Aidez moi!!! small-JMH trojan

Résolu/Fermé

senseimanga Messages postés 9 Date d'inscription samedi 1 mars 2008 Statut Membre Dernière intervention 6 mars 2008 - 1 mars 2008 à 13:28
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 2 mars 2008 à 12:58

Bonjour,voila j'ai été infecter par le virus small-jmh(trojan) et j'ai apris qu'il fallait faire un rapport avec hijackthis alors voila mon rapport siouplai aidez moi je désespère!!!

Logfile of HijackThis v1.99.1
Scan saved at 13:18:16, on 01/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Telecom Italia France\Securite Enfants\bin\optproxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\My Lockbox\flockbox.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Telecom Italia France\Securite Enfants\bin\OPTGui.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\youssi\LOCALS~1\Temp\Rar$EX00.953\MSNCleaner.exe
C:\Documents and Settings\youssi\Bureau\hijackthis_hijackthis_1.99.1_anglais_17891.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://french.eazel.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\youssi\LOCALS~1\Temp\winlogon.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [flockbox] C:\Program Files\My Lockbox\flockbox.exe /a
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [OPTENET_GUI] C:\Program Files\Telecom Italia France\Securite Enfants\bin\OPTGui.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [Streams Drivers] C:\DOCUME~1\youssi\LOCALS~1\Temp\winlogon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sécurité Enfants (OPTENET_FILTER) - Telecom Italia France - C:\Program Files\Telecom Italia France\Securite Enfants\bin\optproxy.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

A voir également:

Aidez moi!!! small-JMH trojan
Trojan remover - Télécharger - Antivirus & Antimalwares
Csrss.exe trojan - Forum Virus
Trojan win32 - Forum Virus
Csrss.exe : processus suspect/virus ? - Forum Virus
Trojan Csrss.exe ✓ - Forum Virus

2 réponses

Réponse 1 / 2

jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
1 mars 2008 à 13:34

slt,

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd pour lancer le scrïpt.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du scrïpt et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
_____________________

Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

__________________

recolle hijackthis et dis tes soucis

senseimanga Messages postés 9 Date d'inscription samedi 1 mars 2008 Statut Membre Dernière intervention 6 mars 2008
1 mars 2008 à 15:52

voila j'ai ce que tu m'as dit mais le rapport est trop grand je te le met sans l'énumération des fichiers cachés

rapport sdfix:

[b]SDFix: Version 1.150 [/b]

Run by youssi on 01/03/2008 at 14:59

Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\youssi\Bureau\SDFix

[b]Checking Services [/b]:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

[b]Checking Files [/b]:

Trojan Files Found:

C:\DOCUME~1\youssi\LOCALS~1\Temp\winlogon.exe - Deleted
C:\WINDOWS\system32\real.txt - Deleted

Removing Temp Files

[b]ADS Check [/b]:

[b]Final Check [/b]:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-01 15:07:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:7b4b50ad
"s2"=dword:42dbf3de
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:89,a3,38,70,1f,95,10,33,8d,91,39,01,c2,c6,3b,a6,b4,c6,69,24,a4,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:fb,7e,18,26,cd,98,d3,4b,eb,af,06,58,f3,12,4c,7c,9f,b0,1c,23,84,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:89,a3,38,70,1f,95,10,33,8d,91,39,01,c2,c6,3b,a6,b4,c6,69,24,a4,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:fb,7e,18,26,cd,98,d3,4b,eb,af,06,58,f3,12,4c,7c,9f,b0,1c,23,84,..

et la fin

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 4005

[b]Remaining Services [/b]:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Valve\\hl.exe"="C:\\Program Files\\Valve\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\EA GAMES\\Medal of Honor Batailles du Pacifique(tm)\\mohpa.exe"="C:\\Program Files\\EA GAMES\\Medal of Honor Batailles du Pacifique(tm)\\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault(tm)"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"="C:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe:*:Enabled:Rise of Nations"
"C:\\Program Files\\NAMCO BANDAI Games\\Warhammer Mark of Chaos\\Warhammer.exe"="C:\\Program Files\\NAMCO BANDAI Games\\Warhammer Mark of Chaos\\Warhammer.exe:*:Enabled:Warhammer©: Mark of ChaosT"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-frFR-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.0-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-frFR-patch-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-frFR-patch-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.1.0-frFR-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.1.0-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"="C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\\Program Files\\TrackMania United\\TmUnited.exe"="C:\\Program Files\\TrackMania United\\TmUnited.exe:*:Enabled:TmUnited"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Disabled:Azureus"
"C:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter\\GRAW.exe"="C:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter\\GRAW.exe:*:Enabled:GRAW"
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\DOCUME~1\\youssi\\LOCALS~1\\Temp\\winlogon.exe"="C:\\DOCUME~1\\youssi\\LOCALS~1\\Temp\\winlogon.exe:*:Enabled:Streams Drivers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[b]Remaining Files [/b]:

File Backups: - C:\DOCUME~1\youssi\Bureau\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
Sun 2 Dec 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
Tue 21 Jun 2005 45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
Sat 26 Jan 2008 72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
Fri 27 Oct 2006 15,872 A.SHR --- "C:\Program Files\eRightSoft\SUPER\_Setup.dll"
Sun 10 Feb 2008 5,944 ...H. --- "C:\Documents and Settings\aicha\Local Settings\Temp\Z@R48.tmp"
Sun 10 Feb 2008 1,409 ...H. --- "C:\Documents and Settings\aicha\Local Settings\Temp\Z@S49.tmp"
Wed 22 Aug 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 5 Feb 2008 45,464 ...H. --- "C:\Documents and Settings\lahsen\Local Settings\Temp\Z@R100.tmp"
Tue 5 Feb 2008 22,120 ...H. --- "C:\Documents and Settings\lahsen\Local Settings\Temp\Z@R102.tmp"
Tue 5 Feb 2008 20,836 ...H. --- "C:\Documents and Settings\lahsen\Local Settings\Temp\Z@R104.tmp"
Tue 5 Feb 2008 16,032 ...H. --- "C:\Documents and Settings\lahsen\Local Settings\Temp\Z@R106.tmp"
Tue 5 Feb 2008 34,284 ...H. --- "C:\Documents and Settings\lahsen\Local Settings\Temp\Z@RFE.tmp"
Tue 5 Feb 2008 1,409 ...H. --- "C:\Documents and Settings\lahsen\Local Settings\Temp\Z@S101.tmp"
Tue 5 Feb 2008 1,409 ...H. --- "C:\Documents and Settings\lahsen\Local Settings\Temp\Z@S103.tmp"
Tue 5 Feb 2008 1,409 ...H. --- "C:\Documents and Settings\lahsen\Local Settings\Temp\Z@S105.tmp"
Tue 5 Feb 2008 1,409 ...H. --- "C:\Documents and Settings\lahsen\Local Settings\Temp\Z@S107.tmp"
Tue 5 Feb 2008 1,409 ...H. --- "C:\Documents and Settings\lahsen\Local Settings\Temp\Z@SFF.tmp"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Tue 10 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Tue 10 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun 9 Jun 2002 36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Tue 10 Dec 2002 102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
Tue 10 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Tue 10 Dec 2002 208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Tue 10 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun 9 Jun 2002 40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sat 3 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004 232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"
Sun 9 Jun 2002 525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll"
Tue 10 Dec 2002 245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll"
Tue 10 Dec 2002 45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll"
Tue 10 Dec 2002 98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll"
Tue 10 Dec 2002 94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll"
Tue 10 Dec 2002 90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll"
Tue 10 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun 9 Jun 2002 49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll"

[b]Finished![/b]

et voila le rapport hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 15:51:07, on 01/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Telecom Italia France\Securite Enfants\bin\optproxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\My Lockbox\flockbox.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\Telecom Italia France\Securite Enfants\bin\OPTGui.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Documents and Settings\youssi\Bureau\hijackthis_hijackthis_1.99.1_anglais_17891.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://french.eazel.com/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [flockbox] C:\Program Files\My Lockbox\flockbox.exe /a
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [OPTENET_GUI] C:\Program Files\Telecom Italia France\Securite Enfants\bin\OPTGui.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sécurité Enfants (OPTENET_FILTER) - Telecom Italia France - C:\Program Files\Telecom Italia France\Securite Enfants\bin\optproxy.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

voila!! alors c'est bon ??

jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040 > senseimanga Messages postés 9 Date d'inscription samedi 1 mars 2008 Statut Membre Dernière intervention 6 mars 2008
1 mars 2008 à 18:57

il manque le rapport combofix

senseimanga Messages postés 9 Date d'inscription samedi 1 mars 2008 Statut Membre Dernière intervention 6 mars 2008 > jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022
1 mars 2008 à 19:25

le voila mais inexplicablement après qu'il ai tout fait mon ordinateur est resté bloquer sur mon bureau sans les icônes j'ai donc du redémarrer à la barbare (si tu vois ce que je veut dire)

ComboFix 08-03-01.3 - youssi 2008-03-01 19:03:30.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.440 [GMT 1:00]
Endroit: C:\Documents and Settings\youssi\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\youssi\Application Data\inst.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-01 to 2008-03-01 ))))))))))))))))))))))))))))))))))))
.

2008-03-01 14:56 . 2008-03-01 14:56 <REP> d-------- C:\WINDOWS\ERUNT
2008-03-01 13:38 . 2008-03-01 13:38 9,296 --a------ C:\WINDOWS\system32\kjneda.exe
2008-02-29 15:04 . 2008-02-29 15:04 9,296 --a------ C:\WINDOWS\system32\hctjbr.exe
2008-02-28 18:11 . 2008-02-28 18:11 9,296 --a------ C:\WINDOWS\system32\bsxvkm.exe
2008-02-11 11:16 . 2008-02-11 11:16 <REP> d-------- C:\Documents and Settings\youssi\Application Data\.BitTornado
2008-02-11 10:29 . 2008-02-11 10:29 <REP> d-------- C:\Program Files\Alcohol Soft
2008-02-11 09:58 . 2008-02-11 09:58 <REP> d-------- C:\WINDOWS\system32\ageia
2008-02-11 09:58 . 2008-02-11 09:58 <REP> d-------- C:\Program Files\AGEIA Technologies
2008-02-11 09:53 . 2008-02-11 09:53 <REP> d-------- C:\Program Files\Fichiers communs\DirectX
2008-02-11 09:48 . 2008-02-11 09:48 <REP> d-------- C:\Program Files\Ubisoft
2008-02-09 19:36 . 2008-02-09 19:36 <REP> d-------- C:\Documents and Settings\lahsen\Application Data\vlc
2008-02-08 09:14 . 2008-02-08 09:14 <REP> d-------- C:\Documents and Settings\youssi\Application Data\ImgBurn
2008-02-08 09:13 . 2008-02-08 09:14 <REP> d-------- C:\Program Files\ImgBurn
2008-02-05 18:32 . 2008-02-05 18:32 397,312 --a------ C:\WINDOWS\system32\HDCtrlEx.dll
2008-02-04 10:49 . 2008-02-04 10:49 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-02-04 10:47 . 2008-02-04 10:47 <REP> d-------- C:\Program Files\Real
2008-02-04 10:47 . 2008-02-04 10:49 <REP> d-------- C:\Program Files\Fichiers communs\Real
2008-02-02 19:58 . 2008-02-15 13:49 <REP> d-------- C:\Documents and Settings\youssi\Application Data\Vso
2008-02-02 19:58 . 2008-02-02 19:58 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-02-02 19:58 . 2008-02-02 20:00 47,360 --a------ C:\Documents and Settings\youssi\Application Data\pcouffin.sys
2008-02-02 19:57 . 2008-02-02 20:00 <REP> d-------- C:\Program Files\VSO
2008-02-02 19:54 . 2008-02-02 19:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-02-02 19:49 . 2008-02-02 19:52 <REP> d-------- C:\Program Files\Oront Burning Kit 2
2008-02-02 19:49 . 2008-02-02 19:49 <REP> d-------- C:\Documents and Settings\youssi\Application Data\Obsidium
2008-02-01 14:32 . 2008-02-01 14:32 770,048 --a------ C:\WINDOWS\system32\hdapi.dll
2008-02-01 11:18 . 1998-12-11 17:12 129,078 --a------ C:\WINDOWS\logow.sys
2008-02-01 11:18 . 1998-12-11 17:12 129,078 --a------ C:\WINDOWS\logos.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-15 13:19 --------- d-----w C:\Program Files\World of Warcraft
2008-02-11 10:16 --------- d-----w C:\Documents and Settings\youssi\Application Data\.BitTornado
2008-02-11 10:13 --------- d-----w C:\Documents and Settings\youssi\Application Data\LimeWire
2008-02-11 09:24 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-02-11 08:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-07 18:43 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-05 10:28 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-31 18:59 --------- d-----w C:\Documents and Settings\aicha\Application Data\Teleca
2008-01-31 18:59 --------- d-----w C:\Documents and Settings\aicha\Application Data\Search Settings
2008-01-31 18:57 --------- d-----w C:\Documents and Settings\aicha\Application Data\Sony Ericsson
2008-01-31 16:37 339,968 ----a-w C:\WINDOWS\system32\HDXfr.dll
2008-01-28 09:33 --------- d-----w C:\Documents and Settings\zayed\Application Data\Teleca
2008-01-28 09:31 --------- d-----w C:\Documents and Settings\zayed\Application Data\Sony Ericsson
2008-01-27 15:21 --------- d-----w C:\Program Files\RKFree
2008-01-27 14:35 --------- d-----w C:\Program Files\VideoLAN
2008-01-27 14:32 --------- d-----w C:\Program Files\Dealio
2008-01-26 18:43 --------- d-----w C:\Documents and Settings\lahsen\Application Data\Teleca
2008-01-26 18:43 --------- d-----w C:\Documents and Settings\lahsen\Application Data\Sony Ericsson
2008-01-26 15:20 --------- d-----w C:\Program Files\eRightSoft
2008-01-26 15:20 --------- d-----w C:\Program Files\AviSynth 2.5
2008-01-26 14:24 --------- d-----w C:\Documents and Settings\youssi\Application Data\Teleca
2008-01-26 13:43 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2008-01-25 17:28 4,882,432 ----a-w C:\WINDOWS\system32\Hdsv.dll
2008-01-25 07:21 --------- d-----w C:\Documents and Settings\zayed\Application Data\Search Settings
2008-01-25 07:21 --------- d-----w C:\Documents and Settings\zayed\Application Data\Dealio
2008-01-23 10:43 --------- d-----w C:\Program Files\Folder Lock
2008-01-22 14:21 20 ----a-w C:\sccfg.sys
2008-01-21 16:09 991,232 ----a-w C:\WINDOWS\system32\HelloDOCnet.dll
2008-01-19 13:22 --------- d-----w C:\Program Files\IMAGINE Editions
2008-01-17 10:55 1,327,104 ----a-w C:\WINDOWS\system32\HDPharm.dll
2008-01-14 15:10 --------- d-----w C:\Program Files\Password Protect
2008-01-14 13:47 --------- d-----w C:\Documents and Settings\youssi\Application Data\Image Zone Express
2008-01-14 13:35 --------- d-----w C:\Documents and Settings\youssi\Application Data\HP
2008-01-13 16:41 --------- d-----w C:\Documents and Settings\youssi\Application Data\Search Settings
2008-01-13 13:32 --------- d-----w C:\Documents and Settings\lahsen\Application Data\Search Settings
2008-01-13 13:32 --------- d-----w C:\Documents and Settings\lahsen\Application Data\Dealio
2008-01-11 17:02 --------- d-----w C:\Program Files\Search Settings
2008-01-11 17:00 --------- d-----w C:\Program Files\Free Audio Pack
2008-01-11 16:54 4,230,520 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2008-01-02 20:49 --------- d-----w C:\Documents and Settings\lahsen\Application Data\Printer Info Cache
2008-01-02 20:49 --------- d-----w C:\Documents and Settings\lahsen\Application Data\Image Zone Express
2008-01-02 15:48 --------- d-----w C:\Documents and Settings\youssi\Application Data\Ahead
2008-01-02 10:27 413,696 ----a-w C:\WINDOWS\system32\HDCtrlEx80.dll
2007-12-17 11:00 86,016 ----a-w C:\WINDOWS\smcw32.dll
2007-12-17 11:00 372,736 ----a-w C:\WINDOWS\ssvw32.dll
2007-12-17 11:00 368,640 ----a-w C:\WINDOWS\sjsw32.dll
2007-12-17 11:00 32,768 ----a-w C:\WINDOWS\smsw32.dll
2007-12-17 11:00 221,184 ----a-w C:\WINDOWS\stsw32.dll
2007-12-17 11:00 188,416 ----a-w C:\WINDOWS\stsrw32.dll
2007-12-17 11:00 184,320 ----a-w C:\WINDOWS\stsmw32.dll
2007-12-17 11:00 172,032 ----a-w C:\WINDOWS\sts4w32.dll
2007-12-17 11:00 122,880 ----a-w C:\WINDOWS\sts8w32.dll
2007-12-17 10:59 94,208 ----a-w C:\WINDOWS\galssw32.dll
2007-12-17 10:59 532,480 ----a-w C:\WINDOWS\srtw32.dll
2007-12-17 10:59 49,152 ----a-w C:\WINDOWS\galclw32.dll
2007-12-12 11:47 229,376 ----a-w C:\WINDOWS\system32\HDCodeExplorer.dll
2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-12-02 18:54 79,920 ----a-w C:\WINDOWS\system32\FLKill.exe
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
2007-12-06 11:58 1198432 --a------ C:\Program Files\Search Settings\kb125\SearchSettings.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-04-01 16:16 5562368]
"nwiz"="nwiz.exe" [2005-04-01 16:16 1495040 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-03-24 21:20 77824 C:\WINDOWS\SOUNDMAN.EXE]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"flockbox"="C:\Program Files\My Lockbox\flockbox.exe" [2007-04-17 23:52 1070448]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 10:00 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41 49152]
"OPTENET_GUI"="C:\Program Files\Telecom Italia France\Securite Enfants\bin\OPTGui.exe" [2007-11-14 15:20 397352]
"SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [2007-12-06 11:58 1069920]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-02-04 10:48 185896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 20:43 331776]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\EA GAMES\\Medal of Honor Batailles du Pacifique(tm)\\mohpa.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-frFR-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-frFR-patch-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\WoW-2.1.0-frFR-downloader.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"C:\\Program Files\\TrackMania United\\TmUnited.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter\\GRAW.exe"=
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 MPRIFL;MPRIFL;C:\WINDOWS\system32\DRIVERS\MPRIFL.SYS [2007-04-17 23:52]
R2 OPTENET_FILTER;Sécurité Enfants;C:\Program Files\Telecom Italia France\Securite Enfants\bin\optproxy.exe [2007-11-14 15:20]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 13:00]
S3 dump_wmimmc;dump_wmimmc;C:\Program Files\GOA\Pangya_Eu\GameGuard\dump_wmimmc.sys []
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-11-10 17:23]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-11-10 17:23]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-11-10 17:23]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-11-10 17:23]
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys [2006-11-10 17:23]
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-11-10 17:23]
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-11-10 17:24]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-01 19:07:43
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-01 19:09:41
ComboFix-quarantined-files.txt 2008-03-01 18:08:42
.
2008-02-13 19:08:25 --- E O F ---

voila

Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

________________

télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\Program Files\Search Settings\
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Search Settings\kb125\SearchSettings.dll

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
____________________

recolle un rapport hiajkchits et dis tes soucis

voila le rapport de OTMovelt2 mais yavait deux cadran de gauche alors j'ai collé dans les deux cadran voila deux rappors

ds le cadran past standard list of file:

C:\Program Files\Search Settings\kb125\temp moved successfully.
C:\Program Files\Search Settings\kb125\res moved successfully.
C:\Program Files\Search Settings\kb125 moved successfully.
C:\Program Files\Search Settings moved successfully.
File/Folder C:\Program Files\Search Settings\SearchSettings.exe not found.
File/Folder C:\Program Files\Search Settings\kb125\SearchSettings.dll not found.

OTMoveIt2 v1.0.20 log created on 03022008_105442

et dans le cadran past custom list of file:

C:\Program Files\Search Settings\kb125\temp moved successfully.
C:\Program Files\Search Settings\kb125\res moved successfully.
C:\Program Files\Search Settings\kb125 moved successfully.
C:\Program Files\Search Settings moved successfully.
File/Folder C:\Program Files\Search Settings\SearchSettings.exe not found.
File/Folder C:\Program Files\Search Settings\kb125\SearchSettings.dll not found.

OTMoveIt2 v1.0.20 log created on 03022008_105442

voila sinon j'ai pas eu à redémarrer pas de souci

Réponse 2 / 2

SOCCOS
1 mars 2008 à 13:42

j'ai mon ordinateur qui est infecté mais je sais pas quel est le virus qui l'a infecté;j'ai essayé pour plusieurs fois de le protéger mais je n'ai pas.Je vous demande de m'aider .merci!

jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
1 mars 2008 à 13:52

slt, cré ton propre post et on t'aidera

Discussions similaires

Comment supprimer le virus Trojan

Aide pour un virus

Virus : trojan:win32/wacatac.h!ml

Trojan impossible à supprimer!

Comment éliminer manuellement virus trojan?