Sujet Précédent Sujet Suivant

Trojan bho abo

Résolu
diremado Messages postés 156 Statut Membre -  
FillPCA Messages postés 2264 Statut Contributeur sécurité -
Bonjour,

Je me traine ce trojan depuis plusieurs jours, detecté et mis en quarantaine par AVG il revient systematiquement. J'ai essayé à peu près tous les anti virus et anti spy sans succès. Pourriez vous m'aider

Je suis sous XP voilà mon dernier Hjthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:53:48, on 22/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
c:\PVSW\Bin\WGE_SRV.EXE
C:\Program Files\Wireless 802.11g Monitor\WLService.exe
C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PVSW\BIN\W3dbsmgr.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\LogProtect\logprotect.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\LogProtect\lpwchdg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=0060928
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {46642524-4A5A-4597-8542-BFF7C05F9834} - C:\WINDOWS\system32\bat.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO Barre de Confiance CM-CIC - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Barre de confiance CM-CIC - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [LogProtect] "C:\Program Files\LogProtect\logprotect.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/fr/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - https://www.epson.eu/support/
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586-jc.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr/configurateur/AccountHelper.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - https://www.photobox.fr/?channel=1005
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: EBP - Pervasive.SQL Workgroup (Pervasive.SQL Workgroup) - Unknown owner - c:\PVSW\Bin\WGE_SRV.EXE
O23 - Service: R54G Wireless Service - Unknown owner - C:\Program Files\Wireless 802.11g Monitor\WLService.exe
O23 - Service: SC Test Branding Service 1 - SC Test Branding 1 - C:\Program Files\Fichiers communs\SC Test Branding 1 Shared\Service\SCTestService1.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 13644 bytes
Configuration: Windows XP
Firefox 2.0.0.12
A voir également:

87 réponses

  • 1
  • 2
  • 3
  • 4
  • 5
Réponse 1 / 87
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

Télécharge DSS (Deckard's System Scanner de Deckard) sur ton Bureau à partir de ce lien :

http://www.techsupportforum.com/sectools/Deckard/dss.exe

Choisis "enregistrer" et "Bureau" comme emplacement.

Ferme toutes les applications en cours (très important, sinon l'ordi peut planter).

Double-clique sur dss.exe pour lancer l'outil.

S'il ne trouve pas HijackThis, clique sur Oui.

Clique sur OK à chaque fois que cela sera demandé.

L'analyse finie, un fichier texte s'affichera. Poste son contenu dans ta réponse.

Le rapport se trouve ici : C:\Deckard\System Scanner\main.txt.
3
Réponse 2 / 87
FillPCA Messages postés 2264 Statut Contributeur sécurité 123
 
Salut,

Pour suivre.

FillPCA
0
Réponse 3 / 87
diremado Messages postés 156 Statut Membre 1
 
Merci de venir à mon aide....

Deckard's System Scanner v20071014.68
Run by luc on 2008-02-22 15:48:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 2 Restore Point(s) --
2: 2008-02-22 14:49:03 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-02-22 07:53:21 UTC - RP1 - Point de vérification système

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as luc.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:50:57, on 22/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
c:\PVSW\Bin\WGE_SRV.EXE
C:\Program Files\Wireless 802.11g Monitor\WLService.exe
C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe
C:\WINDOWS\system32\svchost.exe
c:\PVSW\BIN\W3dbsmgr.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Documents and Settings\luc\Bureau\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\luc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=0060928
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {46642524-4A5A-4597-8542-BFF7C05F9834} - C:\WINDOWS\system32\bat.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO Barre de Confiance CM-CIC - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Barre de confiance CM-CIC - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [LogProtect] "C:\Program Files\LogProtect\logprotect.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/fr/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - https://www.epson.eu/support/
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586-jc.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr/configurateur/AccountHelper.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - https://www.photobox.fr/?channel=1005
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: EBP - Pervasive.SQL Workgroup (Pervasive.SQL Workgroup) - Unknown owner - c:\PVSW\Bin\WGE_SRV.EXE
O23 - Service: R54G Wireless Service - Unknown owner - C:\Program Files\Wireless 802.11g Monitor\WLService.exe
O23 - Service: SC Test Branding Service 1 - SC Test Branding 1 - C:\Program Files\Fichiers communs\SC Test Branding 1 Shared\Service\SCTestService1.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
0
Réponse 4 / 87
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

1) Relance HijackThis.

Choisis Do a scan only

Coche la case devant les lignes suivantes

O2 - BHO: (no name) - {46642524-4A5A-4597-8542-BFF7C05F9834} - C:\WINDOWS\system32\bat.dll

Ferme toutes les fenêtres (hormis HijackThis), y compris ton navigateur.

Clique sur fix checked.

Ferme Hijackthis.

2) télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste Standard List of Files/Folders to be moved.

c:\windows\system32\drivers\yrvlnrib.dat
C:\WINDOWS\system32\bat.dll

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
0
doremado
 
Voilà e résultat. Comme tu n'avais rien précisé je ne l'ai pas effectué en mode sans echec

File/Folder c:\windows\system32\drivers\yrvlnrib.dat not found.
C:\WINDOWS\system32\bat.dll unregistered successfully.
File move failed. C:\WINDOWS\system32\bat.dll scheduled to be moved on reboot.

OTMoveIt2 v1.0.20 log created on 02232008_071201
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 87
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

refais tourner DSS et poste le rapport.
0
Réponse 6 / 87
diremado Messages postés 156 Statut Membre 1
 
Deckard's System Scanner v20071014.68
Run by luc on 2008-02-23 09:19:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as luc.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:19:33, on 23/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
c:\PVSW\Bin\WGE_SRV.EXE
C:\Program Files\Wireless 802.11g Monitor\WLService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
c:\PVSW\BIN\W3dbsmgr.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\NettoyeurDePC\stm.exe
C:\Program Files\NettoyeurDePC\data\GDCW.exe
C:\Documents and Settings\luc\Bureau\ANTI VIRUS SPY\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\luc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=0060928
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {46642524-4A5A-4597-8542-BFF7C05F9834} - C:\WINDOWS\system32\bat.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO Barre de Confiance CM-CIC - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Barre de confiance CM-CIC - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [LogProtect] "C:\Program Files\LogProtect\logprotect.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\NettoyeurDePC\stm.exe" dm=http://nettoyeurdepc.com ad=http://nettoyeurdepc.com sd=http://paylogs.nettoyeurdepc.com
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/fr/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - https://www.epson.eu/support/
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586-jc.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr/configurateur/AccountHelper.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - https://www.photobox.fr/?channel=1005
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BvrpKrnl - Unknown owner - C:\Program Files\WinPhone Ultimate Edition\BVRPKrnl.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: EBP - Pervasive.SQL Workgroup (Pervasive.SQL Workgroup) - Unknown owner - c:\PVSW\Bin\WGE_SRV.EXE
O23 - Service: R54G Wireless Service - Unknown owner - C:\Program Files\Wireless 802.11g Monitor\WLService.exe
O23 - Service: SC Test Branding Service 1 - SC Test Branding 1 - C:\Program Files\Fichiers communs\SC Test Branding 1 Shared\Service\SCTestService1.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
0
Réponse 7 / 87
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

imprime ces instructions car tu n'y auras plus accès

si tu en as une, supprime la version antérieure de Combofix (l'outil est mis à jour très régulièrement)

télécharge combofix (par sUBs)ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

[b]réactive ton parefeu, ton antivirus, la garde de ton antispyware[/b]

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
0
Réponse 8 / 87
diremado Messages postés 156 Statut Membre 1
 
Impossible de copier coller
0
Réponse 9 / 87
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

explique.

Combofix a tourné ?

l'ordi a redémarré ?

tu peux ouvrir le rapport dans le bloc-notes ?

la sélection ne fonctionne pas ?

ni CTRL C, ni CTRL V ?
0
Réponse 10 / 87
diremado Messages postés 156 Statut Membre 1
 
Tout c'est bien passé, mais impossible de copier coller, ni ctrl C ni ctrl V
0
Réponse 11 / 87
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

réponse par oui non :

tu peux ouvrir le rappoirt de combofix avec le bloc notes ?

tu peux sélectionner le texte par Edition puis sélectionner tout ?

tu peux copier par edition puis copier ?

tu peux ouvrir une réponse, faire clic droit avec la souris et cliquer sur "coller ?
0
Réponse 12 / 87
diremado Messages postés 156 Statut Membre 1
 
Je peux faire tout ça mais ne peux "importer" un bloc note jusqu'ailleurs
0
Réponse 13 / 87
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

a quel endroit ça ne se passe pas comme il faut ?
0
Réponse 14 / 87
diremado Messages postés 156 Statut Membre 1
 
Quand j'ai fais mon copier et que j arrive sur le forum il ne propose plus rien à coller
0
Réponse 15 / 87
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
re,

fais ça :

>> démarrer >> exécuter >> tape ceci >> clipbrd.exe

quelque chose dans le presse-papier ?
0
Réponse 16 / 87
diremado Messages postés 156 Statut Membre 1
 
Rien dans le presse papier
0
Réponse 17 / 87
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

tu as un autre éditeur de texte ?

si oui, essaye avec lui.
0
Réponse 18 / 87
diremado Messages postés 156 Statut Membre 1
 
Non. Et même le copier coller du presse papier dans word ne marche pas. Je ne peux pas envoyer directement le fichier par mail ou en insertion sur le forum ?
0
Réponse 19 / 87
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

tu as le CD de windows (avec le SP2) ?
0
Réponse 20 / 87
diremado
 
Maintenant ça marche. Je n'ai rien fais de spécial et depuis deux trois jours je n'ai plus jamais d'alerte virus

Ce rapport combo étant celui de la semaine dernière

ComboFix 08-02-23 - luc 2008-02-23 9:39:58.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.580 [GMT 1:00]
Endroit: C:\Documents and Settings\luc\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\luc\Application Data\inst.exe
C:\WINDOWS\system32\bat.dll . . . . Echec de suppression

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\nm

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-23 to 2008-02-23 ))))))))))))))))))))))))))))))))))))
.

2008-02-23 08:17 . 2008-02-23 08:17 <REP> d-------- C:\Program Files\Callserve
2008-02-23 08:17 . 2008-02-23 08:17 <REP> d-------- C:\Program Files\Avanquest update
2008-02-23 08:16 . 2008-02-23 08:16 <REP> d-------- C:\Program Files\WinPhone Ultimate Edition
2008-02-23 08:16 . 2008-02-23 08:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-02-23 08:16 . 2003-05-22 00:18 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-02-23 07:31 . 2008-02-23 07:31 <REP> d-------- C:\Documents and Settings\luc\Application Data\NettoyeurDePC
2008-02-23 07:26 . 2008-02-23 07:26 <REP> d-------- C:\Program Files\Fichiers communs\NettoyeurDePC
2008-02-23 07:26 . 2008-02-23 07:26 <REP> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-02-23 07:26 . 2008-02-23 07:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NettoyeurDePC
2008-02-23 07:26 . 2008-02-23 07:26 255,000 --a------ C:\Documents and Settings\luc\Application Data\installer_fr[1].exe
2008-02-22 15:48 . 2008-02-22 15:48 <REP> d-------- C:\Program Files\Unlocker
2008-02-22 15:48 . 2008-02-22 15:48 <REP> d-------- C:\Deckard
2008-02-22 14:55 . 2008-02-23 07:33 125 --a------ C:\ioSpecial.ini
2008-02-22 14:44 . 2008-02-22 14:56 <REP> d-------- C:\QI98
2008-02-22 14:44 . 2008-02-22 14:44 13 -r-h----- C:\WINDOWS\Vgaqisys.dat
2008-02-22 14:43 . 2008-02-22 14:43 <REP> d-------- C:\SetupQI
2008-02-21 23:00 . 2008-02-21 23:00 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-02-21 23:00 . 2008-02-23 09:46 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-21 22:56 . 2008-02-21 22:56 <REP> d-------- C:\Program Files\vanBasco's Karaoke Player
2008-02-21 22:56 . 2008-02-21 22:56 <REP> d-------- C:\Program Files\Posh Shop
2008-02-21 22:56 . 2008-02-21 22:56 <REP> d-------- C:\Program Files\Netdraw
2008-02-21 22:56 . 2008-02-21 22:56 <REP> d-------- C:\Program Files\Fichiers communs\Oberon Media
2008-02-21 22:56 . 2008-02-21 22:56 <REP> d-------- C:\Program Files\Fichiers communs\Doblon
2008-02-21 22:53 . 2008-02-21 22:53 <REP> d-------- C:\Program Files\Gamenext
2008-02-21 22:53 . 2008-02-21 22:53 <REP> d-------- C:\Program Files\fnacVOD
2008-02-21 22:53 . 2008-02-21 22:53 <REP> d-------- C:\Program Files\CyberLink
2008-02-21 22:53 . 2008-02-21 22:53 <REP> d-------- C:\Program Files\Boonty
2008-02-21 22:53 . 2008-02-21 22:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Zylom
2008-02-21 22:53 . 2008-02-21 22:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SugarGames
2008-02-21 22:53 . 2008-02-21 22:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-02-21 22:53 . 2008-02-21 22:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Oberon Games
2008-02-21 22:53 . 2008-02-21 22:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NannyMania
2008-02-21 22:53 . 2008-02-21 22:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\My Games
2008-02-21 22:52 . 2008-02-21 22:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\iWin
2008-02-21 22:52 . 2008-02-21 22:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\EBP
2008-02-21 22:52 . 2008-02-21 22:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-02-21 22:52 . 2008-02-21 22:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BOONTY
2008-02-21 22:02 . 2008-02-21 22:02 268 --ah----- C:\sqmdata11.sqm
2008-02-21 22:02 . 2008-02-21 22:02 244 --ah----- C:\sqmnoopt11.sqm
2008-02-21 19:34 . 2008-02-21 19:34 268 --ah----- C:\sqmdata10.sqm
2008-02-21 19:34 . 2008-02-21 19:34 244 --ah----- C:\sqmnoopt10.sqm
2008-02-21 17:33 . 2008-02-21 17:33 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Grisoft
2008-02-21 17:30 . 2008-02-21 17:30 268 --ah----- C:\sqmdata09.sqm
2008-02-21 17:30 . 2008-02-21 17:30 244 --ah----- C:\sqmnoopt09.sqm
2008-02-21 17:28 . 2008-02-21 17:28 <REP> d-------- C:\Documents and Settings\luc\Application Data\Grisoft
2008-02-21 17:28 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-21 15:09 . 2008-02-21 22:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-02-21 14:43 . 2008-02-21 14:43 <REP> d-------- C:\Program Files\SpywareBlaster
2008-02-21 14:43 . 2008-02-21 14:43 <REP> d-------- C:\Documents and Settings\luc\Application Data\SUPERAntiSpyware.com
2008-02-21 14:43 . 2008-02-21 14:43 <REP> d-------- C:\Documents and Settings\luc\Application Data\PC Tools
2008-02-21 14:42 . 2008-02-21 14:46 <REP> d-------- C:\Program Files\Spyware Doctor
2008-02-21 14:42 . 2008-02-21 14:42 <REP> d-------- C:\Program Files\PonyGirl2
2008-02-21 14:42 . 2008-02-21 14:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-21 14:41 . 2008-02-22 08:59 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-21 14:41 . 2008-02-21 14:43 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-21 14:41 . 2008-02-21 22:17 <REP> d-------- C:\Program Files\Sallys Salon
2008-02-21 14:41 . 2008-02-21 14:41 <REP> d-------- C:\Program Files\Incredijeux
2008-02-21 14:41 . 2008-02-21 15:12 <REP> d-------- C:\Program Files\Hitman Pro
2008-02-21 14:41 . 2008-02-21 14:41 <REP> d-------- C:\Program Files\Fichiers communs\Knowledge Adventure
2008-02-21 14:41 . 2008-02-21 14:41 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2008-02-21 14:41 . 2008-02-21 14:41 <REP> d-------- C:\Program Files\Doblon
2008-02-21 14:41 . 2008-02-21 14:41 <REP> d-------- C:\Program Files\DaemonTools_WhenUSave_Installer
2008-02-21 14:41 . 2008-02-21 14:41 <REP> d-------- C:\Program Files\DAEMON Tools
2008-02-21 14:41 . 2008-02-21 14:41 <REP> d-------- C:\Program Files\Corel Corporation
2008-02-21 14:41 . 2008-02-21 14:41 <REP> d-------- C:\Program Files\Corel
2008-02-21 14:41 . 2008-02-21 14:41 <REP> d-------- C:\Program Files\CDBurnerXP Pro 3
2008-02-21 14:41 . 2008-02-21 14:41 <REP> d-------- C:\Program Files\CDBurnerXP
2008-02-21 14:41 . 2008-02-21 14:41 <REP> d-------- C:\Program Files\Caere
2008-02-21 14:41 . 2008-02-21 14:41 <REP> d-------- C:\Program Files\BoontyGames
2008-02-21 14:41 . 2008-02-21 14:41 <REP> d-------- C:\Program Files\Apple Software Update
2008-02-21 13:05 . 2008-02-21 13:05 <REP> d-------- C:\Temp
2008-02-20 10:53 . 2008-02-20 10:53 38,468 --a------ C:\WINDOWS\Administrateur.acl
2008-02-20 09:41 . 2008-02-20 09:41 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-02-20 09:41 . 2008-02-21 13:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-20 09:41 . 2008-02-21 13:00 1,102,112 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-20 09:41 . 2008-02-20 09:49 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-02-20 09:41 . 2008-02-20 09:41 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-02-20 09:41 . 2008-02-21 13:00 14,880 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-20 09:41 . 2008-02-21 13:00 14,504 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-20 09:41 . 2008-02-21 13:00 1,772 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-20 09:30 . 2008-02-20 09:30 <REP> d-------- C:\kav
2008-02-20 08:27 . 2008-02-21 14:43 <REP> d-------- C:\Program Files\Winsos(2)
2008-02-20 08:12 . 2008-02-21 14:44 <REP> d-------- C:\Program Files\SoundTaxi
2008-02-11 18:25 . 2008-02-11 18:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-11 18:25 . 2008-02-11 18:25 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-10 10:11 . 2008-02-21 22:38 <REP> d-------- C:\Program Files\musicMe
2008-02-09 11:41 . 2008-02-21 22:41 <REP> d-------- C:\Program Files\EA GAMES(2)
2008-02-08 17:58 . 2008-02-08 17:58 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-08 17:57 . 2008-02-08 17:57 <REP> d-------- C:\My Music
2008-02-08 17:57 . 2008-02-08 17:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-08 17:57 . 2008-02-08 17:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-02-08 16:18 . 2008-02-08 16:18 268 --ah----- C:\sqmdata08.sqm
2008-02-08 16:18 . 2008-02-08 16:18 244 --ah----- C:\sqmnoopt08.sqm
2008-02-08 12:27 . 2008-02-08 12:27 268 --ah----- C:\sqmdata07.sqm
2008-02-08 12:27 . 2008-02-08 12:27 244 --ah----- C:\sqmnoopt07.sqm
2008-02-08 08:34 . 2008-02-08 08:34 <REP> d-------- C:\Documents and Settings\luc\Application Data\BitDefender
2008-02-08 08:32 . 2008-02-08 08:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-02-08 08:31 . 2008-02-21 15:08 <REP> d-------- C:\Program Files\Fichiers communs\BitDefender

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-23 07:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-23 06:33 --------- d-----w C:\Program Files\eMule
2008-02-22 15:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-22 14:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-02-21 21:59 --------- d-----w C:\Documents and Settings\luc\Application Data\NetAppel
2008-02-21 21:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-21 21:53 --------- d-----w C:\Program Files\Lavasoft
2008-02-21 21:47 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-02-21 21:41 --------- d-----w C:\Documents and Settings\MANON & DORIANE\Application Data\AVG7
2008-02-21 21:34 --------- d-----w C:\Program Files\EBP
2008-02-21 21:10 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-21 21:09 --------- d-----w C:\Documents and Settings\luc\Application Data\Lavasoft
2008-02-21 21:09 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\AVG7
2008-02-21 21:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-21 16:15 19,584 ----a-w C:\WINDOWS\system32\drivers\yrvlnrib.dat
2008-02-21 13:43 --------- d-----w C:\Program Files\Yahoo!
2008-02-20 07:00 --------- d-----w C:\Documents and Settings\luc\Application Data\AVG7
2008-02-08 16:57 --------- d-----w C:\Program Files\VSO
2008-02-08 16:57 --------- d-----w C:\Program Files\QuickTime
2008-02-07 09:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-18 09:18 --------- d-----w C:\Documents and Settings\luc\Application Data\Skype
2008-01-18 07:08 --------- d-----w C:\Documents and Settings\luc\Application Data\skypePM
2008-01-17 12:37 --------- d-----w C:\Documents and Settings\luc\Application Data\VoipBuster
2007-12-27 15:02 --------- d-----w C:\Documents and Settings\luc\Application Data\My Games
2007-12-27 15:01 --------- d-----w C:\Program Files\ReflexiveArcade
2007-12-23 09:18 47,360 ----a-w C:\Documents and Settings\luc\Application Data\pcouffin.sys
2007-12-23 09:18 --------- d-----w C:\Documents and Settings\luc\Application Data\Vso
2007-12-23 09:14 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-11-30 16:36 526 ----a-w C:\Documents and Settings\luc\Application Data\wklnhst.dat
2007-11-22 16:56 56 --sh--r C:\WINDOWS\system32\93318A3CB8.sys
2007-11-22 16:56 6,060 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{46642524-4A5A-4597-8542-BFF7C05F9834}]
2004-08-05 12:00 100608 --a------ C:\WINDOWS\system32\bat.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 08:06 68856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-08-16 16:19 5728112]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-11-22 17:10 787696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-19 15:37 196608]
"LogProtect"="C:\Program Files\LogProtect\logprotect.exe" [2007-04-19 15:46 2457600]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 20:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 20:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 20:50 114688]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-29 18:03 579072]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19 15872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 12:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-29 18:03 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"shutdownnotificationflags"= 1308616713 (0x4dffe809)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Documents and Settings\\luc\\Bureau\\incredimail_install.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\WinPhone Ultimate Edition\\winphone.exe"=
"C:\\Program Files\\WinPhone Ultimate Edition\\BvrpKrnl.exe"=
"C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"135:TCP"= 135:TCP:Port DCOM (135)

R0 bohccufv;bohccufv;C:\WINDOWS\system32\drivers\yrvlnrib.dat []
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 13:46]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 08:34]
R2 Pervasive.SQL Workgroup;EBP - Pervasive.SQL Workgroup;c:\PVSW\Bin\WGE_SRV.EXE [2006-12-07 15:08]
R2 R54G Wireless Service;R54G Wireless Service;C:\Program Files\Wireless 802.11g Monitor\WLService.exe [2004-03-30 07:08]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 BvrpKrnl;BvrpKrnl;C:\Program Files\WinPhone Ultimate Edition\BVRPKrnl.exe [2006-02-27 19:39]
S3 cdrmkaun;cdrmkaun;C:\DOCUME~1\luc\LOCALS~1\Temp\cdrmkaun.sys []
S3 MR97310_VGA_DUAL_CAMERA;XDC Series;C:\WINDOWS\system32\DRIVERS\mr97310v.sys [2003-08-12 10:32]
S3 SC Test Branding Service 1;SC Test Branding Service 1;"C:\Program Files\Fichiers communs\SC Test Branding 1 Shared\Service\SCTestService1.exe" [2007-07-09 11:13]
S3 UsbSagCom;Mobile Device Full USB Driver;C:\WINDOWS\system32\DRIVERS\UsbSagCom.sys [2007-06-29 13:20]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79c50ccf-296b-11dc-ac0d-001372ea0fcf}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86eb836a-9af2-11db-ab57-001372ea0fcf}]
\Shell\AutoRun\command - G:\AutoPlay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86eb836b-9af2-11db-ab57-001372ea0fcf}]
\Shell\AutoRun\command - H:\autorun.exe
\Shell\readme\command - notepad Lisez-moi.txt
\Shell\Setup\command - H:\install.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86eb836c-9af2-11db-ab57-001372ea0fcf}]
\Shell\AutoRun\command - I:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86eb836d-9af2-11db-ab57-001372ea0fcf}]
\Shell\AutoRun\command - J:\PONEY-CLUB.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1c62406-1507-11dc-ac01-001372ea0fcf}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f944a503-94c0-11db-ab53-001372ea0fcf}]
\Shell\AutoRun\command - F:\AutoJob.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-02-16 09:05:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-22 14:09:27 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-02-23 04:43:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2008-02-23 08:37:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
0
  • 1
  • 2
  • 3
  • 4
  • 5

Discussions similaires

Aide pour un virus
cerise92700 -
MisteryBean -

41 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
Trojan impossible à supprimer!
Gridouu -
Malekal_morte- -

12 réponses
Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
Comment résilier sur wap.bouygtel.fr/abo ?
deesse.57 -
GMOMO -

6 réponses