Sujet Précédent Sujet Suivant

Rapport Hijackthis

Résolu/Fermé
Hollow - 9 févr. 2008 à 17:31
 Hollow - 10 févr. 2008 à 18:39
Bonjour, j' ai chopé un virus sur msn et ai eu d'autre soucis dernierement, je me suis inspiré d'autres sujet pour suprimer les eventuel virus que j'avais.

Seulement afin d'etre sur que mon pc sois un peu plus clean ou de remedier a d'eventuel futurs autres problemes je vous donne le rapport Hijackthis comme il etait conseillé dans plusieurs sujet:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:23:29, on 09/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\neuf telecom\neuf Box\Wizard\Agent_WiFi.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)
R3 - URLSearchHook: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O3 - Toolbar: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [TITLECDROM] C:\DOCUME~1\Julien\APPLIC~1\CREATI~1\Balmstoplogo.exe
O4 - HKCU\..\Run: [Configuration de la neuf Box] C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TVAgent WiFi] C:\Program Files\neuf telecom\neuf Box\Wizard\Agent_WiFi.exe
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Policies\Explorer\Run: [System Patcher] BTCPatcher.exe
O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: &Suchen - res://C:\WINDOWS\system32\Suchspur.dll/Suchspur.HTM
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6B661C66-C8AE-4A7F-9D1C-B2312B5B033D} (ENOVIAWebViewerBrowser Control) - file://C:\Program Files\Dassault Systemes\B12\intel_a\sample\WebViewer\CAB\ENOVIAWebViewerBrowser.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CD3790B5-FE0B-4A95-AAF1-0CA59F9D7C5B} (ENOVIAWebViewer Control) - file://C:\Program Files\Dassault Systemes\B12\intel_a\code\bin\ENOVIAWebViewer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1847430F-5C5E-400B-8023-B7852494C711}: NameServer = 80.118.192.111,80.118.196.40
O17 - HKLM\System\CS1\Services\Tcpip\..\{1847430F-5C5E-400B-8023-B7852494C711}: NameServer = 80.118.192.111,80.118.196.40
O17 - HKLM\System\CS2\Services\Tcpip\..\{1847430F-5C5E-400B-8023-B7852494C711}: NameServer = 80.118.192.111,80.118.196.40
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

19 réponses

Réponse 1 / 19
Utilisateur anonyme
9 févr. 2008 à 18:13
bonjour pour commencer il faudrait te separer de avast qui est maintenant un passoir , son heure de gloire est termine



je te conseille d'installer antivir a la place de avast , pourquoi :http://forum.malekal.com/ftopic3528.php

téléchargement antivir:https://www.malekal.com/avira-free-security-antivirus-gratuit/#mozTocId71944

désinstaller avast:https://www.avast.com/fr-fr/uninstall-utility

une fois antivir configure et mis a jours effectue un scan en mode sans echecs redemarre ton pc ouvre antivir puis cherche le rapport du scan copie et colle le dans ta prochaine reponse

demarrage en mode sans echecs :

Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter.
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
0
Réponse 2 / 19
Hollow
10 févr. 2008 à 11:18
Merci M.L king pour ta reponse, j'ai suivi ce que tu m'as dit.

Seulement n'etant pas le seul utilisateur, je n'ai pas pus faire un scan complet Hier. apres un premier scan localisé en mode sans echec hier, voici le rapport:



AntiVir PersonalEdition Classic
Report file date: samedi 9 février 2008 19:40

Scanning for 1096761 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Julien
Computer name: MAISON

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 18:11:39
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 18:11:41
ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 08/02/2008 18:11:41
ANTIVIR3.VDF : 7.0.2.114 2048 Bytes 08/02/2008 18:11:41
AVEWIN32.DLL : 7.6.0.62 3240448 Bytes 09/02/2008 18:11:43
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 09/02/2008 18:11:44
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Windows System Directory
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysdir.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: samedi 9 février 2008 19:40

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
C:\WINDOWS\system32\vtuutqq.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\vtuutqq.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen

The registry was scanned ( '34' files ).


Starting the file scan:

Begin scan in 'C:\WINDOWS\system32'
C:\WINDOWS\system32\aauiswdt.dll
[DETECTION] Is the Trojan horse TR/Vundo.DXU
[INFO] The file was moved to '4822f400.qua'!
C:\WINDOWS\system32\byxuvvs.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4825f421.qua'!
C:\WINDOWS\system32\byxwxur.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4985b9ba.qua'!
C:\WINDOWS\system32\cbxwwxy.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4825f40c.qua'!
C:\WINDOWS\system32\gebcc.dll
[DETECTION] Is the Trojan horse TR/Virtumod.PB
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\hggdeee.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4814f432.qua'!
C:\WINDOWS\system32\hggdefg.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4814f433.qua'!
C:\WINDOWS\system32\iifddcb.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4813f43e.qua'!
C:\WINDOWS\system32\iifebxw.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '49b3bf47.qua'!
C:\WINDOWS\system32\khfgdbx.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4813f447.qua'!
C:\WINDOWS\system32\ljjjiij.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4817f44e.qua'!
C:\WINDOWS\system32\mljghff.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4817f457.qua'!
C:\WINDOWS\system32\mljiggh.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '49b7bf20.qua'!
C:\WINDOWS\system32\mljiigg.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4817f458.qua'!
C:\WINDOWS\system32\nnnnnnk.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '481bf46d.qua'!
C:\WINDOWS\system32\pmnkjig.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '481bf476.qua'!
C:\WINDOWS\system32\pmnlihg.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '49bbbf0f.qua'!
C:\WINDOWS\system32\pmnlmjh.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '481bf468.qua'!
C:\WINDOWS\system32\qommjji.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '481af47d.qua'!
C:\WINDOWS\system32\rqrsppo.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '481ff484.qua'!
C:\WINDOWS\system32\tuvvuts.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4823f497.qua'!
C:\WINDOWS\system32\urqpopn.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '481ef497.qua'!
C:\WINDOWS\system32\vtuutqq.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\wvuvuvs.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4822f4af.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!


End of the scan: samedi 9 février 2008 19:47
Used time: 07:49 min

The scan has been done completely.

264 Scanning directories
7737 Files were scanned
25 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
22 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
7712 Files not concerned
13 Archives were scanned
4 Warnings
0 Notes

cependant j'ai fait un scan complet ce matin, toujours en mode sans echec, voici le rapport:



AntiVir PersonalEdition Classic
Report file date: dimanche 10 février 2008 08:20

Scanning for 1096761 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Julien
Computer name: MAISON

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 18:11:39
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 18:11:41
ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 08/02/2008 18:11:41
ANTIVIR3.VDF : 7.0.2.114 2048 Bytes 08/02/2008 18:11:41
AVEWIN32.DLL : 7.6.0.62 3240448 Bytes 09/02/2008 18:11:43
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 09/02/2008 18:11:44
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: G:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 10 février 2008 08:20

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'G:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '33' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\Panda Security\TotalScan\pskavs.dll
[DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738
[INFO] The file was moved to '4819b5e9.qua'!
C:\WINDOWS\system32\gebcc.VIR000
[DETECTION] Is the Trojan horse TR/Virtumod.PB
[INFO] The file was moved to '4810beff.qua'!
C:\WINDOWS\system32\vtuutqq.VIR
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4823bf68.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'G:\' <Dd sauvegar>


End of the scan: dimanche 10 février 2008 11:03
Used time: 2:43:33 min

The scan has been done completely.

12785 Scanning directories
547813 Files were scanned
3 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
3 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
547810 Files not concerned
4308 Archives were scanned
3 Warnings
1 Notes

je te remerci grandement pour ton intervention.
0
Réponse 3 / 19
Utilisateur anonyme
10 févr. 2008 à 11:56
bonjour , ne te justifie pas , on fait comme on peu , pas comme on veu ! (lol)
je me doutais que ton pc avait une infection plus lourde .
voici pour commencer


Télécharger Vundofix.exe (par Atribune) sur votre Bureau : http://www.atribune.org/ccount/click.php?id=4

pour effectuer les fix deconnect toi et ferme toutes tes applications !!

* Double-cliquer sur VundoFix.exe afin de le lancer.
* Cliquer sur le bouton Scan for Vundo.
* Lorsque le scan est complété, cliquer sur le bouton Remove Vundo.
* Une invite de commande demandera si l’on souhaite supprimer les fichiers, cliquer sur YES
* Après avoir cliqué "YES", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Une nouvelle invite de commande annoncera que le PC devra s'éteindre ("shutdown"). Cliquer sur OK , puis laisser le redémarrer.
* Le contenu du rapport est situé dans C:\vundofix.txt, poste le stp







Télécharge sur le bureau
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
=> Double clic sur VirtumundoBeGone.exe
=> Clic Continue ==> clic Start
=> Clic Oui
=> A la fin si Vundo est présent , le PC s’éteint et redémarre
- Si Ecran bleu et message : Erreur fatale .. pas de problème
=> Poster le rapport VBG.TXT qui est sur le bureau
0
Réponse 4 / 19
Hollow
10 févr. 2008 à 14:03
j'ai suivi tes recommandation, voici les rapport:


VundoFix V6.7.8

Checking Java version...

Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 13:25:16 10/02/2008

Listing files found while scanning....

C:\WINDOWS\system32\awtrrsp.dll
C:\WINDOWS\system32\awttqrs.dll
C:\WINDOWS\system32\awtuuvu.dll
C:\WINDOWS\system32\cbxyxya.dll
C:\WINDOWS\system32\ddccyay.dll
C:\WINDOWS\system32\ddcyvsq.dll
C:\WINDOWS\system32\fccayvu.dll
C:\WINDOWS\system32\gebaxxw.dll
C:\WINDOWS\system32\mljgfff.dll
C:\WINDOWS\system32\mljghfd.dll
C:\WINDOWS\system32\mljhiii.dll
C:\WINDOWS\system32\mljifgd.dll
C:\WINDOWS\system32\mljkiji.dll
C:\WINDOWS\system32\nnnolkj.dll
C:\WINDOWS\system32\nnnopnn.dll
C:\WINDOWS\system32\opnklkl.dll
C:\WINDOWS\system32\tuvstus.dll
C:\WINDOWS\system32\tuvvuvv.dll
C:\WINDOWS\system32\urqpnki.dll
C:\WINDOWS\system32\urqrrrr.dll
C:\WINDOWS\system32\wvuturp.dll
C:\WINDOWS\system32\xxyyyvs.dll
C:\WINDOWS\system32\yayvtsq.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awtrrsp.dll
C:\WINDOWS\system32\awtrrsp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awttqrs.dll
C:\WINDOWS\system32\awttqrs.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtuuvu.dll
C:\WINDOWS\system32\awtuuvu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbxyxya.dll
C:\WINDOWS\system32\cbxyxya.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddccyay.dll
C:\WINDOWS\system32\ddccyay.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcyvsq.dll
C:\WINDOWS\system32\ddcyvsq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fccayvu.dll
C:\WINDOWS\system32\fccayvu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebaxxw.dll
C:\WINDOWS\system32\gebaxxw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljgfff.dll
C:\WINDOWS\system32\mljgfff.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljghfd.dll
C:\WINDOWS\system32\mljghfd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljhiii.dll
C:\WINDOWS\system32\mljhiii.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljifgd.dll
C:\WINDOWS\system32\mljifgd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljkiji.dll
C:\WINDOWS\system32\mljkiji.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnolkj.dll
C:\WINDOWS\system32\nnnolkj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnopnn.dll
C:\WINDOWS\system32\nnnopnn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\opnklkl.dll
C:\WINDOWS\system32\opnklkl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvstus.dll
C:\WINDOWS\system32\tuvstus.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvvuvv.dll
C:\WINDOWS\system32\tuvvuvv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\urqpnki.dll
C:\WINDOWS\system32\urqpnki.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\urqrrrr.dll
C:\WINDOWS\system32\urqrrrr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvuturp.dll
C:\WINDOWS\system32\wvuturp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xxyyyvs.dll
C:\WINDOWS\system32\xxyyyvs.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yayvtsq.dll
C:\WINDOWS\system32\yayvtsq.dll Has been deleted!

Performing Repairs to the registry.
Done!



[02/10/2008, 13:56:39] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Julien\Bureau\VirtumundoBeGone.exe" )
[02/10/2008, 13:56:45] - Detected System Information:
[02/10/2008, 13:56:46] - Windows Version: 5.1.2600, Service Pack 2
[02/10/2008, 13:56:46] - Current Username: Julien (Admin)
[02/10/2008, 13:56:46] - Windows is in NORMAL mode.
[02/10/2008, 13:56:46] - Searching for Browser Helper Objects:
[02/10/2008, 13:56:46] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[02/10/2008, 13:56:46] - BHO 2: {0EEDB912-C5FA-486F-8334-57288578C627} (Shareaza Web Download Hook)
[02/10/2008, 13:56:46] - BHO 3: {35468C33-B904-4260-9B8C-FFB953B2A270} ()
[02/10/2008, 13:56:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/10/2008, 13:56:46] - Checking for HKLM\...\Winlogon\Notify\vtuutqq
[02/10/2008, 13:56:46] - Found: HKLM\...\Winlogon\Notify\vtuutqq - This is probably Virtumundo.
[02/10/2008, 13:56:46] - Assigning {35468C33-B904-4260-9B8C-FFB953B2A270} MSEvents Object
[02/10/2008, 13:56:46] - BHO list has been changed! Starting over...
[02/10/2008, 13:56:46] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[02/10/2008, 13:56:46] - BHO 2: {0EEDB912-C5FA-486F-8334-57288578C627} (Shareaza Web Download Hook)
[02/10/2008, 13:56:46] - BHO 3: {35468C33-B904-4260-9B8C-FFB953B2A270} (MSEvents Object)
[02/10/2008, 13:56:46] - ALERT: Found MSEvents Object!
[02/10/2008, 13:56:46] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[02/10/2008, 13:56:46] - BHO 5: {5C298311-0F1F-C802-7D27-A2D46C968E29} ()
[02/10/2008, 13:56:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/10/2008, 13:56:46] - Checking for HKLM\...\Winlogon\Notify\axis hole
[02/10/2008, 13:56:46] - Key not found: HKLM\...\Winlogon\Notify\axis hole, continuing.
[02/10/2008, 13:56:46] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/10/2008, 13:56:46] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[02/10/2008, 13:56:46] - BHO 8: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[02/10/2008, 13:56:46] - BHO 9: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[02/10/2008, 13:56:46] - BHO 10: {BC2E88C7-36C3-4118-B310-B058AF5965C8} ()
[02/10/2008, 13:56:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/10/2008, 13:56:46] - Checking for HKLM\...\Winlogon\Notify\gebcc
[02/10/2008, 13:56:46] - Key not found: HKLM\...\Winlogon\Notify\gebcc, continuing.
[02/10/2008, 13:56:46] - BHO 11: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[02/10/2008, 13:56:46] - Finished Searching Browser Helper Objects
[02/10/2008, 13:56:46] - *** Detected MSEvents Object
[02/10/2008, 13:56:46] - Trying to remove MSEvents Object...
[02/10/2008, 13:56:47] - Terminating Process: IEXPLORE.EXE
[02/10/2008, 13:56:47] - Terminating Process: RUNDLL32.EXE
[02/10/2008, 13:56:48] - Disabling Automatic Shell Restart
[02/10/2008, 13:56:48] - Terminating Process: EXPLORER.EXE
[02/10/2008, 13:56:48] - Suspending the NT Session Manager System Service
[02/10/2008, 13:56:48] - Terminating Windows NT Logon/Logoff Manager
[02/10/2008, 13:56:48] - Re-enabling Automatic Shell Restart
[02/10/2008, 13:56:48] - File to disable: C:\WINDOWS\system32\vtuutqq.dll
[02/10/2008, 13:56:48] - Removing HKLM\...\Browser Helper Objects\{35468C33-B904-4260-9B8C-FFB953B2A270}
[02/10/2008, 13:56:48] - Removing HKCR\CLSID\{35468C33-B904-4260-9B8C-FFB953B2A270}
[02/10/2008, 13:56:48] - Adding Kill Bit for ActiveX for GUID: {35468C33-B904-4260-9B8C-FFB953B2A270}
[02/10/2008, 13:56:48] - Deleting ATLEvents/MSEvents Registry entries
[02/10/2008, 13:56:48] - Removing HKLM\...\Winlogon\Notify\vtuutqq
[02/10/2008, 13:56:48] - Searching for Browser Helper Objects:
[02/10/2008, 13:56:48] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[02/10/2008, 13:56:48] - BHO 2: {0EEDB912-C5FA-486F-8334-57288578C627} (Shareaza Web Download Hook)
[02/10/2008, 13:56:48] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[02/10/2008, 13:56:48] - BHO 4: {5C298311-0F1F-C802-7D27-A2D46C968E29} ()
[02/10/2008, 13:56:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/10/2008, 13:56:48] - Checking for HKLM\...\Winlogon\Notify\axis hole
[02/10/2008, 13:56:48] - Key not found: HKLM\...\Winlogon\Notify\axis hole, continuing.
[02/10/2008, 13:56:49] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/10/2008, 13:56:49] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[02/10/2008, 13:56:49] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[02/10/2008, 13:56:49] - BHO 8: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[02/10/2008, 13:56:49] - BHO 9: {BC2E88C7-36C3-4118-B310-B058AF5965C8} ()
[02/10/2008, 13:56:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/10/2008, 13:56:49] - Checking for HKLM\...\Winlogon\Notify\gebcc
[02/10/2008, 13:56:49] - Key not found: HKLM\...\Winlogon\Notify\gebcc, continuing.
[02/10/2008, 13:56:49] - BHO 10: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[02/10/2008, 13:56:49] - Finished Searching Browser Helper Objects
[02/10/2008, 13:56:49] - Finishing up...
[02/10/2008, 13:56:49] - A restart is needed.
[02/10/2008, 13:56:55] - Attempting to Restart via STOP error (Blue Screen!)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 19
Utilisateur anonyme
10 févr. 2008 à 15:14
poste un nouveau rapport hijackthis stp
0
Réponse 6 / 19
Hollow
10 févr. 2008 à 15:19
voici:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:19:10, on 10/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\Program Files\neuf telecom\neuf Box\Wizard\Agent_WiFi.exe
C:\FRAPS\FRAPS.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)
R3 - URLSearchHook: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\Plugins\RazaWebHook.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C298311-0F1F-C802-7D27-A2D46C968E29} - C:\DOCUME~1\Julien\APPLIC~1\MEMOMA~1\axis hole.exe (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {BC2E88C7-36C3-4118-B310-B058AF5965C8} - C:\WINDOWS\system32\gebcc.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [TITLECDROM] C:\DOCUME~1\Julien\APPLIC~1\CREATI~1\Balmstoplogo.exe
O4 - HKCU\..\Run: [Configuration de la neuf Box] C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TVAgent WiFi] C:\Program Files\neuf telecom\neuf Box\Wizard\Agent_WiFi.exe
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ddnupdate.lnk = ?
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: &Suchen - res://C:\WINDOWS\system32\Suchspur.dll/Suchspur.HTM
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6B661C66-C8AE-4A7F-9D1C-B2312B5B033D} (ENOVIAWebViewerBrowser Control) - file://C:\Program Files\Dassault Systemes\B12\intel_a\sample\WebViewer\CAB\ENOVIAWebViewerBrowser.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CD3790B5-FE0B-4A95-AAF1-0CA59F9D7C5B} (ENOVIAWebViewer Control) - file://C:\Program Files\Dassault Systemes\B12\intel_a\code\bin\ENOVIAWebViewer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1847430F-5C5E-400B-8023-B7852494C711}: NameServer = 80.118.192.111,80.118.196.40
O17 - HKLM\System\CS1\Services\Tcpip\..\{1847430F-5C5E-400B-8023-B7852494C711}: NameServer = 80.118.192.111,80.118.196.40
O17 - HKLM\System\CS2\Services\Tcpip\..\{1847430F-5C5E-400B-8023-B7852494C711}: NameServer = 80.118.192.111,80.118.196.40
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
0
Réponse 7 / 19
Utilisateur anonyme
10 févr. 2008 à 15:24
Télécharge le FixWareout d'un de ces deux sites, sur le bureau:
http://downloads.subratam.org/Fixwareout.exe
https://www.bleepingcomputer.com/download/linux/
Ferme toutes les fenêtres de tous les programmes ouverts.

Lance le Fixwareout.exe: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.

Le fix va commencer, suis les messages à l'écran.
Il te sera demandé de redémarrer ton ordinateur, fais-le.
Ton système mettra un peu plus de temps au démarrage, c'est normal.
Une fois le scan terminé, un rapport va s'afficher. ==> tu peux en faire un copier/coller et le poster sur ce forum.

Note : [Le bureau sans icône va apparaître ainsi qu'une petite fenêtre ayant pour titre BFU. Clique sur OK et patiente jusqu'à la fin du scan. (Ca peut prendre plusieurs minutes pendant lesquelles tu as l'impression que rien ne se passe. Patiente!)
Quand ton système aura redémarré, suis les invites des messages.]

Poste le rapport de FixWareout. ==> (Il est enregistré dans "Poste de travail" > C:\FixWareout\report.txt).

Poste enfin un nouveau log HijackThis.
0
Réponse 8 / 19
Hollow
10 févr. 2008 à 15:38
j'ai suivi tes indication:

Username "Julien" - 10/02/2008 15:30:31 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

Cache de résolution DNS vidé.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\""
"TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"ISUSPM Startup"="\"C:\\Program Files\\Fichiers communs\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Fichiers communs\\InstallShield\\UpdateService\\issch.exe\" -start"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"avgnt"="\"C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TITLECDROM"="C:\\DOCUME~1\\Julien\\APPLIC~1\\CREATI~1\\Balmstoplogo.exe"
"Configuration de la neuf Box"="C:\\Program Files\\neuf telecom\\neuf Box\\Wizard\\QuickAccess.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"TVAgent WiFi"="C:\\Program Files\\neuf telecom\\neuf Box\\Wizard\\Agent_WiFi.exe"
"Fraps"="C:\\FRAPS\\FRAPS.EXE"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:37:52, on 10/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\neuf telecom\neuf Box\Wizard\Agent_WiFi.exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)
R3 - URLSearchHook: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\Plugins\RazaWebHook.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C298311-0F1F-C802-7D27-A2D46C968E29} - C:\DOCUME~1\Julien\APPLIC~1\MEMOMA~1\axis hole.exe (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {BC2E88C7-36C3-4118-B310-B058AF5965C8} - C:\WINDOWS\system32\gebcc.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [TITLECDROM] C:\DOCUME~1\Julien\APPLIC~1\CREATI~1\Balmstoplogo.exe
O4 - HKCU\..\Run: [Configuration de la neuf Box] C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TVAgent WiFi] C:\Program Files\neuf telecom\neuf Box\Wizard\Agent_WiFi.exe
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ddnupdate.lnk = ?
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: &Suchen - res://C:\WINDOWS\system32\Suchspur.dll/Suchspur.HTM
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6B661C66-C8AE-4A7F-9D1C-B2312B5B033D} (ENOVIAWebViewerBrowser Control) - file://C:\Program Files\Dassault Systemes\B12\intel_a\sample\WebViewer\CAB\ENOVIAWebViewerBrowser.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CD3790B5-FE0B-4A95-AAF1-0CA59F9D7C5B} (ENOVIAWebViewer Control) - file://C:\Program Files\Dassault Systemes\B12\intel_a\code\bin\ENOVIAWebViewer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1847430F-5C5E-400B-8023-B7852494C711}: NameServer = 80.118.192.111,80.118.196.40
O17 - HKLM\System\CS1\Services\Tcpip\..\{1847430F-5C5E-400B-8023-B7852494C711}: NameServer = 80.118.192.111,80.118.196.40
O17 - HKLM\System\CS2\Services\Tcpip\..\{1847430F-5C5E-400B-8023-B7852494C711}: NameServer = 80.118.192.111,80.118.196.40
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
0
Réponse 9 / 19
Utilisateur anonyme
10 févr. 2008 à 15:49
1-Télécharge BTFix de Bibi26
http://cluster1.easy-hebergement.net/

*Dézippe l'archive sur ton Bureau.
*Ouvre le dossier BTFix.
*Double clique sur BTFix.exe.
*Clique sur Rechercher.
*Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.

0
Réponse 10 / 19
Hollow
10 févr. 2008 à 15:58
voici le rapport BTfix:

BTFix 1.075 (par bibi26) - 10/02/2008 15:57:13 - Analyse
Lancé depuis C:\Documents and Settings\Julien\Bureau\BTFix\BTFix.exe

---> Fichiers/Dossiers trouvés

- C:\Program Files\daemontools_whenusave_installer\

---> Analyse terminée
0
Réponse 11 / 19
Utilisateur anonyme
10 févr. 2008 à 16:05
* Démarre l'ordinateuren mode sans echecs.
* Une fois le chargement du BIOS terminé, il y a un écran noir.
* Appuie sur la touche F8 ou F5, à répétition jusqu'à l'affichage du menu des options avancées de Windows.
* En utilisant les touches du curseur, sélectionne le mode sans échec approprié et appuie sur Entrée.
* Choisis ton compte usuel et non Administrateur.

* Ouvre BTFix
* Clique sur "Nettoyer"
* Un rapport va apparaître, copie/colle-le dans ta prochaine réponse
0
Réponse 12 / 19
Hollow
10 févr. 2008 à 16:20
Oups, apres avoir nettoyé, j'ai relancé une recherche alors que j'aurai pas du

pendant le nettoyage il m'as bien dit que le dossier C:\Program Files\daemontools_whenusave_installer\ a été nettoyé

et voici le rapport de la derniere recherche:


BTFix 1.075 (par bibi26) - 10/02/2008 16:13:14 - Analyse
Lancé depuis C:\Documents and Settings\Julien\Bureau\BTFix\BTFix.exe

---> Fichiers/Dossiers trouvés


---> Analyse terminée
0
Réponse 13 / 19
Utilisateur anonyme
10 févr. 2008 à 17:14
ok poste un nouveau rapport hijackthis ce dois etre bon cette fois ci .
0
Réponse 14 / 19
Hollow
10 févr. 2008 à 17:19
voici le rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:17:44, on 10/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\neuf telecom\neuf Box\Wizard\Agent_WiFi.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - _{01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)
R3 - URLSearchHook: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\Plugins\RazaWebHook.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C298311-0F1F-C802-7D27-A2D46C968E29} - C:\DOCUME~1\Julien\APPLIC~1\MEMOMA~1\axis hole.exe (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {BC2E88C7-36C3-4118-B310-B058AF5965C8} - C:\WINDOWS\system32\gebcc.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [TITLECDROM] C:\DOCUME~1\Julien\APPLIC~1\CREATI~1\Balmstoplogo.exe
O4 - HKCU\..\Run: [Configuration de la neuf Box] C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TVAgent WiFi] C:\Program Files\neuf telecom\neuf Box\Wizard\Agent_WiFi.exe
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ddnupdate.lnk = ?
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: &Suchen - res://C:\WINDOWS\system32\Suchspur.dll/Suchspur.HTM
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6B661C66-C8AE-4A7F-9D1C-B2312B5B033D} (ENOVIAWebViewerBrowser Control) - file://C:\Program Files\Dassault Systemes\B12\intel_a\sample\WebViewer\CAB\ENOVIAWebViewerBrowser.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CD3790B5-FE0B-4A95-AAF1-0CA59F9D7C5B} (ENOVIAWebViewer Control) - file://C:\Program Files\Dassault Systemes\B12\intel_a\code\bin\ENOVIAWebViewer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1847430F-5C5E-400B-8023-B7852494C711}: NameServer = 80.118.192.111,80.118.196.40
O17 - HKLM\System\CS1\Services\Tcpip\..\{1847430F-5C5E-400B-8023-B7852494C711}: NameServer = 80.118.192.111,80.118.196.40
O17 - HKLM\System\CS2\Services\Tcpip\..\{1847430F-5C5E-400B-8023-B7852494C711}: NameServer = 80.118.192.111,80.118.196.40
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
0
Réponse 15 / 19
Utilisateur anonyme
10 févr. 2008 à 17:28
bon fait ceci

Télécharges ComboFix à partir d'un de ces liens :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
https://forospyware.com
http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/

Et important, enregistre le sur le bureau.

Avant d'utiliser ComboFix :

► Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

► Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.


Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

► Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

► Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
0
Réponse 16 / 19
Hollow
10 févr. 2008 à 18:12
voici le rapport combofix:

ComboFix 08-02.05.3 - Julien 2008-02-10 18:01:34.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.145 [GMT 1:00]Endroit: C:\Documents and Settings\Julien\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Julien\ravmonlog
C:\Documents and Settings\Mylene\Application Data\HbTools
C:\Documents and Settings\Mylene\ravmonlog
C:\WINDOWS\system32\ccbeg.ini
C:\WINDOWS\system32\ccbeg.ini2
G:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_IPRIP
-------\Iprip
-------\nm




((((((((((((((((((((((((((((( Fichiers créés 2008-01-10 to 2008-02-10 ))))))))))))))))))))))))))))))))))))
.

2008-02-10 15:30 . 2008-02-10 15:34 <REP> d-------- C:\fixwareout
2008-02-10 13:52 . 2008-02-10 13:52 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-02-10 13:25 . 2008-02-10 13:52 <REP> d-------- C:\VundoFix Backups
2008-02-09 18:49 . 2008-02-09 18:49 <REP> d-------- C:\Program Files\Avira
2008-02-09 18:49 . 2008-02-09 18:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-02-09 17:19 . 2008-02-09 17:19 <REP> d-------- C:\Documents and Settings\Julien\Application Data\Live-Prod
2008-02-09 17:18 . 2008-02-09 17:21 <REP> d-------- C:\Program Files\LiveKillCleanMessenger
2008-02-09 16:54 . 2008-02-09 16:54 <REP> d-------- C:\Program Files\Trend Micro
2008-02-09 16:15 . 2008-02-09 16:08 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-09 16:15 . 2008-02-09 16:15 3,449 --a------ C:\WINDOWS\unins000.dat
2008-02-06 13:59 . 2007-08-21 15:21 794,624 --a------ C:\WINDOWS\system32\spr32d35.dll
2008-02-06 13:51 . 2008-02-06 14:02 <REP> d-------- C:\Program Files\Architecte 3D Platinium Demo
2008-02-06 13:09 . 2008-02-06 13:13 <REP> d-------- C:\Program Files\Panda Security
2008-02-02 11:52 . 2008-02-10 18:05 4,436,000 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-02 11:52 . 2008-02-10 17:45 54,884 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-02 11:43 . 2008-02-02 11:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-02-02 11:42 . 2008-02-02 11:48 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-02-02 11:41 . 2007-12-13 19:27 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-02-02 11:41 . 2007-12-13 19:27 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-02-02 11:41 . 2007-12-13 19:27 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-02-02 11:41 . 2007-12-13 19:27 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-02-02 11:41 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-02-02 11:41 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-02-02 11:39 . 2008-02-02 11:42 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-02-02 11:39 . 2008-02-02 11:39 <REP> d-------- C:\Program Files\Zone Labs
2008-02-02 11:39 . 2007-12-13 19:27 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-02-02 11:39 . 2008-02-10 17:47 358,830 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-02-02 11:38 . 2008-02-10 17:59 <REP> d-------- C:\WINDOWS\Internet Logs
2008-02-02 11:35 . 2008-02-02 11:35 <REP> d-------- C:\Program Files\CCleaner
2008-02-01 21:19 . 2008-02-02 10:44 17,273 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2008-01-29 17:15 . 2008-02-09 09:23 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-29 17:15 . 2008-01-29 17:15 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-01-26 14:50 . 2008-01-26 14:50 <REP> d-------- C:\Documents and Settings\Julien\Presets
2008-01-25 09:23 . 2008-01-25 09:23 <REP> d-------- C:\Program Files\Common Files
2008-01-21 16:36 . 2008-01-21 16:36 <REP> d-------- C:\Program Files\Blender Foundation
2008-01-21 14:26 . 2008-01-21 14:26 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-18 10:10 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-18 10:10 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-01-18 10:10 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-17 21:35 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-01-17 21:33 . 2008-01-17 21:33 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-01-17 21:32 . 2008-01-17 21:32 <REP> d-------- C:\Program Files\Windows Live Toolbar
2008-01-17 21:18 . 2008-01-17 21:25 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-17 21:17 . 2008-01-17 21:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-17 20:51 . 2005-02-01 14:20 5,760,056 --a------ C:\WINDOWS\Darkstar.bmp
2008-01-17 20:47 . 2008-01-17 20:47 <REP> d-------- C:\Program Files\Fichiers communs\Stardock
2008-01-17 20:47 . 2008-01-17 20:52 <REP> d-------- C:\Program Files\AlienGUIse
2008-01-17 20:47 . 2003-02-26 22:27 36,864 --a------ C:\WINDOWS\system32\wbsys.dll
2008-01-17 20:47 . 2008-01-17 20:47 56 --a------ C:\WINDOWS\wb.ini
2008-01-17 15:29 . 2008-01-17 15:29 <REP> d-------- C:\WoW-2.0.0-frFR-Installer
2008-01-17 15:29 . 2008-01-17 15:29 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
2008-01-17 15:29 . 2008-01-17 15:29 1,072,255 --a------ C:\WoW-2.0.0-frFR-Installer-downloader.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-09 15:16 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-08 22:26 --------- d-----w C:\Documents and Settings\Julien\Application Data\OpenOffice.org2
2008-02-02 09:45 --------- d-----w C:\Program Files\eMule
2008-02-01 19:56 --------- d-----w C:\Program Files\Sunbelt Software
2008-01-28 14:08 --------- d-----w C:\Program Files\Htmledit
2008-01-21 13:50 --------- d-----w C:\Program Files\OGSConverter
2008-01-18 09:12 --------- d-----w C:\Program Files\Windows Live
2008-01-17 20:30 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-14 20:03 --------- d-----w C:\Program Files\Fichiers communs\ErrorSafe
2008-01-14 15:26 --------- d-----w C:\Documents and Settings\Julien\Application Data\teamspeak2
2008-01-08 18:34 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-06 16:12 --------- d-----w C:\Documents and Settings\Julien\Application Data\Skype
2008-01-06 16:09 304,160 ----a-w C:\StiImg.dat
2008-01-02 10:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-26 09:02 --------- d-----w C:\Program Files\Java
2007-12-23 12:14 --------- d-----w C:\Documents and Settings\Julien\Application Data\Samsung
2007-12-23 11:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-23 11:42 --------- d-----w C:\Program Files\Samsung
2007-07-07 14:49 0 ----a-w C:\Program Files\Uninstal.$$A
2006-01-25 10:18 37 ----a-w C:\Documents and Settings\Julien\getfile.dat
2006-01-23 19:00 37 ----a-w C:\Documents and Settings\Mylene\getfile.dat
2005-05-08 17:26 56 --sha-r C:\WINDOWS\system32\6B00F46D92.sys
2006-03-09 17:21 8 --sh--r C:\WINDOWS\system32\947128E19A.sys
2006-03-09 17:21 952 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C298311-0F1F-C802-7D27-A2D46C968E29}]
C:\DOCUME~1\Julien\APPLIC~1\MEMOMA~1\axis hole.exe

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BC2E88C7-36C3-4118-B310-B058AF5965C8}]
C:\WINDOWS\system32\gebcc.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TITLECDROM"="C:\DOCUME~1\Julien\APPLIC~1\CREATI~1\Balmstoplogo.exe" [ ]
"Configuration de la neuf Box"="C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe" [2005-12-13 14:19 389120]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-28 20:24 68856]
"TVAgent WiFi"="C:\Program Files\neuf telecom\neuf Box\Wizard\Agent_WiFi.exe" [2005-12-13 12:48 976896]
"Fraps"="C:\FRAPS\FRAPS.EXE" [2005-12-03 11:01 2826240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-12-04 01:29 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-01-22 17:23 98304]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664]
"ISUSPM Startup"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [ ]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30 81920]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 23:22 35328]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-09 19:11 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"NTSpool"= NTSpool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk
backup=C:\WINDOWS\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^LightSurf.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\LightSurf.lnk
backup=C:\WINDOWS\pss\LightSurf.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Desktop Search.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Desktop Search.lnk
backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Julien^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=C:\Documents and Settings\Julien\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Julien^Menu Démarrer^Programmes^Démarrage^WkCalRem.LNK]
path=C:\Documents and Settings\Julien\Menu Démarrer\Programmes\Démarrage\WkCalRem.LNK
backup=C:\WINDOWS\pss\WkCalRem.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\824Edb]
C:\WINDOWS\gsarold.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-08-12 21:10 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlazeServoTool]
C:\Program Files\BlazeVideo\BlazeDVD 4 Professional\MediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Configuration de la neuf Box]
--------- 2005-12-13 14:19 389120 C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-05 13:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2004-05-12 15:18 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpfsched]
--a------ 1998-07-30 15:58 35328 C:\WINDOWS\hpfsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
C:\Program Files\Internet Optimizer\optimize.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IST Service]
C:\Program Files\ISTsvc\istsvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mess burn hold global]
C:\Documents and Settings\All Users\Application Data\CornProxyMessBurn\Startseek.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
--a------ 2006-04-26 17:39 190024 C:\Program Files\MessengerPlus! 3\MsgPlus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MGSysCtrl]
--a------ 2004-09-13 18:06 137216 C:\Program Files\MSI\System Control Manager\MGSysCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\system32\PSDrvCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-01-22 17:23 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-08-30 12:48 69632 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-03-31 20:57 32881 C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier.exe]
C:\Program Files\SuperCopier\SuperCopier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TITLECDROM]
C:\DOCUME~1\Julien\APPLIC~1\CREATI~1\Balmstoplogo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-12-04 01:29 180269 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVAgent WiFi]
--------- 2005-12-13 12:48 976896 C:\Program Files\neuf telecom\neuf Box\Wizard\Agent_WiFi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-05-14 23:22 35328 C:\Program Files\Winamp\winampa.exe

R2 HPFECP13;HPFECP13;C:\WINDOWS\system32\drivers\HPFECP13.SYS [1998-07-30 22:40]
R2 NwSapAgent;Agent SAP;C:\WINDOWS\system32\svchost.exe [2004-08-05 13:00]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-12-20 07:00]
R3 PAC207;Trust WB-1200p Mini Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 12:29]
S2 MPManF50;MPMan F50 USB Driver;C:\WINDOWS\system32\Drivers\MPManF50.sys [2000-08-30 16:15]
S3 MGHwCtrl;MGHwCtrl;C:\WINDOWS\System32\Drivers\MGHwCtrl.sys [2005-10-20 11:04]
S3 NBXG7031;NB 802.11g XG703 SP1 Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2004-09-17 11:56]
S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 13:00]
S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 13:00]
S3 p2psvc;Réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 13:00]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 02:13]
S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\system32\svchost.exe [2004-08-05 13:00]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]
S3 wampapache;wampapache;"c:\wamp\apache2\bin\httpd.exe" [2007-01-09 23:17]
S3 wampmysqld;wampmysqld;c:\wamp\mysql\bin\mysqld-nt.exe [2007-07-06 12:14]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d431fb40-a38a-11d9-b5b0-806d6172696f}]
\Shell\AutoRun\command - G:\setupSNK.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-10 17:00:00 C:\WINDOWS\Tasks\AAA4211091C7DC78.job"
- c:\docume~1\julien\applic~1\creati~1\Gpl Exit Army.exe
"2008-02-10 16:59:05 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-10 18:06:00
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-02-10 18:07:29
ComboFix-quarantined-files.txt 2008-02-10 17:07:06
.
2008-01-23 16:09:33 --- E O F ---
0
Réponse 17 / 19
Utilisateur anonyme
10 févr. 2008 à 18:27
combofix as bien travaille par contre n'utilise pas tes support amovible combo as as supprime un jolis vers donc attend avant d'utiliser une cles usb ou ou disque dure externe , je m'informe sur un desinfectant
0
Réponse 18 / 19
Utilisateur anonyme
10 févr. 2008 à 18:35
-> Flash_Disinfector de sUBs:
http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe
utilisation:
Télécharge et enregistre Flash_Disinfector.exe sur votre bureau.
Double clique sur Flash_Disinfector.exe pour le lancer.
Quand le message : "Plug in yours flash drive & clic Ok to begin disinfection" apparaitra :
Connecte tes clé USB et/ou périphériques USB externes susceptibles d'avoir été infectés.
Puis clique sur Ok
Les icônes sur le bureau vont disparaitre jusqu'à l'apparition du message: "Done!!"
Appuyes ensuite sur "Ok", pour faire réapparaitre le bureau.

Avant de passer un de ces outils, assures-toi d'avoir fermé tous les programmes en cours d'exécution et connecté au pc tous les périphériques externes qui auraient pu être contaminés.(Disques dur, clé USB, Ipod...).
0
Réponse 19 / 19
Hollow
10 févr. 2008 à 18:39
D'accord, je te remercie pour l'aide que tu m'as fourni.
0

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport
Utilisateur anonyme -
TomH. -

13 réponses
écrire un rapport de travail
asi -
REGINALD -

3 réponses
1fichier.com et bloqueur de pub
anthea1309 -
Patoche12 -

60 réponses
impossible d'afficher le tableau dynamique sur un rapport existant
Pierre -
Adrien71 -

3 réponses
Accés au cloud
Dadou1968 -
loisou17 -

3 réponses