+
    0
  11. Scarecrow
     
    BONJOUR ep 44, desole de ne pas t'avoir salue, c'est plus un "oubli" de l'ecrire que de le penser. Je me doute bien que tout comme moi tu es un etre humain et non pas une machine...
    0
  12. Scarecrow
     
    ComboFix 07-08-09.3 - "Scarecrow" 2008-02-10 11:50:03.4 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.0.1252.33.1036.18.1078 [GMT 1:00]

    ((((((((((((((((((((((((( Files Created from 2008-01-10 to 2008-02-10 )))))))))))))))))))))))))))))))

    2008-01-30 23:15 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2008-01-30 19:27 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-01-27 19:15 <REP> d-------- C:\WINDOWS\ERUNT
    2008-01-27 18:32 <REP> d-------- C:\VundoFix Backups
    2008-01-27 18:06 2,718 --a------ C:\WINDOWS\system32\tmp.reg
    2008-01-27 15:44 <REP> d-------- C:\Program Files\Trend Micro
    2008-01-27 15:31 51,200 --a------ C:\WINDOWS\nircmd.exe
    2008-01-27 14:57 <REP> d-------- C:\Program Files\Navilog1
    2008-01-27 14:28 <REP> d-------- C:\Program Files\CCleaner
    2008-01-20 18:20 <REP> d-------- C:\WINDOWS\system32\backuped
    2008-01-20 18:20 <REP> d-------- C:\Program Files\True Sword 4
    2008-01-20 18:20 <REP> d-------- C:\DOCUME~1\SCAREC~1\APPLIC~1\True Sword
    2008-01-20 16:39 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2008-01-20 03:07 84,480 --a------ C:\WINDOWS\system32\6to4svcq.dll
    2008-01-20 03:06 <REP> d-------- C:\WINDOWS\system32\AppCert

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2008-02-10 11:51 41997344 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2008-02-10 11:49 1166112 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
    2008-02-10 11:18 570032 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
    2008-02-10 11:18 116540 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
    2008-02-09 17:37 --------- d-------- C:\Program Files\Full Tilt Poker
    2008-02-07 21:32 --------- d-------- C:\DOCUME~1\SCAREC~1\APPLIC~1\AdobeUM
    2008-01-27 15:33 --------- d-------- C:\Program Files\Kaspersky Lab
    2008-01-27 14:52 63614 --a------ C:\WINDOWS\system32\perfc00C.dat
    2008-01-27 14:52 445016 --a------ C:\WINDOWS\system32\perfh00C.dat
    2008-01-27 14:32 --------- d-------- C:\Program Files\ewido anti-malware
    2008-01-13 19:53 --------- d-------- C:\Program Files\mIRC
    2008-01-09 15:01 53248 --a------ C:\WINDOWS\bdoscandel.exe
    2008-01-08 19:33 --------- d-------- C:\Program Files\MSN Messenger
    2007-12-26 15:42 --------- d-------- C:\Program Files\ProtectDisc Driver Installer
    2007-12-26 15:14 --------- d-------- C:\Program Files\MEDA MP3 Splitter
    2007-12-23 11:05 --------- d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-12-22 14:11 --------- d-------- C:\Program Files\DivX_311alpha
    2007-12-16 11:55 --------- d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2007-12-10 12:53 --------- d-------- C:\DOCUME~1\SCAREC~1\APPLIC~1\Datalayer
    2006-10-02 17:35:02 15,960 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D0AA522F-6255-499C-93D1-FA3CFF944F63}]
    2008-01-27 15:33 84480 --a------ c:\windows\system32\6to4svcq.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-10-29 16:50]
    "nwiz"="nwiz.exe" [2004-10-29 16:50 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-10-29 16:50]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-02-16 18:32]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
    "Anti-Blaxx Manager"="C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe" [2005-11-08 10:58]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-25 11:35]
    "PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36]
    "kav"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-03-24 19:09]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
    "UVS10 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-06 23:52]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" []
    "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Dataviz Messenger.lnk - C:\WINDOWS\DvzCommon\DvzMsgr.exe [2003-07-01 21:48:58]
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 09:15:56]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fblqzubr]
    6to4svcq.dll 2008-01-27 15:33 84480 C:\WINDOWS\system32\6to4svcq.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\twpR32]
    twpR32.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\twpR32.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\twpR64.sys]
    @="Driver"

    R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x);C:\WINDOWS\System32\drivers\sfsync02.sys
    R0 vax347b;vax347b;C:\WINDOWS\System32\DRIVERS\vax347b.sys
    R0 vax347s;vax347s;C:\WINDOWS\System32\Drivers\vax347s.sys
    R1 cdrbsvsd;cdrbsvsd;C:\WINDOWS\System32\drivers\cdrbsvsd.sys
    R1 ewido security suite driver;ewido security suite driver;\??\C:\Program Files\ewido anti-malware\guard.sys
    R2 acedrv10;acedrv10;\??\C:\WINDOWS\System32\drivers\acedrv10.sys
    R2 acehlp10;acehlp10;\??\C:\WINDOWS\System32\drivers\acehlp10.sys
    R3 NVENET;NVIDIA nForce MCP Networking Adapter Driver;C:\WINDOWS\System32\DRIVERS\NVENET.sys
    S1 twpR64;UDP netbios mapping;\??\C:\WINDOWS\System32\twpR64.sys
    S2 twpR32;UDP32 netbios mapping;\??\C:\WINDOWS\System32\twpR64.sys
    S2 vxockmjj;StarForce Protection Environment (version 1.x)Monitor;C:\WINDOWS\System32\svchost.exe -k netsvcs
    S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\System32\drivers\av5flt.sys
    S3 ids0004C;ids0004C;\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0004C.sys
    S3 ids0005c;ids0005c;\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0005c.sys
    S3 nmwcd;Nokia USB Phone Parent;C:\WINDOWS\System32\drivers\nmwcd.sys
    S3 nmwcdc;Nokia USB Generic;C:\WINDOWS\System32\drivers\nmwcdc.sys
    S3 nmwcdcm;Nokia USB Modem;C:\WINDOWS\System32\drivers\nmwcdcm.sys
    S3 SaiNtHid;SaiNtHid;C:\WINDOWS\System32\DRIVERS\SaiNtHid.sys
    S3 SaiNtSub;SaiNtSub;C:\WINDOWS\System32\DRIVERS\SaiNtSub.sys
    S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\System32\DRIVERS\sonypvs1.sys

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    vxockmjj

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-10 11:51:29
    Windows 5.1.2600 NTFS

    scanning hidden processes ...

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
    "DisplayName"="Alcohol 120(Trial Version)"

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2008-02-10 11:52:40
    C:\ComboFix-quarantined-files.txt ... 2008-02-10 11:52
    C:\ComboFix2.txt ... 2008-01-27 15:42
    C:\ComboFix3.txt ... 2008-01-27 15:36

    --- E O F ---

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:54:42, on 10/02/2008
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
    C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\WINDOWS\DvzCommon\DvzMsgr.exe
    C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
    C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ***
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {D0AA522F-6255-499C-93D1-FA3CFF944F63} - c:\windows\system32\6to4svcq.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\CarbonPoker\Poker.exe (file missing) (HKCU)
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.be/ImageUploader4.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A2FFD5CA-BD04-408B-A765-6EDEAC7A893E}: NameServer = ***
    O20 - Winlogon Notify: fblqzubr - C:\WINDOWS\SYSTEM32\6to4svcq.dll
    O20 - Winlogon Notify: twpR32 - twpR32.dll (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    0
  13. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    content de le lire ;-))

    Relance Vundofix
    =Ne clique pas sur "Scan for a vundo"
    =Clique droit au milieu de la fenêtre
    =Clique sur Add more files ?
    =Copie/colle les fichiers ci-dessous ( un par case) :

    C:\WINDOWS\SYSTEM32\6to4svcq.dll

    =Clique sur Add files
    =Ensuite clique sur Close Windows
    =Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
    =Si l'outil demande un redémarrage, accepte
    =Poste le rapport Vundofix,

    ensuite
    Télécharge:
    http://www.grisoft.cz/filedir/inst/avgas-setup-7.5.1.43.exe AVG-AntiSpyware
    = Installer
    = Le lancer
    = Clic : Mise à jour
    ------
    = Redémarre en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
    Attention, pas d’accès à internet dans ce mode. Enregistre ou imprime les consignes.

    Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
    Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
    -------
    = Dans ANALYSE ( en forme de loupe )
    ==> Paramètres ==> sous COMMENT REAGIR==>clic sur Actions recommandées ==>Quarantaine
    ==> Clic : Analyse complète du système
    En fin de scan ( qui est assez long)
    ==> Clic Appliquer toutes les actions <== ceci Très important
    ==> Clic Sauvegarder rapport puis Enregistrer sous et choisir bureau
    -------
    En mode normal
    colle le rapport

    ensuite

    on va faire un scan en ligne

    avec bitdefender et colle le rapport

    https://www.bitdefender.com/toolbox/

    un tuto
    http://pageperso.aol.fr/rginformatique/mapage/defender.htm

    bon dimanche :-)
    @+
    0
  14. Scarecrow
     
    Bonjour ep44,

    J'ai eu un soucis pour obtenir le rapport de scan de bitdefender...
    Beginning removal...

    Attempting to delete C:\WINDOWS\SYSTEM32\6to4svcq.dll
    C:\WINDOWS\SYSTEM32\6to4svcq.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Performing Repairs to the registry.
    Done!

    ---------------------------------------------------------
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 23:13:06 10/02/2008

    + Résultat de l'analyse:

    C:\Documents and Settings\Scarecrow\Cookies\scarecrow@3.adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé.
    C:\Documents and Settings\Scarecrow\Cookies\scarecrow@adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé.
    C:\Documents and Settings\Scarecrow\Cookies\scarecrow@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Nettoyé.
    C:\System Volume Information\_restore{EAE57FAC-FE9E-4449-9DB8-0B310B96187B}\RP3\A0000322.dll -> Trojan.Agent.Nh : Nettoyé.

    Fin du rapport

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:03:06, on 16/02/2008
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\DvzCommon\DvzMsgr.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ***
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {D0AA522F-6255-499C-93D1-FA3CFF944F63} - c:\windows\system32\6to4svcq.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
    O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\CarbonPoker\Poker.exe (file missing) (HKCU)
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.be/ImageUploader4.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A2FFD5CA-BD04-408B-A765-6EDEAC7A893E}: NameServer = *
    O20 - Winlogon Notify: fblqzubr - 6to4svcq.dll (file missing)
    O20 - Winlogon Notify: twpR32 - twpR32.dll (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    0
  15. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir ;-)

    relance hijack et coche ceci
    ensuite clic sur fix checked
    O2 - BHO: (no name) - {D0AA522F-6255-499C-93D1-FA3CFF944F63} - c:\windows\system32\6to4svcq.dll (file missing)
    O9 - Extra button: CarbonPoker - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\CarbonPoker\Poker.exe (file missing) (HKCU)
    O20 - Winlogon Notify: fblqzubr - 6to4svcq.dll (file missing)
    O20 - Winlogon Notify: twpR32 - twpR32.dll (file missing)

    ensuite télécharge ces trois logiciels installe les et utilise les
    les uns aprés les autres
    une fait dit moi si tu as encore des soucis

    =>CCleaner
    http://ftpclubic45.clubic.com/...
    tuto:
    https://forums.cnetfrance.fr

    => Ad-aware SE (scan passif )
    http://ftpclubic41.clubic.com/...
    Tutos :
    http://home.tiscali.be/schouppeguy/adawarese/adawase.htm
    démo
    http://pageperso.aol.fr/balltrap34/adwseflash.zip
    http://perso.orange.fr/rginformatique/section%20virus/adawrevid.asf

    => SpyBot-Search & Destroy 1.5 (scan passif + protection préventive avec ces 2 résidents, ses vaccinations et sa list Hosts )

    http://ftpclubic44.clubic.com/...

    démo d utilisation
    http://perso.orange.fr/rginformatique/section%20virus/demo%20spybot.htm
    https://www.malekal.com/spybot-search-destroy-proteger-desinfecter-pc-virus/
    Tuto :
    http://perso.orange.fr/jesses/Docs/Logiciels/Spybot.htm

    @+
    0
  16. Scarecrow
     
    Bonjour ep44,

    Ca a l'air d'etre propre, en tout cas, le probleme n'apparait plus.
    Merci pour ton aide et ta patience.

    Bon dimanche.
    0
  17. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Ok content pour toi

    Tu peux supprimer tous les logiciels que nous avons utilisés
    va dans ajout/suppression de programes et dans programmes files
    pour vérifier

    ensuite fait ceci (IMPORTANT)

    =démarrer
    =panneau de configuration
    =système
    =onglet Restauration système
    =coche la case (Désactiver la restauration système)
    =redémarre l'ordinateur
    =réactive la ensuite
    @+
    0
Précédent
  • 1
  • 2