Des virus! Fermé

Question

Bonjour,
j'ai quelques fichier infecteés dans le dossier System volume Information voila le rappprt smd

SmitFraudFix v2.309

Rapport fait à  8:21:16.03, 2008-04-08
Executé à partir de C:\Documents and Settings\Sofiane\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\DrWeb\spidernt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DrWeb\spiderml.exe
C:\Program Files\DrWeb\DRWEBSCD.EXE
C:\PROGRA~1\DrWeb\spiderui.exe
C:\Program Files\Kit ADSL\Wizard\Agent_WiFi.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

Fichier hosts corrompu !

127.0.0.1	www.legal-at-spybot.info
127.0.0.1	legal-at-spybot.info

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sofiane


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sofiane\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Sofiane\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!



»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

Description: NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{27A519F5-D9E1-4EBF-BF75-43B4CD217688}: NameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{ADEC0FA4-869F-4920-9B12-777E894C1048}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B4DDBA3B-CE2C-4AA4-84FC-18AACEACC1CC}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{27A519F5-D9E1-4EBF-BF75-43B4CD217688}: NameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{ADEC0FA4-869F-4920-9B12-777E894C1048}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B4DDBA3B-CE2C-4AA4-84FC-18AACEACC1CC}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{27A519F5-D9E1-4EBF-BF75-43B4CD217688}: NameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{ADEC0FA4-869F-4920-9B12-777E894C1048}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{B4DDBA3B-CE2C-4AA4-84FC-18AACEACC1CC}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

g!rly · Answer

salut,

fais ceci :

rinitialise ton fichier host :

http://siri.urz.free.fr/RHosts.php

puis

Télécharge HijackThis ici : 

-> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)

-> http://pageperso.aol.fr/balltrap34/Hijenr.gif 

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

Post le rapport généré ici stp...

@+

g!rly · Answer

re,

mets ie a jour meme si tu surf avec firefox :

internet explorer 6.0 = failles de securitées importantes

alors fais les mises a jour windows : tu veux la version 7.0 

https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70 

puis

regarde ce tutorial pour mettre ta console java a jour :
 
https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/

et

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe     

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

+ un nouveau hijack this

@+

Gstr. · Answer

Voila le rapport: ComboFix 08-04-07.5 - Sofiane 2008-04-08 17:32:23.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.12 [GMT 1:00] Endroit: C:\Documents and Settings\Sofiane\Bureau\ComboFix.exe * Création d'un nouveau point de restauration * Resident AV is active [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . ------- m -------\Legacy_NWSAPAGENT -------\Service_NwSapAgent ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-08 to 2008-04-08 )))))))))))))))))))))))))))))))))))) . 2008-04-07 18:52 . 2008-04-07 18:52 d-------- C:\Program Files\Windows Media Components 2008-04-07 18:46 . 2008-04-07 18:46 d-------- C:\Program Files\NRJ 2008-04-07 18:00 . 2006-06-07 03:34 10,305,280 -ra------ C:\WINDOWS\system32\drivers\snp2sxp.sys 2008-04-07 18:00 . 2006-05-15 08:52 675,840 --a------ C:\WINDOWS\vsnp2std.exe 2008-04-07 18:00 . 2006-05-04 04:14 61,440 -ra------ C:\WINDOWS\vsnp2std.dll 2008-04-07 18:00 . 2005-11-23 06:55 53,248 -ra------ C:\WINDOWS\system32\csnp2std.dll 2008-04-07 18:00 . 2006-04-27 13:43 24,832 -ra------ C:\WINDOWS\system32\drivers\sncamd.sys 2008-04-07 18:00 . 2004-12-09 10:23 13,022 -ra------ C:\WINDOWS\snp2std.src 2008-03-30 15:58 . 2008-03-30 16:10 d-------- C:\Documents and Settings\Sofiane\DoctorWeb 2008-03-30 15:53 . 2008-03-30 15:53 77,824 --a----t- C:\WINDOWS\system32\DRWEBSP.DLL 2008-03-30 15:52 . 2008-04-08 16:53 d-------- C:\Program Files\DrWeb 2008-03-30 15:38 . 2008-03-30 15:38 d-------- C:\Documents and Settings\Sofiane\Application Data\InstallShield 2008-03-24 17:21 . 2008-03-24 17:21 d--hs---- C:\found.000 2008-03-21 07:47 . 2008-03-21 07:47 d-------- C:\Documents and Settings\All Users\Application Data\Meow Intra Bait Face 2008-03-21 07:45 . 2008-03-21 07:45 d-------- C:\Program Files\Mp3sendbash 2008-03-21 07:43 . 2008-04-01 18:24 d-------- C:\Program Files\Circle Developement 2008-03-16 20:00 . 2008-03-16 20:02 d-------- C:\Program Files\Spybot - Search & Destroy 2008-03-16 20:00 . 2008-03-17 07:14 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-16 19:46 . 2007-04-16 16:53 1,049,600 --a------ C:\WINDOWS\system32\AAK.dll 2008-03-16 19:46 . 2004-08-04 01:54 685,056 --a------ C:\WINDOWS\system32\AAD.DLL 2008-03-16 19:46 . 2004-08-04 01:54 23,040 --a------ C:\WINDOWS\system32\AAP.DLL 2008-03-16 19:45 . 2008-04-07 20:33 d-------- C:\Program Files\Adware Away 2008-03-16 19:45 . 2008-03-29 18:19 255 --a------ C:\WINDOWS\system32\ad_away.lic 2008-03-15 06:45 . 2008-03-15 06:45 d-------- C:\Program Files\Trend Micro . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-08 14:45 --------- d-----w C:\Program Files\Crawler 2008-04-08 07:46 --------- d-----w C:\Documents and Settings\Sofiane\Application Data\vmntoolbar 2008-04-07 19:33 --------- d-----w C:\Documents and Settings\Sofiane\Application Data\Mp3sendbash 2008-04-07 16:52 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-30 14:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-03-21 06:43 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-03-12 15:17 --------- d-----w C:\Program Files\NetBattle 2008-02-28 18:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-02-27 08:07 7,291 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd 2008-02-27 08:07 52,532 ----a-w C:\WINDOWS\BricoPackUninst.cmd 2008-02-27 08:07 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll 2008-02-27 07:29 --------- d-----w C:\Program Files\TGTSoft 2008-02-27 06:42 --------- d-----w C:\Program Files\eMule 2008-02-20 15:21 --------- d-----w C:\Documents and Settings\Sofiane\Application Data\OmniPokedex 2006-12-25 13:19 117 ----a-w C:\WINDOWS\system32\config\systemprofile\user.bat 2006-12-25 13:19 117 ----a-w C:\Documents and Settings\Sofiane\user.bat 2006-12-25 13:19 117 ----a-w C:\Documents and Settings\Default User\user.bat . ((((((((((((((((((((((((((((( snapshot@2008-03-14_18.44.59.49 ))))))))))))))))))))))))))))))))))))))))) . - 2004-08-09 15:43:36 94,208 ----a-w C:\WINDOWS\amcap.exe + 2004-08-09 16:43:36 94,208 ----a-w C:\WINDOWS\amcap.exe - 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE + 2005-10-20 19:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE - 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE + 2005-10-20 19:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE - 2007-06-13 13:22:28 979,456 ----a-w C:\WINDOWS\explorer.exe + 2007-06-13 13:22:28 1,037,312 ----a-w C:\WINDOWS\explorer.exe + 2000-08-31 07:00:00 73,728 ----a-w C:\WINDOWS\fdsv.exe + 2000-08-31 07:00:00 80,412 ----a-w C:\WINDOWS\grep.exe - 2004-12-03 15:22:24 688,128 ----a-w C:\WINDOWS\NOTEPAD.EXE + 2004-12-03 15:22:24 577,536 ----a-w C:\WINDOWS\NOTEPAD.EXE - 2004-08-04 00:54:52 764,928 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe + 2004-08-04 00:54:52 768,512 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe - 2004-08-04 00:55:02 230,912 ----a-w C:\WINDOWS egedit.exe + 2004-08-04 00:55:02 153,088 ----a-w C:\WINDOWS egedit.exe + 2000-08-31 07:00:00 98,816 ----a-w C:\WINDOWS\sed.exe + 2008-04-08 16:27:17 3,392 ----a-w C:\WINDOWS\SoftwareDistribution\EventCache\{EE8E10DB-1D33-411D-B5E2-22074010DCBA}.bin + 2000-08-31 07:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe + 2000-08-31 07:00:00 136,704 ----a-w C:\WINDOWS\swsc.exe + 2000-08-31 07:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe - 2004-08-04 00:54:50 101,376 ----a-w C:\WINDOWS\system32\ahui.exe + 2004-08-04 00:54:50 98,304 ----a-w C:\WINDOWS\system32\ahui.exe - 2007-12-07 01:07:03 1,021,952 ----a-w C:\WINDOWS\system32\browseui.dll + 2007-12-07 01:07:03 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll - 2004-08-04 00:54:22 83,456 ----a-w C:\WINDOWS\system32\cabview.dll + 2004-08-04 00:54:22 85,504 ----a-w C:\WINDOWS\system32\cabview.dll - 2001-08-28 15:00:00 118,272 ----a-w C:\WINDOWS\system32\calc.exe + 2001-08-28 15:00:00 115,200 ----a-w C:\WINDOWS\system32\calc.exe - 2004-08-04 00:54:50 110,080 ----a-w C:\WINDOWS\system32\cleanmgr.exe + 2004-08-04 00:54:50 65,536 ----a-w C:\WINDOWS\system32\cleanmgr.exe - 2004-08-04 00:54:50 428,032 ----a-w C:\WINDOWS\system32\cmd.exe + 2004-08-04 00:54:50 400,896 ----a-w C:\WINDOWS\system32\cmd.exe - 2004-08-04 00:54:24 457,728 ----a-w C:\WINDOWS\system32\cmdial32.dll + 2004-08-04 00:54:24 352,256 ----a-w C:\WINDOWS\system32\cmdial32.dll - 2001-08-28 15:00:00 70,144 ----a-w C:\WINDOWS\system32\console.dll + 2001-08-28 15:00:00 67,072 ----a-w C:\WINDOWS\system32\console.dll - 2004-08-04 00:54:24 190,976 ----a-w C:\WINDOWS\system32\credui.dll + 2004-08-04 00:54:24 165,888 ----a-w C:\WINDOWS\system32\credui.dll - 2002-12-22 19:53:26 140,928 ----a-w C:\WINDOWS\system32\drivers\ks.sys + 2002-12-22 20:53:26 140,928 ----a-w C:\WINDOWS\system32\drivers\ks.sys - 2004-08-04 00:54:26 396,288 ----a-w C:\WINDOWS\system32\fontext.dll + 2004-08-04 00:54:26 386,560 ----a-w C:\WINDOWS\system32\fontext.dll - 2004-08-04 00:54:28 161,792 ----a-w C:\WINDOWS\system32\hotplug.dll + 2004-08-04 00:54:28 146,944 ----a-w C:\WINDOWS\system32\hotplug.dll - 2001-08-28 15:00:00 292,352 ----a-w C:\WINDOWS\system32\inetcplc.dll + 2001-08-28 15:00:00 121,856 ----a-w C:\WINDOWS\system32\inetcplc.dll - 2002-12-22 19:53:26 47,616 ----a-w C:\WINDOWS\system32\iyuv_32.dll + 2002-12-22 20:53:26 47,616 ----a-w C:\WINDOWS\system32\iyuv_32.dll - 2004-08-04 00:54:30 409,600 ----a-w C:\WINDOWS\system32\keymgr.dll + 2004-08-04 00:54:30 157,184 ----a-w C:\WINDOWS\system32\keymgr.dll - 2002-12-22 19:53:26 4,096 ----a-w C:\WINDOWS\system32\ksuser.dll + 2002-12-22 20:53:26 4,096 ----a-w C:\WINDOWS\system32\ksuser.dll - 2004-09-11 22:05:50 3,128,320 ----a-w C:\WINDOWS\system32\logon.scr + 2004-09-11 22:05:50 363,520 ----a-w C:\WINDOWS\system32\logon.scr - 2003-12-16 22:10:42 7,099,392 ----a-w C:\WINDOWS\system32\logonui.exe + 2003-12-16 22:10:42 1,996,800 ----a-w C:\WINDOWS\system32\logonui.exe - 2004-08-04 00:53:12 380,416 ----a-w C:\WINDOWS\system32\moricons.dll + 2004-08-04 00:53:12 216,064 ----a-w C:\WINDOWS\system32\moricons.dll - 2004-12-23 22:41:54 1,111,552 ----a-w C:\WINDOWS\system32\msgina.dll + 2004-12-23 22:41:54 1,101,824 ----a-w C:\WINDOWS\system32\msgina.dll - 2002-12-22 19:53:32 294,912 ----a-w C:\WINDOWS\system32\msh263.drv + 2002-12-22 20:53:32 294,912 ----a-w C:\WINDOWS\system32\msh263.drv - 2007-12-07 14:37:06 3,521,536 ----a-w C:\WINDOWS\system32\mshtml.dll + 2007-12-07 14:37:06 3,080,192 ----a-w C:\WINDOWS\system32\mshtml.dll - 2004-08-04 00:55:00 444,928 ----a-w C:\WINDOWS\system32\mspaint.exe + 2004-08-04 00:55:00 347,648 ----a-w C:\WINDOWS\system32\mspaint.exe - 2004-08-04 00:54:36 328,192 ----a-w C:\WINDOWS\system32\mstask.dll + 2004-08-04 00:54:36 281,600 ----a-w C:\WINDOWS\system32\mstask.dll - 2004-08-03 22:59:44 657,408 ----a-w C:\WINDOWS\system32\mstscax.dll + 2004-08-03 22:59:44 655,360 ----a-w C:\WINDOWS\system32\mstscax.dll - 2002-12-22 19:53:32 17,408 ----a-w C:\WINDOWS\system32\msyuv.dll + 2002-12-22 20:53:32 17,408 ----a-w C:\WINDOWS\system32\msyuv.dll - 2004-08-04 00:54:36 86,528 ----a-w C:\WINDOWS\system32\mydocs.dll + 2004-08-04 00:54:36 91,648 ----a-w C:\WINDOWS\system32\mydocs.dll - 2004-08-04 00:55:00 56,832 ----a-w C:\WINDOWS\system32 arrator.exe + 2004-08-04 00:55:00 55,296 ----a-w C:\WINDOWS\system32 arrator.exe - 2004-08-04 00:54:36 153,088 ----a-w C:\WINDOWS\system32 etid.dll + 2004-08-04 00:54:36 144,896 ----a-w C:\WINDOWS\system32 etid.dll - 2004-08-04 00:54:36 2,139,648 ----a-w C:\WINDOWS\system32 etshell.dll + 2004-08-04 00:54:36 1,723,904 ----a-w C:\WINDOWS\system32 etshell.dll - 2004-08-04 00:54:36 416,256 ----a-w C:\WINDOWS\system32 ewdev.dll + 2004-08-04 00:54:36 251,392 ----a-w C:\WINDOWS\system32 ewdev.dll - 2004-12-03 15:22:24 688,128 ----a-w C:\WINDOWS\system32 otepad.exe + 2004-12-03 15:22:24 577,536 ----a-w C:\WINDOWS\system32 otepad.exe - 2004-08-04 00:54:36 233,984 ----a-w C:\WINDOWS\system32 tshrui.dll + 2004-08-04 00:54:36 145,920 ----a-w C:\WINDOWS\system32 tshrui.dll - 2004-08-04 00:54:36 147,968 ----a-w C:\WINDOWS\system32\occache.dll + 2004-08-04 00:54:36 97,280 ----a-w C:\WINDOWS\system32\occache.dll - 2004-08-04 00:54:38 758,784 ----a-w C:\WINDOWS\system32\printui.dll + 2004-08-04 00:54:38 578,560 ----a-w C:\WINDOWS\system32\printui.dll - 2004-08-04 00:54:38 1,256,960 ----a-w C:\WINDOWS\system32 asdlg.dll + 2004-08-04 00:54:38 685,056 ----a-w C:\WINDOWS\system32 asdlg.dll + 2008-04-08 14:31:30 208,008 ----a-w C:\WINDOWS\system32\Restore strlog.dat - 2004-08-04 00:53:44 689,664 ----a-w C:\WINDOWS\system32\shdoclc.dll + 2004-08-04 00:53:44 572,416 ----a-w C:\WINDOWS\system32\shdoclc.dll - 2007-12-07 01:07:05 1,774,080 ----a-w C:\WINDOWS\system32\shdocvw.dll + 2007-12-07 01:07:05 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw.dll - 2007-10-25 16:56:24 12,924,928 ----a-w C:\WINDOWS\system32\shell32.dll + 2007-10-25 16:56:24 8,510,976 ----a-w C:\WINDOWS\system32\shell32.dll - 2004-08-04 00:54:40 1,790,464 ----a-w C:\WINDOWS\system32\shimgvw.dll + 2004-08-04 00:54:40 440,320 ----a-w C:\WINDOWS\system32\shimgvw.dll - 2007-12-07 01:07:05 499,200 ----a-w C:\WINDOWS\system32\shlwapi.dll + 2007-12-07 01:07:05 474,624 ----a-w C:\WINDOWS\system32\shlwapi.dll - 2001-08-28 15:00:00 152,576 ----a-w C:\WINDOWS\system32\sndvol32.exe + 2001-08-28 15:00:00 139,264 ----a-w C:\WINDOWS\system32\sndvol32.exe - 2004-08-04 00:54:44 147,968 ----a-w C:\WINDOWS\system32\stobject.dll + 2004-08-04 00:54:44 122,368 ----a-w C:\WINDOWS\system32\stobject.dll - 2004-08-04 00:55:02 183,296 ----a-w C:\WINDOWS\system32\sysocmgr.exe + 2004-08-04 00:55:02 107,520 ----a-w C:\WINDOWS\system32\sysocmgr.exe - 2002-12-22 21:54:04 1,261,568 ----a-w C:\WINDOWS\system32\syssetup.dll + 2002-12-22 21:54:04 1,005,056 ----a-w C:\WINDOWS\system32\syssetup.dll - 2004-08-04 00:55:02 189,440 ----a-w C:\WINDOWS\system32 askmgr.exe + 2004-08-04 00:55:02 143,360 ----a-w C:\WINDOWS\system32 askmgr.exe - 2004-08-04 00:54:44 393,728 ----a-w C:\WINDOWS\system32 hemeui.dll + 2004-08-04 00:54:44 391,168 ----a-w C:\WINDOWS\system32 hemeui.dll - 2002-12-22 19:53:44 8,192 ----a-w C:\WINDOWS\system32 sbyuv.dll + 2002-12-22 20:53:44 8,192 ----a-w C:\WINDOWS\system32 sbyuv.dll - 2004-08-04 00:54:44 59,392 ----a-w C:\WINDOWS\system32\url.dll + 2004-08-04 00:54:44 37,888 ----a-w C:\WINDOWS\system32\url.dll - 2007-12-07 01:07:05 691,200 ----a-w C:\WINDOWS\system32\urlmon.dll + 2007-12-07 01:07:05 617,472 ----a-w C:\WINDOWS\system32\urlmon.dll - 2004-08-04 00:54:54 544,768 ----a-w C:\WINDOWS\system32\usmt\migwiz.exe + 2004-08-04 00:54:54 246,784 ----a-w C:\WINDOWS\system32\usmt\migwiz.exe - 2002-12-22 19:53:46 54,784 ----a-w C:\WINDOWS\system32\vfwwdm32.dll + 2002-12-22 20:53:46 54,784 ----a-w C:\WINDOWS\system32\vfwwdm32.dll - 2004-08-04 00:54:46 442,880 ----a-w C:\WINDOWS\system32\webcheck.dll + 2004-08-04 00:54:46 281,600 ----a-w C:\WINDOWS\system32\webcheck.dll - 2004-08-04 00:55:02 890,880 ----a-w C:\WINDOWS\system32\wiaacmgr.exe + 2004-08-04 00:55:02 438,784 ----a-w C:\WINDOWS\system32\wiaacmgr.exe - 2004-08-04 00:54:46 774,656 ----a-w C:\WINDOWS\system32\wiashext.dll + 2004-08-04 00:54:46 594,432 ----a-w C:\WINDOWS\system32\wiashext.dll - 2007-12-07 01:07:05 697,856 ----a-w C:\WINDOWS\system32\wininet.dll + 2007-12-07 01:07:05 663,552 ----a-w C:\WINDOWS\system32\wininet.dll - 2004-08-04 01:54:08 773,120 ----a-w C:\WINDOWS\system32\winntbbu.dll + 2004-08-04 01:54:08 1,208,320 ----a-w C:\WINDOWS\system32\winntbbu.dll - 2007-03-17 13:44:47 294,400 ----a-w C:\WINDOWS\system32\winsrv.dll + 2007-03-17 13:44:47 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll - 2007-07-30 17:19:16 68,440 ----a-w C:\WINDOWS\system32\wuauclt.exe + 2007-07-30 17:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe - 2004-08-04 00:55:04 288,768 ----a-w C:\WINDOWS\system32\wuauclt1.exe + 2004-08-04 00:55:04 168,960 ----a-w C:\WINDOWS\system32\wuauclt1.exe - 2004-08-04 00:53:54 3,378,176 ----a-w C:\WINDOWS\system32\xpsp2res.dll + 2004-08-04 00:53:54 2,986,496 ----a-w C:\WINDOWS\system32\xpsp2res.dll - 2004-08-04 00:54:48 907,776 ----a-w C:\WINDOWS\system32\zipfldr.dll + 2004-08-04 00:54:48 340,480 ----a-w C:\WINDOWS\system32\zipfldr.dll - 2006-04-12 09:11:26 61,440 ----a-w C:\WINDOWS wain_32\snp2std\snp2TUI.dll + 2006-04-12 03:11:26 61,440 ----a-r C:\WINDOWS wain_32\snp2std\snp2TUI.dll + 2000-08-31 07:00:00 49,152 ----a-w C:\WINDOWS\VFind.exe + 2000-08-31 07:00:00 68,096 ----a-w C:\WINDOWS\zip.exe . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TVAgent WiFi"="C:\Program Files\Kit ADSL\Wizard\Agent_WiFi.exe" [2005-04-12 19:44 905216] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-05-01 17:26 171448] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] "Readme user"="C:\DOCUME~1\Sofiane\APPLIC~1\Mp3sendbash\SPAMCHIC.exe" [ ] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [ ] "DrWebScheduler"="C:\Program Files\DrWeb\DRWEBSCD.EXE" [2008-03-31 14:32 283888] "SpIDerNT"="C:\PROGRA~1\DrWeb\spiderui.exe" [2008-03-31 14:32 230936] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="C:\WINDOWS\system32 scupgrd.exe" [2004-08-04 01:37 44544] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoSMBalloonTip"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\Program Files\Messenger\msmsgs.exe"= "C:\Program Files\LimeWire\LimeWire.exe"= "C:\Program Files\MSN Messenger\msnmsgr.exe"= "C:\Program Files\Internet Explorer\IEXPLORE.EXE"= "C:\Program Files\eMule\emule.exe"= "C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe"= "C:\Program Files\MSN Messenger\livecall.exe"= . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-03-21 06:49:02 C:\WINDOWS\Tasks\AEE5F8EA91926922.job" - c:\docume~1\sofiane\applic~1\mp3sendbash\internet show date.exe "2007-11-30 07:56:19 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"

g!rly · Answer

post un nouveau rapport hijack this stp

@+

Gstr. · Answer

ok( l'installation de la mis a jour internet explorer7 ne marche pas)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:16, on 2008-04-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\DrWeb\spidernt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DrWeb\DRWEBSCD.EXE
C:\PROGRA~1\DrWeb\spiderui.exe
C:\Program Files\Kit ADSL\Wizard\Agent_WiFi.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://lstard.stormcorp.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\vmntoolbar\vmntoolbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\vmntoolbar\vmntoolbar.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [DrWebScheduler] "C:\Program Files\DrWeb\DRWEBSCD.EXE"
O4 - HKLM\..\Run: [SpIDerNT] C:\PROGRA~1\DrWeb\spiderui.exe /agent
O4 - HKCU\..\Run: [TVAgent WiFi] C:\Program Files\Kit ADSL\Wizard\Agent_WiFi.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Readme user] C:\DOCUME~1\Sofiane\APPLIC~1\Mp3sendbash\SPAMCHIC.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User 'Default user')
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b6e4110cc42a478ba9e04ab848ece780
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b6e4110cc42a478ba9e04ab848ece780
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{27A519F5-D9E1-4EBF-BF75-43B4CD217688}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{27A519F5-D9E1-4EBF-BF75-43B4CD217688}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{27A519F5-D9E1-4EBF-BF75-43B4CD217688}: NameServer = 192.168.1.1
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SpIDer Guard for Windows (SPIDERNT) - Doctor Web, Ltd. - C:\PROGRA~1\DrWeb\spidernt.exe

g!rly · Answer

re,

tu as deux topik et sur l´autre on t´as fais retirer les lignes qui montre que tu as une version pirate de windows, donc pas de mise a jour ;-(

la suite :

Copie le texte ci-dessous :

folder::
C:\DOCUME~1\Sofiane\APPLIC~1\Mp3sendbash

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Readme user"=-

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix, 

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+

Gstr. · Answer

ComboFix 08-04-07.5 - Sofiane 2008-04-08 18:34:50.4 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.12 [GMT 1:00] Endroit: C:\Documents and Settings\Sofiane\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Sofiane\Bureau\CFScript.txt * Création d'un nouveau point de restauration * Resident AV is active [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\DOCUME~1\Sofiane\APPLIC~1\Mp3sendbash C:\DOCUME~1\Sofiane\APPLIC~1\Mp3sendbash\0 C:\DOCUME~1\Sofiane\APPLIC~1\Mp3sendbash\Hole One Bend License.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . ------- m -------\Legacy_NWSAPAGENT -------\Service_NwSapAgent ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-08 to 2008-04-08 )))))))))))))))))))))))))))))))))))) . 2008-04-07 18:52 . 2008-04-07 18:52 d-------- C:\Program Files\Windows Media Components 2008-04-07 18:46 . 2008-04-07 18:46 d-------- C:\Program Files\NRJ 2008-04-07 18:00 . 2006-06-07 03:34 10,305,280 -ra------ C:\WINDOWS\system32\drivers\snp2sxp.sys 2008-04-07 18:00 . 2006-05-04 04:14 61,440 -ra------ C:\WINDOWS\vsnp2std.dll 2008-04-07 18:00 . 2005-11-23 06:55 53,248 -ra------ C:\WINDOWS\system32\csnp2std.dll 2008-04-07 18:00 . 2006-04-27 13:43 24,832 -ra------ C:\WINDOWS\system32\drivers\sncamd.sys 2008-04-07 18:00 . 2004-12-09 10:23 13,022 -ra------ C:\WINDOWS\snp2std.src 2008-03-30 15:58 . 2008-03-30 16:10 d-------- C:\Documents and Settings\Sofiane\DoctorWeb 2008-03-30 15:53 . 2008-03-30 15:53 77,824 --a----t- C:\WINDOWS\system32\DRWEBSP.DLL 2008-03-30 15:52 . 2008-04-08 18:41 d-------- C:\Program Files\DrWeb 2008-03-30 15:38 . 2008-03-30 15:38 d-------- C:\Documents and Settings\Sofiane\Application Data\InstallShield 2008-03-24 17:21 . 2008-03-24 17:21 d--hs---- C:\found.000 2008-03-21 07:47 . 2008-03-21 07:47 d-------- C:\Documents and Settings\All Users\Application Data\Meow Intra Bait Face 2008-03-21 07:45 . 2008-03-21 07:45 d-------- C:\Program Files\Mp3sendbash 2008-03-21 07:43 . 2008-04-01 18:24 d-------- C:\Program Files\Circle Developement 2008-03-16 20:00 . 2008-03-16 20:02 d-------- C:\Program Files\Spybot - Search & Destroy 2008-03-16 20:00 . 2008-03-17 07:14 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-16 19:46 . 2007-04-16 16:53 1,049,600 --a------ C:\WINDOWS\system32\AAK.dll 2008-03-16 19:46 . 2004-08-04 01:54 685,056 --a------ C:\WINDOWS\system32\AAD.DLL 2008-03-16 19:46 . 2004-08-04 01:54 23,040 --a------ C:\WINDOWS\system32\AAP.DLL 2008-03-16 19:45 . 2008-04-07 20:33 d-------- C:\Program Files\Adware Away 2008-03-16 19:45 . 2008-03-29 18:19 255 --a------ C:\WINDOWS\system32\ad_away.lic 2008-03-15 06:45 . 2008-03-15 06:45 d-------- C:\Program Files\Trend Micro . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-08 14:45 --------- d-----w C:\Program Files\Crawler 2008-04-08 07:46 --------- d-----w C:\Documents and Settings\Sofiane\Application Data\vmntoolbar 2008-04-07 16:52 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-30 14:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-03-21 06:43 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-03-12 15:17 --------- d-----w C:\Program Files\NetBattle 2008-02-28 18:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-02-27 08:07 7,291 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd 2008-02-27 08:07 52,532 ----a-w C:\WINDOWS\BricoPackUninst.cmd 2008-02-27 07:29 --------- d-----w C:\Program Files\TGTSoft 2008-02-27 06:42 --------- d-----w C:\Program Files\eMule 2008-02-20 15:21 --------- d-----w C:\Documents and Settings\Sofiane\Application Data\OmniPokedex 2006-12-25 13:19 117 ----a-w C:\WINDOWS\system32\config\systemprofile\user.bat 2006-12-25 13:19 117 ----a-w C:\Documents and Settings\Sofiane\user.bat 2006-12-25 13:19 117 ----a-w C:\Documents and Settings\Default User\user.bat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TVAgent WiFi"="C:\Program Files\Kit ADSL\Wizard\Agent_WiFi.exe" [2005-04-12 19:44 905216] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-05-01 17:26 171448] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [ ] "DrWebScheduler"="C:\Program Files\DrWeb\DRWEBSCD.EXE" [2008-03-31 14:32 283888] "SpIDerNT"="C:\PROGRA~1\DrWeb\spiderui.exe" [2008-03-31 14:32 230936] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="C:\WINDOWS\system32 scupgrd.exe" [2004-08-04 01:37 44544] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoSMBalloonTip"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\Program Files\Messenger\msmsgs.exe"= "C:\Program Files\LimeWire\LimeWire.exe"= "C:\Program Files\MSN Messenger\msnmsgr.exe"= "C:\Program Files\Internet Explorer\IEXPLORE.EXE"= "C:\Program Files\eMule\emule.exe"= "C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe"= "C:\Program Files\MSN Messenger\livecall.exe"= *Newly Created Service* - PCANDIS5 . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-03-21 06:49:02 C:\WINDOWS\Tasks\AEE5F8EA91926922.job" - c:\docume~1\sofiane\applic~1\mp3sendbash\internet show date.exe "2007-11-30 07:56:19 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" Hijack this: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:51, on 2008-04-08 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\DrWeb\spidernt.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\Program Files\DrWeb\DRWEBSCD.EXE C:\PROGRA~1\DrWeb\spiderui.exe C:\Program Files\Kit ADSL\Wizard\Agent_WiFi.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\NETGEAR\WG111v2\WG111v2.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66006 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66006 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://lstard.stormcorp.net/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\vmntoolbar\vmntoolbar.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\vmntoolbar\vmntoolbar.dll O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKLM\..\Run: [DrWebScheduler] "C:\Program Files\DrWeb\DRWEBSCD.EXE" O4 - HKLM\..\Run: [SpIDerNT] C:\PROGRA~1\DrWeb\spiderui.exe /agent O4 - HKCU\..\Run: [TVAgent WiFi] C:\Program Files\Kit ADSL\Wizard\Agent_WiFi.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32 scupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32 scupgrd.exe (User 'Default user') O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b6e4110cc42a478ba9e04ab848ece780 O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b6e4110cc42a478ba9e04ab848ece780 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32 wprovau.dll O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{27A519F5-D9E1-4EBF-BF75-43B4CD217688}: NameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{27A519F5-D9E1-4EBF-BF75-43B4CD217688}: NameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{27A519F5-D9E1-4EBF-BF75-43B4CD217688}: NameServer = 192.168.1.1 O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: SpIDer Guard for Windows (SPIDERNT) - Doctor Web, Ltd. - C:\PROGRA~1\DrWeb\spidernt.exe

g!rly · Answer

je parle pour rien dire ?

pourquoi ne mets tu pas ie a jour ainsi que java ?

Fais un scan avec cet antispyware :

Telecharge malwarebytes + tutoriel :

-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".

Puis click sur "rechercher".

Laisse le scanner le pc... 

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.

@+

Gstr. · Answer

La mise a jour de ie ne marche pas j'ai une version de windows piraté. Et le lien de télécharger de java ne marche pas aussi je crois

g!rly · Answer

ok ;-(

passe malwarebytes alors

@+

Gstr. · Answer

39 elements inféctés je crosi voila rapport :

Malwarebytes' Anti-Malware 1.11
Version de la base de données: 603

Type de recherche: Examen complet (A:\|C:\|D:\|E:\|)
Eléments examinés: 55541
Temps écoulé: 14 minute(s), 23 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 32

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{9b3b6152-725c-423f-8fd5-90e4fb67d33c} (Rogue.AdwareAway) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3a14dc54-d801-419c-9c44-b9982d9a949b} (Rogue.AdwareAway) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adware away v2.2.8.9_is1 (Rogue.AdwareAway) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\Adware Away (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\backup (Rogue.AdwareAway) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\System Volume Information\_restore{4035E095-9038-4B88-8638-CE4434166468}\RP19\A0029193.drv (Adware.Winad) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\ab_old.reg (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\activex.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\AdAway.chm (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\AdAway.exe (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\autorun.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\Customize.dll (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\EProcess.exe (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\fa.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\FixForV8.exe (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\global.dll (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\hosts.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\iebhotoolbar.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\iedlls.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\iepage.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\ierestriction.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\ietoolbarbutton.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\ieurlprefix.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\ieurlsearchhook.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\keylogger.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\LSP.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\OtherNormal.dat (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\overall.log (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\piracy.txt (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\process.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\service.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\sharedresource.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\shellextensions.tmp (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\sporder.dll (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\unins000.dat (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Program Files\Adware Away\unins000.exe (Rogue.AdwareAway) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sofiane\Bureau\Adware Away.lnk (Rogue.AdwareAway) -> Quarantined and deleted successfully.

g!rly · Answer

ok

post un nouveau rapport hijack this stp

@+

Gstr. · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:41, on 2008-04-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\DrWeb\spidernt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DrWeb\DRWEBSCD.EXE
C:\PROGRA~1\DrWeb\spiderui.exe
C:\WINDOWS	snp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Kit ADSL\Wizard\Agent_WiFi.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://lstard.stormcorp.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\vmntoolbar\vmntoolbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\vmntoolbar\vmntoolbar.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [DrWebScheduler] "C:\Program Files\DrWeb\DRWEBSCD.EXE"
O4 - HKLM\..\Run: [SpIDerNT] C:\PROGRA~1\DrWeb\spiderui.exe /agent
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS	snp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKCU\..\Run: [TVAgent WiFi] C:\Program Files\Kit ADSL\Wizard\Agent_WiFi.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User 'Default user')
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b6e4110cc42a478ba9e04ab848ece780
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b6e4110cc42a478ba9e04ab848ece780
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{27A519F5-D9E1-4EBF-BF75-43B4CD217688}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{27A519F5-D9E1-4EBF-BF75-43B4CD217688}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{27A519F5-D9E1-4EBF-BF75-43B4CD217688}: NameServer = 192.168.1.1
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SpIDer Guard for Windows (SPIDERNT) - Doctor Web, Ltd. - C:\PROGRA~1\DrWeb\spidernt.exe

Gstr. · Answer

O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe  : spybot dis que c'est un element dangeureux

g!rly · Answer

re,

que te dit t-il ?

@+

Gstr. · Answer

Il dit seulement sa

Gstr. · Answer

Il est dans mon fichier WINDOWS et quand je l'ouvre rien ne se passe et je ne peut le mettre dans ma corbeille.

Il s'est installé dans mon ordi a cause du CD d'installation d'une webcam.

g!rly · Answer

bah oui mais as tu encore la web cam ?

Gstr. · Answer

oui

Gstr. · Answer

Ses fichiers aussi j'ai oublié. ce sonts des virus toujours par le cd d'installation de la webcam.

C:\WINDOWS	snp2std.exe
C:\WINDOWS\vsnp2std.exe

g!rly · Answer

donc ce ne sont pas des virus

Gstr. · Answer

ok

g!rly · Answer

re,

par contre docteur web, laisse vraiment a desirer

desinstale le et

Telecharge et instales l'antivirus Antivir Personal Edition Classic :

->https://www.malekal.com/avira-free-security-antivirus-gratuit/

https://www.avira.com/en/prime

http://mickael.barroux.free.fr/securite/antivir.php 
http://speedweb1.free.fr/frames2.php?page=tuto5
<- tutoriel configuration du scanner...

une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes : 
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

Je te dis tous ca car j´aimerais que tu performes un scan entier de ta machine a l´aide d´antivir avec les reglages stipulés ci dessus et que tu post le rapport généré ici stp

@+

Gstr. · Answer

re j'ai fini le scan mais ou est le rapport généré ?

g!rly · Answer

salut,

click sur l´icone d´antivir dans la barre des taches, puis dans la fenetre du programme click sur l´onglet rapports, dans la liste repere scan click dessus dans la nouvelle petite fenetre click sur report file puis copie et colle le ici 

@+

Gstr. · Answer

AntiVir PersonalEdition Classic
Report file date: 2008-04-09  20:43

Scanning for 835736 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (Service Pack 2)  [5.1.2600]
Username:         Sofiane
Computer name:    DOMIJ

Version information:
BUILD.DAT    : 270           15603 Bytes  2007-09-19 13:32:00
AVSCAN.EXE   : 7.0.6.1      290856 Bytes  2007-08-23 13:16:29
AVSCAN.DLL   : 7.0.6.0       49192 Bytes  2007-08-16 12:23:51
LUKE.DLL     : 7.0.5.3      147496 Bytes  2007-08-14 15:32:47
LUKERES.DLL  : 7.0.6.1       10280 Bytes  2007-08-21 12:35:20
ANTIVIR0.VDF : 6.40.0.0    11030528 Bytes  2007-07-18 14:27:15
ANTIVIR1.VDF : 7.0.0.0     1640448 Bytes  2007-09-13 14:26:55
ANTIVIR2.VDF : 7.0.0.1        2048 Bytes  2007-09-13 14:27:04
ANTIVIR3.VDF : 7.0.0.2        2048 Bytes  2007-09-13 14:27:13
AVEWIN32.DLL : 7.6.0.15    2806272 Bytes  2007-09-17 17:43:56
AVWINLL.DLL  : 1.0.0.7       14376 Bytes  2007-02-26 10:36:26
AVPREF.DLL   : 7.0.2.2       25640 Bytes  2007-07-18 07:39:17
AVREP.DLL    : 7.0.0.1      155688 Bytes  2007-04-16 13:16:24
AVPACK32.DLL : 7.3.0.15     360488 Bytes  2007-08-03 08:46:00
AVREG.DLL    : 7.0.1.6       30760 Bytes  2007-07-18 07:17:06
AVARKT.DLL   : 1.0.0.20     278568 Bytes  2007-08-28 12:26:33
AVEVTLOG.DLL : 7.0.0.20      86056 Bytes  2007-07-18 07:10:18
NETNT.DLL    : 7.0.0.0        7720 Bytes  2007-03-08 11:09:42
RCIMAGE.DLL  : 7.0.1.30    2342952 Bytes  2007-08-07 12:38:13
RCTEXT.DLL   : 7.0.62.0      86056 Bytes  2007-08-21 12:50:37
SQLITE3.DLL  : 3.3.17.1     339968 Bytes  2007-07-23 09:37:21

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: E:, 
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high

Start of the scan: 2008-04-09  20:43

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'userinit.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
      [NOTE]      No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
      [NOTE]      No virus was found!
Boot sector 'D:\'
      [NOTE]      No virus was found!
Boot sector 'A:\'
      [NOTE]      In the drive 'A:\' no data medium is inserted!

Starting to scan the registry.
The registry was scanned ( '27' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
      [WARNING]   The file could not be opened!
C:\Documents and Settings\Sofiane\Local Settings\Temp\Av-test.#xt
      [DETECTION] Contains code of the Eicar-Test-Signature virus
      [INFO]      The file was deleted!
Begin scan in 'D:\'
Begin scan in 'A:\'
Search path A:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'E:\'
Search path E:\ could not be opened!
Le périphérique n'est pas prêt.



End of the scan: 2008-04-09  21:09
Used time: 26:44 min

The scan has been done completely.

   2629 Scanning directories
 100544 Files were scanned
      1 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      1 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      1 Files cannot be scanned
 100543 Files not concerned
   1687 Archives were scanned
      1 Warnings
      0 Notes

g!rly · Answer

ok cool 

comment ca va de ton coté ?

@+

Gstr. · Answer

çava mon ordi ralenti moins, merci de ton aide.

g!rly · Answer

ok 

post un dernier hijack this stp

@´+

Gstr. · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:28, on 2008-04-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\FixCamera.exe
C:\WINDOWS	snp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Kit ADSL\Wizard\Agent_WiFi.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://lstard.stormcorp.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\vmntoolbar\vmntoolbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\vmntoolbar\vmntoolbar.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS	snp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [TVAgent WiFi] C:\Program Files\Kit ADSL\Wizard\Agent_WiFi.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User 'Default user')
O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b6e4110cc42a478ba9e04ab848ece780
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b6e4110cc42a478ba9e04ab848ece780
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{27A519F5-D9E1-4EBF-BF75-43B4CD217688}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{27A519F5-D9E1-4EBF-BF75-43B4CD217688}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{27A519F5-D9E1-4EBF-BF75-43B4CD217688}: NameServer = 192.168.1.1
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

g!rly · Answer

re,

meme si tu surf avec firefox met ie a jour :

internet explorer 6.0 = failles de securitées importantes

alors fais les mises a jour windows : tu veux la version 7.0 

https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70

regarde ce tutorial pour mettre ta console java a jour :
 
https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/

a l´aide de hijack this coche et fix les lignes suivantes :

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab 

instale :

un vrai par feu :

Comodo 3 pro :

http://www.commentcamarche.net/telecharger/telecharger 34055041 comodo firewall pro

tuto : https://www.malekal.com/tutorial-comodo-firewall/

ou

Online armor :

http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall

tuto : https://www.malekal.com/tutorial-online-armor-free/

ps : desactive le tea timer de spybot > hips > car on line armor ou comodo en dispose d´un aussi 

puis bonus :

anti spyware :

spywareblaster :

http://www.brightfort.com/spywareblaster.html

c´est un resident, il suffit de le mettre a jour de temps en temps car la version gratuite ne le fait pas toute seul , une fois installé et mis a jour tu mets toutes les protections sur "enable"

tuto : https://www.malekal.com/tutorial-spywareblaster/

spyware gard :

https://www.zebulon.fr/dossiers/securite/47-spywareguard.html

@+

Gstr · Answer

J'ai des trojans dans c:/System Volume Imformation/_restore (TR/Dldr.Swizzor.gen ect...) je les ai mis en quarantaine avec malwarebytes mais il revienne

g!rly · Answer

...

Des virus!

33 réponses

Discussions similaires