Sujet Précédent Sujet Suivant

Jf attaquée par des vilains virus ?

Résolu
kristella Messages postés 48 Statut Membre -  
g!rly Messages postés 18462 Statut Contributeur -
Bonjour a tous
j'ai depuis quelques temps pas mal de problèmes sur mon pc: les programmes ferments seuls, par exemple windows live messenger ne tient que 4 min et puis ça coupe, le graveur même chose en cours d'exécution, mon ordi est très lent, la connexion automatique à internet au démarrage ne se fait plus, il plante souvent etc... J'avais NIS 2007 mais au moment du réabonnement je n'ai pas pus activer norton. Actuellement j'ai donc antivir, spybot et zone alarm. Si quelqu'un pouvait me dire ce que je peux faire, ça m'aiderait beaucoup. Merci d'avance
A voir également:

83 réponses

Précédent
Réponse 41 / 83
kristella Messages postés 48 Statut Membre
 
bonsoir
j'ai réussi je crois à installer IE7 après plusieurs tentatives . C'est de pire en pire , mon ordi plante sans arrêt ce qu'il ne faisait pas avant . J'ai fait une analyse sur virustotal que je joint. J'ai fait aussi les mises a jours de windows mais il y a 2 mises a jours qui ne s'installent pas :
Microsoft .NET Framework 2.0 Service Pack 1 (KB110806)
Definition Update for Windows Defender - KB915597 (Definition 1.27.6677.0)

et une restante :
Windows Genuine Advantage Validation Tool (KB892130)

Je ne sais pas si c'est important ou pas.

Voici le rapport virustotal :

Fichier unins000.exe reçu le 2008.02.15 22:20:38 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE

Résultat: 0/32 (0%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 4.
L'heure estimée de démarrage est entre 47 et 68 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.2.16.10 2008.02.15 -
AntiVir 7.6.0.67 2008.02.15 -
Authentium 4.93.8 2008.02.15 -
Avast 4.7.1098.0 2008.02.14 -
AVG 7.5.0.516 2008.02.15 -
BitDefender 7.2 2008.02.15 -
CAT-QuickHeal None 2008.02.15 -
ClamAV 0.92.1 2008.02.15 -
DrWeb 4.44.0.09170 2008.02.15 -
eSafe 7.0.15.0 2008.02.14 -
eTrust-Vet 31.3.5539 2008.02.15 -
Ewido 4.0 2008.02.15 -
FileAdvisor 1 2008.02.15 -
Fortinet 3.14.0.0 2008.02.15 -
F-Prot 4.4.2.54 2008.02.14 -
F-Secure 6.70.13260.0 2008.02.15 -
Ikarus T3.1.1.20 2008.02.15 -
Kaspersky 7.0.0.125 2008.02.15 -
McAfee 5231 2008.02.15 -
Microsoft 1.3204 2008.02.14 -
NOD32v2 2880 2008.02.15 -
Norman 5.80.02 2008.02.15 -
Panda 9.0.0.4 2008.02.15 -
Prevx1 V2 2008.02.15 -
Rising 20.31.30.00 2008.02.14 -
Sophos 4.26.0 2008.02.15 -
Sunbelt 2.2.907.0 2008.02.14 -
Symantec 10 2008.02.15 -
TheHacker 6.2.9.221 2008.02.15 -
VBA32 3.12.6.1 2008.02.14 -
VirusBuster 4.3.26:9 2008.02.15 -
Webwasher-Gateway 6.6.2 2008.02.15 -
Information additionnelle
File size: 80014 bytes
MD5: 89f1693bca5d6ab02ff206dd2ab51b7a
SHA1: d32ab0a9877aee0e2faab96efce167b3c8e5b660
PEiD: -

Je fait le reste et je poste les rapports .

@+
0
Réponse 42 / 83
Utilisateur anonyme
 
Bonsoir,

Bref c'est la derme...

Pourtant on a que fait du ménage.

J'attends ton HijackT pour voir...

A+
0
Réponse 43 / 83
kristella Messages postés 48 Statut Membre
 
coucou

pas très rassurant ton dernier message.
J'ai un probleme pour télécharger SmitfraudFix, antivir refuse le téléchargement a cause de virus ou fichier non autorisé . Que dois-je faire ?

@+
0
Utilisateur anonyme
 
Tu peux l'accepter c'est un faux positif : un programme considérer comme un virus alors que non.

Pas de panique...t'es sur CCM...

Vas-y... No sushis..

+
0
Réponse 44 / 83
kristella Messages postés 48 Statut Membre
 
coucou

voila la suite de mes rapports

ComboFix 07-08-09.3 - "papa" 2008-02-15 23:06:41.2 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.489 [GMT 1:00]

((((((((((((((((((((((((( Files Created from 2008-01-15 to 2008-02-15 )))))))))))))))))))))))))))))))

2008-02-15 22:44 <REP> d-------- C:\6d289fc31e2a71b0ecbb01fca2ec
2008-02-15 22:05 <REP> d-------- C:\6c9390cd3b39235496d2f38eee
2008-02-15 21:45 <REP> d-------- C:\16a6e7dd62eef4c20b2cae9727048a
2008-02-15 21:43 <REP> d-------- C:\667c47b1150e918725f9c2c272bafc
2008-02-15 21:31 <REP> d-------- C:\d546504da604f04bd53437d754a9
2008-02-14 23:25 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-02-14 23:19 <REP> d-------- C:\a027c1bcb747e7953e
2008-02-14 23:11 <REP> d-------- C:\edd968c8e339fb441d7ca26ab327
2008-02-14 23:05 <REP> d-------- C:\103757d394d7d3dbb8
2008-02-14 23:00 <REP> d-------- C:\91dde87893f4f09ded31
2008-02-14 22:59 <REP> d-------- C:\e8b1c24fd87c72ae5d
2008-02-14 22:53 <REP> d-------- C:\5fb102e15818b7b37a210dc17d4f381e
2008-02-14 21:19 <REP> d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\You've Got Pictures Screensaver
2008-02-14 15:18 51,200 --a------ C:\WINDOWS\nircmd.exe
2008-02-14 11:45 218 --a------ C:\WINDOWS\system32\drivers\atmapi.sys
2008-02-14 11:33 <REP> d-------- C:\WINDOWS\ERUNT
2008-02-11 21:13 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-11 19:20 <REP> d-------- C:\Program Files\IZArc
2008-02-10 15:30 <REP> d-------- C:\Program Files\CCleaner
2008-02-10 15:05 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-10 14:00 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-10 14:00 3,453 --a------ C:\WINDOWS\unins000.dat
2008-02-07 09:44 <REP> d-------- C:\DOCUME~1\papa\APPLIC~1\SupportSoft
2008-02-05 22:31 10,885,152 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-05 22:21 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-02-05 22:21 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-02-05 22:21 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-02-05 22:21 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-02-05 22:21 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-02-05 22:21 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-02-05 22:21 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-02-05 22:21 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
2008-02-05 22:20 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-02-05 22:20 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-02-05 22:19 <REP> d-------- C:\WINDOWS\Internet Logs
2008-02-05 22:01 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-05 18:35 <REP> d-------- C:\Program Files\Windows Defender
2008-02-05 12:17 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-05 12:17 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-05 00:17 <REP> d-------- C:\Program Files\Lavasoft
2008-02-04 22:16 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-04 22:16 <REP> d-------- C:\Program Files\Windows Live
2008-02-04 22:13 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
2008-02-04 12:45 1,048,576 --ah----- C:\DOCUME~1\ADMINI~1.100\NTUSER.DAT
2008-02-04 12:45 <REP> dr------- C:\DOCUME~1\ADMINI~1.100\Mes documents
2008-02-04 12:45 <REP> dr------- C:\DOCUME~1\ADMINI~1.100\Menu D‚marrer
2008-02-04 12:45 <REP> dr------- C:\DOCUME~1\ADMINI~1.100\Favoris
2008-02-04 12:45 <REP> dr------- C:\DOCUME~1\ADMINI~1.100\Bureau
2008-02-04 12:45 <REP> d--h----- C:\DOCUME~1\ADMINI~1.100\Voisinage r‚seau
2008-02-04 12:45 <REP> d--h----- C:\DOCUME~1\ADMINI~1.100\Voisinage d'impression
2008-02-04 12:45 <REP> d--h----- C:\DOCUME~1\ADMINI~1.100\ModŠles
2008-02-04 12:45 <REP> d-------- C:\DOCUME~1\ADMINI~1.100\APPLIC~1\You've Got Pictures Screensaver
2008-02-03 23:42 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2008-02-03 23:42 <REP> dr------- C:\DOCUME~1\ADMINI~1\Mes documents
2008-02-03 23:42 <REP> dr------- C:\DOCUME~1\ADMINI~1\Menu D‚marrer
2008-02-03 23:42 <REP> dr------- C:\DOCUME~1\ADMINI~1\Favoris
2008-02-03 23:42 <REP> dr------- C:\DOCUME~1\ADMINI~1\Bureau
2008-02-03 23:42 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage r‚seau
2008-02-03 23:42 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage d'impression
2008-02-03 23:42 <REP> d--h----- C:\DOCUME~1\ADMINI~1\ModŠles
2008-02-03 23:42 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\You've Got Pictures Screensaver
2008-02-03 23:38 <REP> d-------- C:\WINDOWS\pss
2008-02-03 23:06 <REP> d-------- C:\WINDOWS\network diagnostic
2008-02-03 23:04 <REP> d-------- C:\c1b8d6d26461da3b8c98
2008-02-03 23:00 <REP> d-------- C:\69c883eeb0aeb55c8674
2008-02-03 21:25 <REP> d-------- C:\Program Files\Trend Micro
2008-02-02 18:08 <REP> d-------- C:\Program Files\Avira
2008-02-02 18:08 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
2008-02-02 09:12 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2008-01-31 19:15 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2008-01-30 22:18 <REP> d-------- C:\Program Files\Alwil Software
2008-01-30 21:33 357,768 --a------ C:\DOCUME~1\papa\SymXPep2.dll
2008-01-24 16:01 <REP> d-------- C:\DOCUME~1\papa\APPLIC~1\Symantec
2008-01-24 15:59 <REP> d-------- C:\Program Files\Windows Sidebar
2008-01-24 15:53 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared
2008-01-20 14:45 185,344 --a------ C:\WINDOWS\system32\nvrsma.dll
2008-01-20 01:07 <REP> d-------- C:\Program Files\Axis Communications

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2008-02-15 23:05 --------- d-------- C:\Program Files\Wanadoo
2008-02-15 22:58 128492 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-15 22:48 77476 --a------ C:\WINDOWS\system32\perfc00C.dat
2008-02-15 22:48 474972 --a------ C:\WINDOWS\system32\perfh00C.dat
2008-02-13 22:02 --------- d-------- C:\Program Files\eMule
2008-02-05 21:35 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-02-05 21:35 10740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-20 14:45 578560 --a------ C:\WINDOWS\system32\user32.dll
2008-01-20 14:45 578560 --a------ C:\WINDOWS\system32\dllcache\user32.dll
2008-01-11 06:36 44544 --a------ C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-22 07:05 --------- d-------- C:\Program Files\Google
2007-12-19 23:53 347136 --a------ C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 10:51 179584 --a------ C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-18 10:51 179584 --------- C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-08 06:08 3592192 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-07 03:08 824832 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-12-07 03:08 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-12-07 03:08 63488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-07 03:08 6066176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-07 03:08 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-07 03:08 478208 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-12-07 03:08 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-07 03:08 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-12-07 03:08 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-12-07 03:08 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-07 03:08 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-12-07 03:08 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-07 03:08 233472 --------- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-12-07 03:08 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-12-07 03:08 214528 --a------ C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-12-07 03:08 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-12-07 03:08 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-12-07 03:08 133120 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-12-07 03:08 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll
2007-12-07 03:08 1159680 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-12-07 03:08 105984 --------- C:\WINDOWS\system32\dllcache\url.dll
2007-12-07 03:08 102912 --------- C:\WINDOWS\system32\dllcache\occache.dll
2007-12-07 02:07 474624 --------- C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-12-07 02:07 152064 --------- C:\WINDOWS\system32\dllcache\cdfview.dll
2007-12-07 02:07 1495040 --------- C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-12-07 02:07 1056768 --------- C:\WINDOWS\system32\dllcache\danim.dll
2007-12-07 02:07 1024000 --------- C:\WINDOWS\system32\dllcache\browseui.dll
2007-12-06 12:03 625664 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 12:02 70656 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 12:00 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 05:59 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 19:41 550912 --a------ C:\WINDOWS\system32\oleaut32.dll
2007-12-04 19:41 550912 --------- C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-03-13 21:20 36289 --a--c--- C:\WINDOWS\Fonts.\unins000.dat
2004-02-11 04:00 80014 --a------ C:\WINDOWS\Fonts.\unins000.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 13:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 16:07 C:\WINDOWS\system32\HdAShCut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-16 15:22]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-02-23 12:40]
"DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 05:15]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 15:50]
"Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 10:43]
"PCMService"="c:\APPS\Powercinema\PCMService.exe" [2006-02-23 11:08]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-23 13:01]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\taskbaricon.exe" [2004-10-05 17:00]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-07-23 13:01]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-02 18:18]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"OoPDFSettingsv6.exe"="C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe" [2003-11-20 10:38]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="C:\APPS\SMP\SmpSys.exe" [2005-11-17 08:51]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-31 16:20]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]
OFFICE One Clock v6.5.lnk - C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe [2007-03-13 21:20:13]
OFFICE One Notes v6.5.lnk - C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe [2007-03-13 21:20:10]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-31 16:20:16]

R1 avgio;avgio;\??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
R1 avipbb;avipbb;C:\WINDOWS\system32\DRIVERS\avipbb.sys
R1 ssmdrv;ssmdrv;C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
R2 USBDeviceService;USBDeviceService;C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
R3 avgntflt;avgntflt;\??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
R3 MTsensor;ATK0100 ACPI UTILITY;C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
R3 rimmptsk;rimmptsk;C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
R3 rimsptsk;rimsptsk;C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
R3 rismxdp;Ricoh xD-Picture Card Driver;C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver;C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
R3 sdbus;sdbus;C:\WINDOWS\system32\DRIVERS\sdbus.sys
R3 smserial;smserial;C:\WINDOWS\system32\DRIVERS\smserial.sys
R3 SynMini;USB2.0 VGA WebCam;C:\WINDOWS\system32\Drivers\SynMini.sys
R3 SynScan;USB2.0 VGA WebCam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver;C:\WINDOWS\system32\DRIVERS\w39n51.sys
S3 sffdisk;Pilote de classe de stockage SFF;C:\WINDOWS\system32\DRIVERS\sffdisk.sys
S3 sffp_sd;Pilote de protocole de stockage SFF pour SDBus;C:\WINDOWS\system32\DRIVERS\sffp_sd.sys

Contents of the 'Scheduled Tasks' folder
2008-02-10 01:03:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-02-11 19:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Effectuer une analyse complète du système - papa.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-15 23:09:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2008-02-15 23:10:19
C:\ComboFix2.txt ... 2008-02-14 15:23

--- E O F ---

SmitFraudFix v2.289

Rapport fait à 23:52:03,79, 15/02/2008
Executé à partir de C:\Documents and Settings\papa\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CS3\Services\Tcpip\..\{A13E465F-E8FC-4E24-8A82-4130649A237B}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:04:51, on 16/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
c:\windows\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\APPS\Powercinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Wanadoo\taskbaricon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\APPS\SMP\SmpSys.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=c:\windows\explorer.exe
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\taskbaricon.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [OoPDFSettingsv6.exe] C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: OFFICE One Clock v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
O4 - Global Startup: OFFICE One Notes v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://camera1.mairie-brest.fr/activex/AMC.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 83
g!rly Messages postés 18462 Statut Contributeur 406
 
Pour suivre

et donner un p´tit coup de pouce

Copie le texte ci-dessous :

File::
C:\6d289fc31e2a71b0ecbb01fca2ec
C:\6c9390cd3b39235496d2f38eee
C:\16a6e7dd62eef4c20b2cae9727048a
C:\667c47b1150e918725f9c2c272bafc
C:\d546504da604f04bd53437d754a9
C:\a027c1bcb747e7953e
C:\edd968c8e339fb441d7ca26ab327
C:\103757d394d7d3dbb8
C:\91dde87893f4f09ded31
C:\e8b1c24fd87c72ae5d
C:\5fb102e15818b7b37a210dc17d4f381e
C:\DOCUME~1\PROPRI~1\APPLIC~1\You've Got Pictures Screensaver

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+
0
Utilisateur anonyme
 
Hé voilou Kristella...

Suis cette procédure ▲ UP ▲ de g!rly pour la suite.

Merci g!rly ;)))

A+
0
Réponse 46 / 83
kristella Messages postés 48 Statut Membre
 
Bonjour à tous

Voici la suite de mes aventures.

Tout d'abord le rapport Combofix. A noter qu'il n'y a pas eu de redémarrage de mon ordi

ComboFix 07-08-09.3 - "papa" 2008-02-16 10:04:06.3 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.507 [GMT 1:00]
Command switches used :: C:\Documents and Settings\papa\Bureau\CFScript.txt
* Created a new restore point

((((((((((((((((((((((((( Files Created from 2008-01-16 to 2008-02-16 )))))))))))))))))))))))))))))))

2008-02-15 23:52 3,410 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-15 22:44 <REP> d-------- C:\6d289fc31e2a71b0ecbb01fca2ec
2008-02-15 22:05 <REP> d-------- C:\6c9390cd3b39235496d2f38eee
2008-02-15 21:45 <REP> d-------- C:\16a6e7dd62eef4c20b2cae9727048a
2008-02-15 21:43 <REP> d-------- C:\667c47b1150e918725f9c2c272bafc
2008-02-15 21:31 <REP> d-------- C:\d546504da604f04bd53437d754a9
2008-02-14 23:25 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-02-14 23:19 <REP> d-------- C:\a027c1bcb747e7953e
2008-02-14 23:11 <REP> d-------- C:\edd968c8e339fb441d7ca26ab327
2008-02-14 23:05 <REP> d-------- C:\103757d394d7d3dbb8
2008-02-14 23:00 <REP> d-------- C:\91dde87893f4f09ded31
2008-02-14 22:59 <REP> d-------- C:\e8b1c24fd87c72ae5d
2008-02-14 22:53 <REP> d-------- C:\5fb102e15818b7b37a210dc17d4f381e
2008-02-14 21:19 <REP> d-------- C:\DOCUME~1\PROPRI~1\APPLIC~1\You've Got Pictures Screensaver
2008-02-14 15:18 51,200 --a------ C:\WINDOWS\nircmd.exe
2008-02-14 11:45 218 --a------ C:\WINDOWS\system32\drivers\atmapi.sys
2008-02-14 11:33 <REP> d-------- C:\WINDOWS\ERUNT
2008-02-11 21:13 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-11 19:20 <REP> d-------- C:\Program Files\IZArc
2008-02-10 15:30 <REP> d-------- C:\Program Files\CCleaner
2008-02-10 15:05 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-10 14:00 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-10 14:00 3,453 --a------ C:\WINDOWS\unins000.dat
2008-02-07 09:44 <REP> d-------- C:\DOCUME~1\papa\APPLIC~1\SupportSoft
2008-02-05 22:31 11,282,464 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-05 22:21 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-02-05 22:21 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-02-05 22:21 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-02-05 22:21 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-02-05 22:21 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-02-05 22:21 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-02-05 22:21 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-02-05 22:21 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
2008-02-05 22:20 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-02-05 22:20 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-02-05 22:19 <REP> d-------- C:\WINDOWS\Internet Logs
2008-02-05 22:01 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-05 18:35 <REP> d-------- C:\Program Files\Windows Defender
2008-02-05 12:17 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-05 12:17 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-05 00:17 <REP> d-------- C:\Program Files\Lavasoft
2008-02-04 22:16 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-04 22:16 <REP> d-------- C:\Program Files\Windows Live
2008-02-04 22:13 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
2008-02-04 12:45 1,048,576 --ah----- C:\DOCUME~1\ADMINI~1.100\NTUSER.DAT
2008-02-04 12:45 <REP> dr------- C:\DOCUME~1\ADMINI~1.100\Mes documents
2008-02-04 12:45 <REP> dr------- C:\DOCUME~1\ADMINI~1.100\Menu D‚marrer
2008-02-04 12:45 <REP> dr------- C:\DOCUME~1\ADMINI~1.100\Favoris
2008-02-04 12:45 <REP> dr------- C:\DOCUME~1\ADMINI~1.100\Bureau
2008-02-04 12:45 <REP> d--h----- C:\DOCUME~1\ADMINI~1.100\Voisinage r‚seau
2008-02-04 12:45 <REP> d--h----- C:\DOCUME~1\ADMINI~1.100\Voisinage d'impression
2008-02-04 12:45 <REP> d--h----- C:\DOCUME~1\ADMINI~1.100\ModŠles
2008-02-04 12:45 <REP> d-------- C:\DOCUME~1\ADMINI~1.100\APPLIC~1\You've Got Pictures Screensaver
2008-02-03 23:42 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2008-02-03 23:42 <REP> dr------- C:\DOCUME~1\ADMINI~1\Mes documents
2008-02-03 23:42 <REP> dr------- C:\DOCUME~1\ADMINI~1\Menu D‚marrer
2008-02-03 23:42 <REP> dr------- C:\DOCUME~1\ADMINI~1\Favoris
2008-02-03 23:42 <REP> dr------- C:\DOCUME~1\ADMINI~1\Bureau
2008-02-03 23:42 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage r‚seau
2008-02-03 23:42 <REP> d--h----- C:\DOCUME~1\ADMINI~1\Voisinage d'impression
2008-02-03 23:42 <REP> d--h----- C:\DOCUME~1\ADMINI~1\ModŠles
2008-02-03 23:42 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\You've Got Pictures Screensaver
2008-02-03 23:38 <REP> d-------- C:\WINDOWS\pss
2008-02-03 23:06 <REP> d-------- C:\WINDOWS\network diagnostic
2008-02-03 23:04 <REP> d-------- C:\c1b8d6d26461da3b8c98
2008-02-03 23:00 <REP> d-------- C:\69c883eeb0aeb55c8674
2008-02-03 21:25 <REP> d-------- C:\Program Files\Trend Micro
2008-02-02 18:08 <REP> d-------- C:\Program Files\Avira
2008-02-02 18:08 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
2008-02-02 09:12 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2008-01-31 19:15 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2008-01-30 22:18 <REP> d-------- C:\Program Files\Alwil Software
2008-01-30 21:33 357,768 --a------ C:\DOCUME~1\papa\SymXPep2.dll
2008-01-24 16:01 <REP> d-------- C:\DOCUME~1\papa\APPLIC~1\Symantec
2008-01-24 15:59 <REP> d-------- C:\Program Files\Windows Sidebar
2008-01-24 15:53 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared
2008-01-20 14:45 185,344 --a------ C:\WINDOWS\system32\nvrsma.dll
2008-01-20 01:07 <REP> d-------- C:\Program Files\Axis Communications

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2008-02-16 10:03 --------- d-------- C:\Program Files\Wanadoo
2008-02-16 09:52 132860 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-15 22:48 77476 --a------ C:\WINDOWS\system32\perfc00C.dat
2008-02-15 22:48 474972 --a------ C:\WINDOWS\system32\perfh00C.dat
2008-02-13 22:02 --------- d-------- C:\Program Files\eMule
2008-02-05 21:35 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-02-05 21:35 10740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-20 14:45 578560 --a------ C:\WINDOWS\system32\user32.dll
2008-01-20 14:45 578560 --a------ C:\WINDOWS\system32\dllcache\user32.dll
2008-01-11 06:36 44544 --a------ C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-22 07:05 --------- d-------- C:\Program Files\Google
2007-12-19 23:53 347136 --a------ C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 10:51 179584 --a------ C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-18 10:51 179584 --------- C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-08 06:08 3592192 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-07 03:08 824832 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-12-07 03:08 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-12-07 03:08 63488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-07 03:08 6066176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-07 03:08 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-07 03:08 478208 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-12-07 03:08 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-07 03:08 44544 --------- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-12-07 03:08 384512 --------- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-12-07 03:08 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-07 03:08 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-12-07 03:08 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-07 03:08 233472 --------- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-12-07 03:08 230400 --------- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-12-07 03:08 214528 --a------ C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-12-07 03:08 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-12-07 03:08 153088 --------- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-12-07 03:08 133120 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-12-07 03:08 124928 --------- C:\WINDOWS\system32\dllcache\advpack.dll
2007-12-07 03:08 1159680 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-12-07 03:08 105984 --------- C:\WINDOWS\system32\dllcache\url.dll
2007-12-07 03:08 102912 --------- C:\WINDOWS\system32\dllcache\occache.dll
2007-12-07 02:07 474624 --------- C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-12-07 02:07 152064 --------- C:\WINDOWS\system32\dllcache\cdfview.dll
2007-12-07 02:07 1495040 --------- C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-12-07 02:07 1056768 --------- C:\WINDOWS\system32\dllcache\danim.dll
2007-12-07 02:07 1024000 --------- C:\WINDOWS\system32\dllcache\browseui.dll
2007-12-06 12:03 625664 --------- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 12:02 70656 --------- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 12:00 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 05:59 161792 --------- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 19:41 550912 --a------ C:\WINDOWS\system32\oleaut32.dll
2007-12-04 19:41 550912 --------- C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-03-13 21:20 36289 --a--c--- C:\WINDOWS\Fonts.\unins000.dat
2004-02-11 04:00 80014 --a------ C:\WINDOWS\Fonts.\unins000.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 13:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 16:07 C:\WINDOWS\system32\HdAShCut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-16 15:22]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-02-23 12:40]
"DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 05:15]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 15:50]
"Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 10:43]
"PCMService"="c:\APPS\Powercinema\PCMService.exe" [2006-02-23 11:08]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-23 13:01]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\taskbaricon.exe" [2004-10-05 17:00]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-07-23 13:01]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-02 18:18]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"OoPDFSettingsv6.exe"="C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe" [2003-11-20 10:38]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="C:\APPS\SMP\SmpSys.exe" [2005-11-17 08:51]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-31 16:20]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]
OFFICE One Clock v6.5.lnk - C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe [2007-03-13 21:20:13]
OFFICE One Notes v6.5.lnk - C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe [2007-03-13 21:20:10]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-31 16:20:16]

R1 avgio;avgio;\??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
R1 avipbb;avipbb;C:\WINDOWS\system32\DRIVERS\avipbb.sys
R1 ssmdrv;ssmdrv;C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
R2 USBDeviceService;USBDeviceService;C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
R3 avgntflt;avgntflt;\??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
R3 MTsensor;ATK0100 ACPI UTILITY;C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
R3 rimmptsk;rimmptsk;C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
R3 rimsptsk;rimsptsk;C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
R3 rismxdp;Ricoh xD-Picture Card Driver;C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver;C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
R3 sdbus;sdbus;C:\WINDOWS\system32\DRIVERS\sdbus.sys
R3 smserial;smserial;C:\WINDOWS\system32\DRIVERS\smserial.sys
R3 SynMini;USB2.0 VGA WebCam;C:\WINDOWS\system32\Drivers\SynMini.sys
R3 SynScan;USB2.0 VGA WebCam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver;C:\WINDOWS\system32\DRIVERS\w39n51.sys
S3 sffdisk;Pilote de classe de stockage SFF;C:\WINDOWS\system32\DRIVERS\sffdisk.sys
S3 sffp_sd;Pilote de protocole de stockage SFF pour SDBus;C:\WINDOWS\system32\DRIVERS\sffp_sd.sys

Contents of the 'Scheduled Tasks' folder
2008-02-10 01:03:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-02-11 19:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Effectuer une analyse complète du système - papa.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-16 10:06:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2008-02-16 10:08:01
C:\ComboFix2.txt ... 2008-02-15 23:10
C:\ComboFix3.txt ... 2008-02-14 15:23

--- E O F ---

et pour suivre le rapport Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:17:32, on 16/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\APPS\Powercinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Wanadoo\taskbaricon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe
C:\APPS\SMP\SmpSys.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=c:\windows\explorer.exe
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\taskbaricon.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [OoPDFSettingsv6.exe] C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: OFFICE One Clock v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
O4 - Global Startup: OFFICE One Notes v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://camera1.mairie-brest.fr/activex/AMC.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 47 / 83
g!rly Messages postés 18462 Statut Contributeur 406
 
Salut kristella,

Performe un scan complet de ta machine a l´aide d´antivir avec les reglagles ci dessous :

une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes :
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

Post le rapport obtenu ici stp

@+
0
Réponse 48 / 83
kristella Messages postés 48 Statut Membre
 
bonjour

antivir n'arrive pas a terminer le scan. Il se bloque apparemment à 99,8%. Ca fait presue 5h30 qu'il a commencé. Que dois-je faire ?

@+
0
Réponse 49 / 83
kristella Messages postés 48 Statut Membre
 
coucou

Il a suffit que je pose la question pour que le scan reprenne !! C'est a n'y rien comprendre . Je vais être patiente je vais attendre qua ça se termine et ensuite poster le rapport.

@+
0
Utilisateur anonyme
 
Salut Kristella,

Tant mieux pour Antivir.

Je pense que c'est la mise en veille automatique de ton PC qui a posé ce problème.

@ bientôt

Dl.
0
kristella Messages postés 48 Statut Membre > Utilisateur anonyme
 
bonsoir Dlld


Je ne reçois plus tes bons conseils, mes problèmes ont finis par te lasser ?

Je ne sais toujours pas comment faire pour nettoyer mon ordi de ces saletés qu'il a attrapé.

@+
0
Réponse 50 / 83
kristella Messages postés 48 Statut Membre
 
bonjour Dlld

Ca y est antivir a terminé. Voici le rapport

AntiVir PersonalEdition Classic
Report file date: dimanche 17 février 2008 10:34

Scanning for 1110498 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: 100391300328

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 17:18:16
ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 08/02/2008 09:24:29
ANTIVIR3.VDF : 7.0.2.147 199168 Bytes 15/02/2008 17:10:29
AVEWIN32.DLL : 7.6.0.67 3293696 Bytes 15/02/2008 17:10:29
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 02/02/2008 17:18:18
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high

Start of the scan: dimanche 17 février 2008 10:34

Starting search for hidden objects.
'49339' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'oonotesv65.exe' - '1' Module(s) have been scanned
Scan process 'ooneclockv65.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'SMPSYS.EXE' - '1' Module(s) have been scanned
Scan process 'OoPDFSettingsv6.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'ATKOSD.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'realplay.exe' - '1' Module(s) have been scanned
Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'Monitor.exe' - '1' Module(s) have been scanned
Scan process 'issch.exe' - '1' Module(s) have been scanned
Scan process 'DetectorApp.exe' - '1' Module(s) have been scanned
Scan process 'HControl.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'CLSched.exe' - '1' Module(s) have been scanned
Scan process 'USBDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
Scan process 'CLMLServer.exe' - '1' Module(s) have been scanned
Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '0' Module(s) have been scanned
Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
51 processes with 51 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
Master boot sector HD1
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '38' files ).

Starting the file scan:

Begin scan in 'C:\' <HDD>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\47d64b10.qua
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ria
[INFO] The file was moved to '481c0442.qua'!
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP313\A0085514.exe
[DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.41
[INFO] The file was moved to '47e81e51.qua'!
C:\WINDOWS\system32\nvrsma.dll
[WARNING] The file could not be opened!

End of the scan: dimanche 17 février 2008 16:17
Used time: 5:43:40 min

The scan has been done completely.

7210 Scanning directories
246034 Files were scanned
2 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
246032 Files not concerned
9719 Archives were scanned
3 Warnings
1 Notes
49339 Objects were scanned with rootkit scan
0 Hidden objects were found

Je ne suis pas très douée mais il me semble qu'il a détecté 2 virus

@+
0
Réponse 51 / 83
Utilisateur anonyme
 
Re, ;)

Ok mais pas de problème pour les deux trouvailles d'Antivir : il les a renommé...

Par contre ce qui m'inquiète plus c'est :

[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015

et

C:\WINDOWS\system32\nvrsma.dll
[WARNING] The file could not be opened!

Alors,
> Rends toi ensuite sur ce site virustotal et fais analyser le fichier suivant stp :
(Si problème : http://pageperso.aol.fr/loraline60/virus_total.htm )

C:\WINDOWS\system32\nvrsma.dll

et poste le resultat par copier/coller stp.

A+

:)
0
Réponse 52 / 83
g!rly Messages postés 18462 Statut Contributeur 406
 
bonjour kristella.

Ton probleme a l´air tres serieux ;-(

Comme tu l´as bien vu : il y a deux virus, oui; mais le probleme est qu´antivir detecte qu´il est lui meme infecté?!

on ne va decreter de suite le pire des scenario; mais j´en ai bien peur. Poste un nouveau hijack this stp

@+
0
Réponse 53 / 83
kristella Messages postés 48 Statut Membre
 
coucou DllD

Tes propos ne me rassurent pas mais je me doutais un peu que ca n'allait pas être simple vu tout ce que j'ai fait jusqu'à présent sans que les problèmes ne soient résolus. Merci en tout cas de me consacrer un peu de ton temps.

je te poste donc un nouveau rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:44:20, on 17/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
c:\windows\explorer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\APPS\Powercinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Wanadoo\taskbaricon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe
C:\APPS\SMP\SmpSys.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=c:\windows\explorer.exe
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\taskbaricon.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [OoPDFSettingsv6.exe] C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: OFFICE One Clock v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
O4 - Global Startup: OFFICE One Notes v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://camera1.mairie-brest.fr/activex/AMC.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 54 / 83
kristella Messages postés 48 Statut Membre
 
coucou DllD

Tes propos ne me rassurent pas mais je me doutais un peu que ca n'allait pas être simple vu tout ce que j'ai fait jusqu'à présent sans que les problèmes ne soient résolus. Merci en tout cas de me consacrer un peu de ton temps.

je te poste donc un nouveau rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:44:20, on 17/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
c:\windows\explorer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\APPS\Powercinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Wanadoo\taskbaricon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe
C:\APPS\SMP\SmpSys.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=c:\windows\explorer.exe
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\taskbaricon.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [OoPDFSettingsv6.exe] C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: OFFICE One Clock v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Clock\ooneclockv65.exe
O4 - Global Startup: OFFICE One Notes v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://camera1.mairie-brest.fr/activex/AMC.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 55 / 83
g!rly Messages postés 18462 Statut Contributeur 406
 
bonsoir kristella,

Peux tu desinstaller antivir et le reinstaller et refaire un scan avec et poster le rapport ici stp

https://www.avira.com/ <telecharge le ici

pour le desinstaller passe par le panneau de configuration > ajoue et suppression de programme.

Bonne soirée`

@+
0
Réponse 56 / 83
kristella Messages postés 48 Statut Membre
 
Bonsoir g!rly

j'ai desinstallé antivir et refais un scan comme tu me l'as demandé avec les mêmes réglages que tu m'avais indiqué dans ton message de samedi.

voici le rapport :

AntiVir PersonalEdition Classic
Report file date: dimanche 17 février 2008 21:57

Scanning for 1110678 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: 100391300328

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 20:53:04
ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 08/02/2008 20:53:04
ANTIVIR3.VDF : 7.0.2.148 201216 Bytes 15/02/2008 20:53:04
AVEWIN32.DLL : 7.6.0.67 3293696 Bytes 17/02/2008 20:53:04
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 17/02/2008 20:53:04
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high

Start of the scan: dimanche 17 février 2008 21:57

Starting search for hidden objects.
'50101' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'oonotesv65.exe' - '1' Module(s) have been scanned
Scan process 'ooneclockv65.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'SMPSYS.EXE' - '1' Module(s) have been scanned
Scan process 'OoPDFSettingsv6.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'ATKOSD.exe' - '1' Module(s) have been scanned
Scan process 'realplay.exe' - '1' Module(s) have been scanned
Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'Monitor.exe' - '1' Module(s) have been scanned
Scan process 'issch.exe' - '1' Module(s) have been scanned
Scan process 'DetectorApp.exe' - '1' Module(s) have been scanned
Scan process 'HControl.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'CLSched.exe' - '1' Module(s) have been scanned
Scan process 'USBDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
Scan process 'CLMLServer.exe' - '1' Module(s) have been scanned
Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '0' Module(s) have been scanned
Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
50 processes with 50 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
Master boot sector HD1
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '46' files ).

Starting the file scan:

Begin scan in 'C:\' <HDD>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\nvrsma.dll
[WARNING] The file could not be opened!

End of the scan: dimanche 17 février 2008 23:03
Used time: 1:05:31 min

The scan has been done completely.

7223 Scanning directories
247564 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
247564 Files not concerned
9722 Archives were scanned
3 Warnings
1 Notes
50101 Objects were scanned with rootkit scan
0 Hidden objects were found

@ +
0
Réponse 57 / 83
g!rly Messages postés 18462 Statut Contributeur 406
 
Salut kristella,

Comment se porte ton pc?

@+
0
Réponse 58 / 83
kristella Messages postés 48 Statut Membre
 
Salut g!rly

là je suis au travail donc pas sur mon pc mais d'après ce que j'ai constaté hier soir j'ai toujours les mêmes soucis à savoir les programmes qui ferment tout seuls, le graveur qui me fait n'importe quoi, la lenteur d'exécution pour ouvrir une page, des défauts avec l'imprimante qui me plante tout de temps en temps, la connexion internet qui se faisait automatiquement au démarrage ne se fait plus seule, j'avais une petite fenêtre qui apparaissait quand j'avais du courrier, elle a disparu enfin un tas d choses qui sont désagréables à des degré plus ou moins importants.

Le fait de désinstaller et télécharger Antivir n'a rien changé si c'est le sens de ta question.

Donc pour te repondre mon PC se porte toujours aussi mal

@+
0
Réponse 59 / 83
g!rly Messages postés 18462 Statut Contributeur 406
 
bonsoir,

oui ca fais effectivement beaucoups de disfonctionnements...

Vide tes fichiers temporaires avec ceci:
->Clean Up 40:
http://pageperso.aol.fr/balltrap34/CleanUp40.exe
->aide en image:(merci a Balltrap34)
http://pageperso.aol.fr/balltrap34/democleanup.htm

click sur option et décoche la case devant : delete prefect files

vide le manuellement :

:: Le contenu du dossier prefetch ::

* C:\WINDOWS\Prefetch <= sauf le fichier layout.ini

* Ne pas oublier de vider la corbeille !

puis

telecharge et instal regcleaner:

http://www.01net.com/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/4894.html

tutorial :

http://www.softastuces.com/tuto/maint/regcleaner/

Pour l´imprimente as tu moyen de desinstaller et de reinstaller?

-> je veux dire le programme et les pilotes.

Pour la connection internet la reinstallation resoudra surement egalement le probleme

pour le graveur il faudra surement pensser a aller poster un message sur le forum materiel/hardware de ce meme site.

@+
0
Réponse 60 / 83
kristella Messages postés 48 Statut Membre
 
Bonsoir g!rly

Désolée de n'avoir pas répondu plus tôt mais j'etais de garde hier soir je n'ai pas pu venir avant.

J'ai commencé ce que tu m'a demandé avec clean up mais que dois je faire quand tu me dis de vider manuellement le dossier prefetch ? Celà veut-il dire que je dois "supprimer les différents éléments ?

J'attends ta réponse parce que je ne voudrais pas faire des bêtises.

@+
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses
a quoi sert softonic ?
durup1928 -
jacklyn -

25 réponses