PSW.x-Vir trojan
mimie
-
Val -
Val -
Bonjour,
mon ordinateur dit être infecté par PSW.x-Vir trojan, je ne peux plus aller sur internet et il m'envoie toujours sur une page pour télécharger un logiciel (virusheat), comment puis-je m'en debarrasser? je ne m'y connais pas trop en informatique...
En regardant un peu sur les forum j'ai vu qu'il fallait donner des rapports donc j'ai télécharger les logiciels pour cela : smitfraudfix, HijackThis et dss. Voila les résultats : (merci d'avance pour votre aide!)
SmitFraudFix v2.301
Rapport fait à 19:05:27,10, 12/03/2008
Executé à partir de C:\Documents and Settings\Foulon\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
Deckard's System Scanner v20071014.68
Run by Foulon on 2008-03-12 19:06:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
49: 2008-03-12 18:06:58 UTC - RP161 - Deckard's System Scanner Restore Point
48: 2008-03-09 15:20:48 UTC - RP160 - Point de vérification système
47: 2008-03-08 11:39:02 UTC - RP159 - Point de vérification système
46: 2008-03-07 11:37:48 UTC - RP158 - Point de vérification système
45: 2008-03-06 11:27:59 UTC - RP157 - Point de vérification système
-- First Restore Point --
1: 2007-12-14 12:00:16 UTC - RP113 - Point de vérification système
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Foulon.exe) ----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:07:41, on 12/03/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Documents and Settings\Foulon\Bureau\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Foulon.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: e404 helper - {A3D76B96-30B9-4DCC-9B3D-D12E31280D29} - C:\Program Files\Helper\1204105810.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AntiSpywareShield] C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O22 - SharedTaskScheduler: djuka - {ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c} - C:\WINDOWS\System32\wbchha.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
--
End of file - 6008 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R2 ANIO (ANIO Service) - c:\windows\system32\anio.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>
R2 HPFECP13 - c:\windows\system32\drivers\hpfecp13.sys
R3 SunkFilt (Alcor Micro Corp Reader) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 ForceWare Intelligent Application Manager (IAM) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcappflt.exe <Not Verified; ; app_filter Module>
R2 ForcewareWebInterface (Forceware Web Interface) - "c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
R2 nSvcLog (ForceWare user log service) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvclog.exe <Not Verified; NVIDIA; NVIDIA nSvcLog>
S2 ANIWZCSdService (ANIWZCSd Service) - c:\program files\ani\aniwzcs2 service\aniwzcsds.exe <Not Verified; Alpha Networks Inc.; ANIWZCS2 Service Launcher (NT)>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0269\4&2806F0ED&0&01
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0269\4&2806F0ED&0&01
Service: NVENETFD
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Parallel Device
Device ID: ROOT\LEGACY_HPFECP13\0000
Manufacturer:
Name: Parallel Device
PNP Device ID: ROOT\LEGACY_HPFECP13\0000
Service: HPFECP13
-- Files created between 2008-02-12 and 2008-03-12 -----------------------------
2008-03-12 19:06:15 0 d-------- C:\Program Files\Trend Micro
2008-03-12 19:05:29 1810 --a------ C:\WINDOWS\System32\tmp.reg
2008-03-12 19:05:06 86528 --a------ C:\WINDOWS\System32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-03-12 19:05:05 25600 --a------ C:\WINDOWS\System32\WS2Fix.exe
2008-03-12 19:05:05 289144 --a------ C:\WINDOWS\System32\VCCLSID.exe <Not Verified; S!Ri; >
2008-03-12 19:05:05 288417 --a------ C:\WINDOWS\System32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-03-12 19:05:05 53248 --a------ C:\WINDOWS\System32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-03-12 19:05:05 82432 --a------ C:\WINDOWS\System32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-03-12 19:05:05 51200 --a------ C:\WINDOWS\System32\dumphive.exe
2008-03-12 18:17:28 0 d-------- C:\Program Files\Spyware Doctor
2008-03-12 16:39:45 0 d-------- C:\Program Files\Micro Application
2008-03-02 14:13:53 0 d-------- C:\WINDOWS\System32\PreInstall
2008-03-02 14:13:51 0 d--h----- C:\WINDOWS\$hf_mig$
2008-02-28 09:06:24 0 d-------- C:\WINDOWS\System32\SoftwareDistribution
2008-02-27 12:17:04 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-02-27 12:06:46 0 d-------- C:\Program Files\Alwil Software
2008-02-27 11:36:21 0 dr-h----- C:\$VAULT$.AVG
2008-02-27 10:50:36 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-27 10:50:33 0 d-------- C:\Program Files\VirusHeat 4.3
2008-02-27 10:50:10 0 d-------- C:\Program Files\Helper
2008-02-27 10:50:05 0 d-------- C:\Program Files\NetProject
-- Find3M Report ---------------------------------------------------------------
2008-02-27 12:17:04 0 d--h----- C:\Program Files\WindowsUpdate
2008-02-27 12:07:50 0 d-------- C:\Documents and Settings\Foulon\Application Data\AVG7
2008-02-24 16:59:17 13312 --a-s---- C:\WINDOWS\System32\wbchha.dll
2008-02-24 16:59:17 367658 --a------ C:\WINDOWS\System32\perfh00C.dat
2008-02-24 16:59:17 48616 --a------ C:\WINDOWS\System32\perfc00C.dat
2008-01-28 09:56:19 0 d-------- C:\Documents and Settings\Foulon\Application Data\Help
2008-01-28 09:55:25 0 d-------- C:\Documents and Settings\Foulon\Application Data\Identities
2008-01-17 13:15:01 0 d-------- C:\Documents and Settings\Foulon\Application Data\Macromedia
2008-01-17 13:15:01 0 d-------- C:\Documents and Settings\Foulon\Application Data\Adobe
2008-01-17 10:50:18 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-17 10:49:40 0 d-------- C:\Program Files\ANI
2008-01-17 10:49:30 0 d-------- C:\Program Files\Fichiers communs\InstallShield
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3D76B96-30B9-4DCC-9B3D-D12E31280D29}]
27/02/2008 10:50 12800 --a------ C:\Program Files\Helper\1204105810.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}]
27/02/2008 10:56 9728 --a------ C:\Program Files\NetProject\sbmdl.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{81705D67-3F73-4983-859B-97D0922E5ABE}"= C:\Program Files\NetProject\wamdl.dll [ ]
[-HKEY_CLASSES_ROOT\CLSID\{81705D67-3F73-4983-859B-97D0922E5ABE}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [17/02/2006 10:40]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [27/10/2004 15:21 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [20/05/2005 02:11]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [07/09/2005 15:35]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [01/06/2006 10:22]
"nwiz"="nwiz.exe" [01/06/2006 10:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [01/06/2006 10:22 C:\WINDOWS\system32\nvmctray.dll]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [10/12/2004 11:49]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [22/07/2005 10:42]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [16/12/2004 17:49]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [04/12/2007 14:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [24/04/2003 13:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [20/08/2002 15:08]
"AntiSpywareShield"="C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe" []
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"some"=C:\Program Files\NetProject\scit.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c}"= C:\WINDOWS\System32\wbchha.dll [24/02/2008 16:59 13312]
-- End of Deckard's System Scanner: finished at 2008-03-12 19:08:11 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Édition familiale (build 2600) SP 1.0
Architecture: X86; Language: French
CPU 0: AMD Athlon(tm) 64 Processor 3500+
Percentage of Memory in Use: 31%
Physical Memory (total/avail): 1022.48 MiB / 699.11 MiB
Pagefile Memory (total/avail): 2461.61 MiB / 2098.3 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.05 MiB
C: is Fixed (NTFS) - 149.04 GiB total, 130.96 GiB free.
D: is CDROM (CDFS)
E: is Removable (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (FAT)
\\.\PHYSICALDRIVE0 - ST3160811AS - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Système de fichiers installable - 149.04 GiB - C:
\\.\PHYSICALDRIVE5 - CBM2080 Flash Disk USB Device - 494.19 MiB - 1 partition
\PARTITION0 (bootable) - Win95 avec Inter. 13 étendue - 494.97 MiB - I:
\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device
\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device
\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device
\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device
-- Security Center -------------------------------------------------------------
AUOptions is set to notify before install.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Foulon\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Fichiers communs
COMPUTERNAME=MAISON
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Foulon
LOGONSERVER=\\MAISON
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 95 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=5f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Foulon\LOCALS~1\Temp
TMP=C:\DOCUME~1\Foulon\LOCALS~1\Temp
USERDOMAIN=MAISON
USERNAME=Foulon
USERPROFILE=C:\Documents and Settings\Foulon
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Foulon [I](admin)/I
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
AirPlus G --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{0EA44599-1E9D-4517-A088-9588A9FAB211} /l1036
ANIO Service --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS2 Service --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x40c
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
Blade Runner --> C:\WESTWOOD\BLADE\UNINSTBR.EXE C:\WINDOWS\UNIN040C.EXE -fC:\WESTWOOD\BLADE\DeIsL1.isu
Football Manager 2008 --> "C:\Program Files\Sports Interactive\Football Manager 2008\Uninstall_Football Manager 2008\Uninstall Football Manager 2008.exe"
High Definition Audio Driver Package - KB888111 --> C:\WINDOWS\$NtUninstallKB888111WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP DeskJet Serie 710C (Supprimer uniquement) --> C:\Program Files\HP DeskJet 710C Series\hpfiui.exe -c -vdivid=HPF -vpnum=13 -vproduct=710C -huninstall
Internet Service --> "C:\Program Files\NetProject\scu.exe"
La Malédiction de Judas --> "C:\Program Files\Micro Application\La Malédiction de Judas\unins000.exe"
Les Sims 2 --> C:\Program Files\EA GAMES\Les Sims 2\EAUninstall.exe
Les Sims 2 : La bonne affaire --> C:\Program Files\EA GAMES\Les Sims 2 La bonne affaire\EAUninstall.exe
Les Sims™ 2 Kit Glamour --> C:\Program Files\EA GAMES\Les Sims 2 Kit Glamour\EAUninstall.exe
Mise à jour pour Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Multimedia Card Reader --> C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{CA529363-D0F2-41EA-B44B-D7515A254645}
Nero Suite --> C:\Program Files\Fichiers communs\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
NVIDIA Drivers --> C:\WINDOWS\System32\nvudisp.exe UninstallGUI
NVIDIA ForceWare Network Access Manager --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1036
Secure Browsing --> "C:\Program Files\NetProject\sbun.exe"
SoundMAX --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" -l0x40c -removeonly
Web Application --> "C:\Program Files\NetProject\waun.exe"
Windows Safety Alert --> C:\Documents and Settings\Foulon\Local Settings\Temp\zfe1.exe /del
-- Application Event Log -------------------------------------------------------
Event Record #/Type209 / Error
Event Submitted/Written: 03/12/2008 07:07:51 PM
Event ID/Source: 8 / crypt32
Event Description:
Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : 0x8ca
Event Record #/Type208 / Error
Event Submitted/Written: 03/12/2008 07:07:51 PM
Event ID/Source: 8 / crypt32
Event Description:
Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : 0x8ca
Event Record #/Type207 / Error
Event Submitted/Written: 03/12/2008 07:07:51 PM
Event ID/Source: 8 / crypt32
Event Description:
Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : 0x8ca
Event Record #/Type206 / Error
Event Submitted/Written: 03/12/2008 07:07:51 PM
Event ID/Source: 8 / crypt32
Event Description:
Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : 0x8ca
Event Record #/Type205 / Error
Event Submitted/Written: 03/12/2008 07:07:51 PM
Event ID/Source: 8 / crypt32
Event Description:
Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : 0x2
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type5380 / Error
Event Submitted/Written: 03/12/2008 07:04:26 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Délai (30000 millisecondes) d'attente pour une réponse du service à une transaction.
Event Record #/Type5371 / Error
Event Submitted/Written: 03/12/2008 07:04:13 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Délai (30000 millisecondes) d'attente pour une réponse du service sdCoreService à une transaction.
Event Record #/Type5368 / Error
Event Submitted/Written: 03/12/2008 07:04:13 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Délai (30000 millisecondes) d'attente pour une réponse du service sdCoreService à une transaction.
Event Record #/Type5350 / Warning
Event Submitted/Written: 03/12/2008 05:10:43 PM
Event ID/Source: 8021 / BROWSER
Event Description:
L'explorateur n'a pas pu retrouver la liste des serveurs du maître explorateur \\FOULON-5JDKPADX sur le réseau \Device\NetBT_Tcpip_{3021761D-79BC-4948-A0E6-87336B7547A2}.
La donnée est le code d'erreur.
Event Record #/Type5347 / Error
Event Submitted/Written: 03/12/2008 04:46:07 PM
Event ID/Source: 31012 / ipnathlp
Event Description:
L'agent proxy DNS a rencontré une erreur lors de l'obtention de la liste locale
des serveurs de résolution de noms.
Des serveurs DNS ou WINS peuvent être inaccessibles aux clients sur le réseau local.
La donnée est le code de l'erreur.
-- End of Deckard's System Scanner: finished at 2008-03-12 19:08:11 ------------
Merci d'avance de votre aide!!
cordialement
mon ordinateur dit être infecté par PSW.x-Vir trojan, je ne peux plus aller sur internet et il m'envoie toujours sur une page pour télécharger un logiciel (virusheat), comment puis-je m'en debarrasser? je ne m'y connais pas trop en informatique...
En regardant un peu sur les forum j'ai vu qu'il fallait donner des rapports donc j'ai télécharger les logiciels pour cela : smitfraudfix, HijackThis et dss. Voila les résultats : (merci d'avance pour votre aide!)
SmitFraudFix v2.301
Rapport fait à 19:05:27,10, 12/03/2008
Executé à partir de C:\Documents and Settings\Foulon\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
Deckard's System Scanner v20071014.68
Run by Foulon on 2008-03-12 19:06:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
49: 2008-03-12 18:06:58 UTC - RP161 - Deckard's System Scanner Restore Point
48: 2008-03-09 15:20:48 UTC - RP160 - Point de vérification système
47: 2008-03-08 11:39:02 UTC - RP159 - Point de vérification système
46: 2008-03-07 11:37:48 UTC - RP158 - Point de vérification système
45: 2008-03-06 11:27:59 UTC - RP157 - Point de vérification système
-- First Restore Point --
1: 2007-12-14 12:00:16 UTC - RP113 - Point de vérification système
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Foulon.exe) ----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:07:41, on 12/03/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Documents and Settings\Foulon\Bureau\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Foulon.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: e404 helper - {A3D76B96-30B9-4DCC-9B3D-D12E31280D29} - C:\Program Files\Helper\1204105810.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AntiSpywareShield] C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O22 - SharedTaskScheduler: djuka - {ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c} - C:\WINDOWS\System32\wbchha.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
--
End of file - 6008 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R2 ANIO (ANIO Service) - c:\windows\system32\anio.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>
R2 HPFECP13 - c:\windows\system32\drivers\hpfecp13.sys
R3 SunkFilt (Alcor Micro Corp Reader) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 ForceWare Intelligent Application Manager (IAM) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcappflt.exe <Not Verified; ; app_filter Module>
R2 ForcewareWebInterface (Forceware Web Interface) - "c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
R2 nSvcLog (ForceWare user log service) - c:\program files\nvidia corporation\networkaccessmanager\bin\nsvclog.exe <Not Verified; NVIDIA; NVIDIA nSvcLog>
S2 ANIWZCSdService (ANIWZCSd Service) - c:\program files\ani\aniwzcs2 service\aniwzcsds.exe <Not Verified; Alpha Networks Inc.; ANIWZCS2 Service Launcher (NT)>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0269\4&2806F0ED&0&01
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0269\4&2806F0ED&0&01
Service: NVENETFD
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Parallel Device
Device ID: ROOT\LEGACY_HPFECP13\0000
Manufacturer:
Name: Parallel Device
PNP Device ID: ROOT\LEGACY_HPFECP13\0000
Service: HPFECP13
-- Files created between 2008-02-12 and 2008-03-12 -----------------------------
2008-03-12 19:06:15 0 d-------- C:\Program Files\Trend Micro
2008-03-12 19:05:29 1810 --a------ C:\WINDOWS\System32\tmp.reg
2008-03-12 19:05:06 86528 --a------ C:\WINDOWS\System32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-03-12 19:05:05 25600 --a------ C:\WINDOWS\System32\WS2Fix.exe
2008-03-12 19:05:05 289144 --a------ C:\WINDOWS\System32\VCCLSID.exe <Not Verified; S!Ri; >
2008-03-12 19:05:05 288417 --a------ C:\WINDOWS\System32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-03-12 19:05:05 53248 --a------ C:\WINDOWS\System32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-03-12 19:05:05 82432 --a------ C:\WINDOWS\System32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-03-12 19:05:05 51200 --a------ C:\WINDOWS\System32\dumphive.exe
2008-03-12 18:17:28 0 d-------- C:\Program Files\Spyware Doctor
2008-03-12 16:39:45 0 d-------- C:\Program Files\Micro Application
2008-03-02 14:13:53 0 d-------- C:\WINDOWS\System32\PreInstall
2008-03-02 14:13:51 0 d--h----- C:\WINDOWS\$hf_mig$
2008-02-28 09:06:24 0 d-------- C:\WINDOWS\System32\SoftwareDistribution
2008-02-27 12:17:04 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-02-27 12:06:46 0 d-------- C:\Program Files\Alwil Software
2008-02-27 11:36:21 0 dr-h----- C:\$VAULT$.AVG
2008-02-27 10:50:36 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-27 10:50:33 0 d-------- C:\Program Files\VirusHeat 4.3
2008-02-27 10:50:10 0 d-------- C:\Program Files\Helper
2008-02-27 10:50:05 0 d-------- C:\Program Files\NetProject
-- Find3M Report ---------------------------------------------------------------
2008-02-27 12:17:04 0 d--h----- C:\Program Files\WindowsUpdate
2008-02-27 12:07:50 0 d-------- C:\Documents and Settings\Foulon\Application Data\AVG7
2008-02-24 16:59:17 13312 --a-s---- C:\WINDOWS\System32\wbchha.dll
2008-02-24 16:59:17 367658 --a------ C:\WINDOWS\System32\perfh00C.dat
2008-02-24 16:59:17 48616 --a------ C:\WINDOWS\System32\perfc00C.dat
2008-01-28 09:56:19 0 d-------- C:\Documents and Settings\Foulon\Application Data\Help
2008-01-28 09:55:25 0 d-------- C:\Documents and Settings\Foulon\Application Data\Identities
2008-01-17 13:15:01 0 d-------- C:\Documents and Settings\Foulon\Application Data\Macromedia
2008-01-17 13:15:01 0 d-------- C:\Documents and Settings\Foulon\Application Data\Adobe
2008-01-17 10:50:18 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-17 10:49:40 0 d-------- C:\Program Files\ANI
2008-01-17 10:49:30 0 d-------- C:\Program Files\Fichiers communs\InstallShield
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3D76B96-30B9-4DCC-9B3D-D12E31280D29}]
27/02/2008 10:50 12800 --a------ C:\Program Files\Helper\1204105810.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}]
27/02/2008 10:56 9728 --a------ C:\Program Files\NetProject\sbmdl.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{81705D67-3F73-4983-859B-97D0922E5ABE}"= C:\Program Files\NetProject\wamdl.dll [ ]
[-HKEY_CLASSES_ROOT\CLSID\{81705D67-3F73-4983-859B-97D0922E5ABE}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nTrayFw"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [17/02/2006 10:40]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [27/10/2004 15:21 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [20/05/2005 02:11]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [07/09/2005 15:35]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [01/06/2006 10:22]
"nwiz"="nwiz.exe" [01/06/2006 10:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [01/06/2006 10:22 C:\WINDOWS\system32\nvmctray.dll]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [10/12/2004 11:49]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [22/07/2005 10:42]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [16/12/2004 17:49]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [04/12/2007 14:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [24/04/2003 13:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [20/08/2002 15:08]
"AntiSpywareShield"="C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe" []
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"some"=C:\Program Files\NetProject\scit.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c}"= C:\WINDOWS\System32\wbchha.dll [24/02/2008 16:59 13312]
-- End of Deckard's System Scanner: finished at 2008-03-12 19:08:11 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Édition familiale (build 2600) SP 1.0
Architecture: X86; Language: French
CPU 0: AMD Athlon(tm) 64 Processor 3500+
Percentage of Memory in Use: 31%
Physical Memory (total/avail): 1022.48 MiB / 699.11 MiB
Pagefile Memory (total/avail): 2461.61 MiB / 2098.3 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.05 MiB
C: is Fixed (NTFS) - 149.04 GiB total, 130.96 GiB free.
D: is CDROM (CDFS)
E: is Removable (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (FAT)
\\.\PHYSICALDRIVE0 - ST3160811AS - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Système de fichiers installable - 149.04 GiB - C:
\\.\PHYSICALDRIVE5 - CBM2080 Flash Disk USB Device - 494.19 MiB - 1 partition
\PARTITION0 (bootable) - Win95 avec Inter. 13 étendue - 494.97 MiB - I:
\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device
\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device
\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device
\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device
-- Security Center -------------------------------------------------------------
AUOptions is set to notify before install.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Foulon\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Fichiers communs
COMPUTERNAME=MAISON
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Foulon
LOGONSERVER=\\MAISON
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 95 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=5f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Foulon\LOCALS~1\Temp
TMP=C:\DOCUME~1\Foulon\LOCALS~1\Temp
USERDOMAIN=MAISON
USERNAME=Foulon
USERPROFILE=C:\Documents and Settings\Foulon
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Foulon [I](admin)/I
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
AirPlus G --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{0EA44599-1E9D-4517-A088-9588A9FAB211} /l1036
ANIO Service --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS2 Service --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x40c
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
Blade Runner --> C:\WESTWOOD\BLADE\UNINSTBR.EXE C:\WINDOWS\UNIN040C.EXE -fC:\WESTWOOD\BLADE\DeIsL1.isu
Football Manager 2008 --> "C:\Program Files\Sports Interactive\Football Manager 2008\Uninstall_Football Manager 2008\Uninstall Football Manager 2008.exe"
High Definition Audio Driver Package - KB888111 --> C:\WINDOWS\$NtUninstallKB888111WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP DeskJet Serie 710C (Supprimer uniquement) --> C:\Program Files\HP DeskJet 710C Series\hpfiui.exe -c -vdivid=HPF -vpnum=13 -vproduct=710C -huninstall
Internet Service --> "C:\Program Files\NetProject\scu.exe"
La Malédiction de Judas --> "C:\Program Files\Micro Application\La Malédiction de Judas\unins000.exe"
Les Sims 2 --> C:\Program Files\EA GAMES\Les Sims 2\EAUninstall.exe
Les Sims 2 : La bonne affaire --> C:\Program Files\EA GAMES\Les Sims 2 La bonne affaire\EAUninstall.exe
Les Sims™ 2 Kit Glamour --> C:\Program Files\EA GAMES\Les Sims 2 Kit Glamour\EAUninstall.exe
Mise à jour pour Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Multimedia Card Reader --> C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{CA529363-D0F2-41EA-B44B-D7515A254645}
Nero Suite --> C:\Program Files\Fichiers communs\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
NVIDIA Drivers --> C:\WINDOWS\System32\nvudisp.exe UninstallGUI
NVIDIA ForceWare Network Access Manager --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1036
Secure Browsing --> "C:\Program Files\NetProject\sbun.exe"
SoundMAX --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" -l0x40c -removeonly
Web Application --> "C:\Program Files\NetProject\waun.exe"
Windows Safety Alert --> C:\Documents and Settings\Foulon\Local Settings\Temp\zfe1.exe /del
-- Application Event Log -------------------------------------------------------
Event Record #/Type209 / Error
Event Submitted/Written: 03/12/2008 07:07:51 PM
Event ID/Source: 8 / crypt32
Event Description:
Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : 0x8ca
Event Record #/Type208 / Error
Event Submitted/Written: 03/12/2008 07:07:51 PM
Event ID/Source: 8 / crypt32
Event Description:
Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : 0x8ca
Event Record #/Type207 / Error
Event Submitted/Written: 03/12/2008 07:07:51 PM
Event ID/Source: 8 / crypt32
Event Description:
Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : 0x8ca
Event Record #/Type206 / Error
Event Submitted/Written: 03/12/2008 07:07:51 PM
Event ID/Source: 8 / crypt32
Event Description:
Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : 0x8ca
Event Record #/Type205 / Error
Event Submitted/Written: 03/12/2008 07:07:51 PM
Event ID/Source: 8 / crypt32
Event Description:
Échec de la récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> avec l'erreur : 0x2
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type5380 / Error
Event Submitted/Written: 03/12/2008 07:04:26 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Délai (30000 millisecondes) d'attente pour une réponse du service à une transaction.
Event Record #/Type5371 / Error
Event Submitted/Written: 03/12/2008 07:04:13 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Délai (30000 millisecondes) d'attente pour une réponse du service sdCoreService à une transaction.
Event Record #/Type5368 / Error
Event Submitted/Written: 03/12/2008 07:04:13 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Délai (30000 millisecondes) d'attente pour une réponse du service sdCoreService à une transaction.
Event Record #/Type5350 / Warning
Event Submitted/Written: 03/12/2008 05:10:43 PM
Event ID/Source: 8021 / BROWSER
Event Description:
L'explorateur n'a pas pu retrouver la liste des serveurs du maître explorateur \\FOULON-5JDKPADX sur le réseau \Device\NetBT_Tcpip_{3021761D-79BC-4948-A0E6-87336B7547A2}.
La donnée est le code d'erreur.
Event Record #/Type5347 / Error
Event Submitted/Written: 03/12/2008 04:46:07 PM
Event ID/Source: 31012 / ipnathlp
Event Description:
L'agent proxy DNS a rencontré une erreur lors de l'obtention de la liste locale
des serveurs de résolution de noms.
Des serveurs DNS ou WINS peuvent être inaccessibles aux clients sur le réseau local.
La donnée est le code de l'erreur.
-- End of Deckard's System Scanner: finished at 2008-03-12 19:08:11 ------------
Merci d'avance de votre aide!!
cordialement
Configuration: Windows Vista Internet Explorer 7.0
A voir également:
- PSW.x-Vir trojan
- Trojan al11 ✓ - Forum Virus
- Trojan impossible à supprimer! ✓ - Forum Virus
- Anti trojan - Télécharger - Antivirus & Antimalwares
- Comment supprimer le virus Trojan ✓ - Forum Virus
- Trojan killer - Télécharger - Antivirus & Antimalwares
1 réponse
Bon, je suis sur XP, mais j'ai réussi à dompter la bête...
D'abord, mode sans échec (si tu le peux, je connais des malware qui bloquent ce mode...)
Ensuite:
1) Supprime le répertoire Program Files\NetProject
2) Lance Regedit.exe (Démarrer - Exécuter - Regedit.exe)
3) Recherche ces trois mots sur regedit : sbmntr, sbsm, scit.exe
4) Supprime les entrées de ces mots dans le registre
5) Dans le répertoire Documents and Settings\XX(nom d'user)\Local Settings\temp supprime zfe1.exe (ou zfe2)
6) Dans Ajout/Suppression de programmes désinstalle Web Application et System Alert (Les noms peuvent varier)
7) Redémarre
Toutes ces opérations doivent être accomplies offline.
Avec moi, ça a marché. Au cas où revérifie la présence du répertoire NetProject, et avec Ctrl-Alt-Del vérifie que sbmntr.exe, sbsm.exe et scit.exe ne soient pas là.
Si plus aucun message ne s'affiche une fois reconnecté, c'est que c'est bon.
D'abord, mode sans échec (si tu le peux, je connais des malware qui bloquent ce mode...)
Ensuite:
1) Supprime le répertoire Program Files\NetProject
2) Lance Regedit.exe (Démarrer - Exécuter - Regedit.exe)
3) Recherche ces trois mots sur regedit : sbmntr, sbsm, scit.exe
4) Supprime les entrées de ces mots dans le registre
5) Dans le répertoire Documents and Settings\XX(nom d'user)\Local Settings\temp supprime zfe1.exe (ou zfe2)
6) Dans Ajout/Suppression de programmes désinstalle Web Application et System Alert (Les noms peuvent varier)
7) Redémarre
Toutes ces opérations doivent être accomplies offline.
Avec moi, ça a marché. Au cas où revérifie la présence du répertoire NetProject, et avec Ctrl-Alt-Del vérifie que sbmntr.exe, sbsm.exe et scit.exe ne soient pas là.
Si plus aucun message ne s'affiche une fois reconnecté, c'est que c'est bon.
