TR/Dldr.PurityScan.FKRésolu/Fermé

Question

Bonjour,
j ai une ami qui a un versa c200 qui etait infecter par enormement de virus je lui ai mis antivir et j ai reussit a a enlever la plupart m en reste un le TR/Dldr.PurityScan.FK.
j ai mis spybot et j ai reparer les erreurs ainsi que ccleaner
en faisant ctrl alt sup j arrive a arreter le processus mais je n arrive pas a l effacer de l endroit ou il se situe, le trouve pas
j ai bien entendu desactiver la restauration du systeme et j ai afficher les fichiers cacher ainsi que decocher masquer les extensions des fichiers dont le type est connu ainsi que masquer les fichiers du systeme d exploitation
je ne peut bien sur pas formater car le lecteur interne est casser, et je n arrive pas a le faire booter sur un lecteur externe(rien trouver dans le bios).
en gros j ai des fenetre ie qui s ouvres seules alors que j uttilise mozzilla et j ai le mess d erreurs msconfig a rencontrer une erreur et doit fermer

je vous joins le log de hijack si vous pouvez me dire koi fixer 
merci

 Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:10, on 11/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\NMSAccessU.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\STDSB.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\icon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whynotsearchhere.com/start.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1766989A-510F-2CAA-0266-5D00B9BB8ECE} - (no file)
O2 - BHO: (no name) - {23F0A429-DB9E-41FC-8511-1F531096CB0D} - (no file)
O2 - BHO: (no name) - {2860C741-8F63-45DA-B029-2B4B148AC499} - (no file)
O2 - BHO: (no name) - {336D6BAD-0171-4506-BAB2-7166B7961658} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A123CA27-1F96-489A-A590-02345BF66B52} - (no file)
O2 - BHO: DbarBHO - {CC11617C-259E-429c-9063-7D70B8355EBD} - C:\Program Files\dbar\Deskbar.dll
O2 - BHO: 0 - {DEB44A43-7F2B-4932-1F97-C411523C075B} - (no file)
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\STDSB.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [icon] C:\WINDOWS\system32\icon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Lavxnezd] C:\WINDOWS\??pPatch\m?config.exe
O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: byxxust - byxxust.dll (file missing)
O20 - Winlogon Notify: olfgqcil - olfgqcil.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Fichiers communs\NMSAccessU.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe

jlpjlp · Answer

slt,



Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

_________

recolle un hijackthis et un rapport antivir

lankhmar · Answer

bon voila ComboFix 08-04-10.9 - princess 2008-04-11 16:53:23.1 - NTFSx86 Endroit: C:\Documents and Settings\princess\Bureau\Combo-Fix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\princess\Application Data\SKS~1 C:\Documents and Settings\princess\Application Data\SKS~1\??sks\ C:\Program Files\outerinfo C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\Temp\isgTi19 C:\Temp\isgTi19\lPig.log C:\WINDOWS\cookies.ini C:\WINDOWS\ppatch~1 C:\WINDOWS\ppatch~1\m?config.exe C:\WINDOWS\pskt.ini C:\WINDOWS\system32\dp1 C:\WINDOWS\system32\edqpvpti.ini C:\WINDOWS\system32\euouxwij.dllbox C:\WINDOWS\system32\feq9 C:\WINDOWS\system32\gtkfjybt.ini C:\WINDOWS\system32\iuvgrugj.ini C:\WINDOWS\system32\jhwmsete.ini C:\WINDOWS\system32\lbgsmabj.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32 Gpxx01 C:\WINDOWS\system32 qrqr.ini C:\WINDOWS\system32 qrqr.ini2 C:\WINDOWS\system32\O13 C:\WINDOWS\system32\O13\CT\Icon.exe C:\WINDOWS\system32\O13\CT\MXKEYBD.DLL C:\WINDOWS\system32\O13\CT\Same.exe C:\WINDOWS\system32\O13\CT\SETUP.exe C:\WINDOWS\system32\O13\CT\STDSB.exe C:\WINDOWS\system32\O13\CT\STDSB.inf C:\WINDOWS\system32\O13\CT\STDSB.sys C:\WINDOWS\system32\O13\CT\UN4SB.bat C:\WINDOWS\system32\O13\CT\UNSTDSB.exe C:\WINDOWS\system32\O13\CT\WinIo.dll C:\WINDOWS\system32\O13\CT\WinIo.sys C:\WINDOWS\system32\O13\CT\wireless.exe C:\WINDOWS\system32\O13\CT\WL.exe C:\WINDOWS\system32\O13\Pictures\CG13.ico C:\WINDOWS\system32\O13\Pictures\CG13.jpg C:\WINDOWS\system32\O13\Pictures\Oeminfo.ini C:\WINDOWS\system32\O13\Pictures\oemlogo.bmp C:\WINDOWS\system32\O13\Pictures\oemlogo.jpg C:\WINDOWS\system32\O13\Pictures\wallpaper_O13.bmp C:\WINDOWS\system32\olfgqcil.dllbox C:\WINDOWS\system32\oveahiti.ini C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\povufvgp.ini C:\WINDOWS\system32 rgfeqdp.ini C:\WINDOWS\system32\ucdnprlk.ini C:\WINDOWS\system32\vdjxlrim.ini C:\WINDOWS\system32\whptafqs.dllbox C:\WINDOWS\system32\winio.dll C:\WINDOWS\system32\wl.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CMDSERVICE -------\Legacy_NETWORK_MONITOR ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-11 to 2008-04-11 )))))))))))))))))))))))))))))))))))) . 2008-04-11 16:51 . 2008-04-11 16:51 d-------- C:\ComboFix 2008-04-11 15:05 . 2008-04-11 15:05 d-------- C:\Program Files\Trend Micro 2008-04-11 14:53 . 2008-04-11 14:53 1,160 --a------ C:\WINDOWS\mozver.dat 2008-04-10 18:46 . 2008-04-10 18:47 254 --a------ C:\WINDOWS\wininit.ini 2008-04-10 17:18 . 2008-04-10 17:19 d-------- C:\Program Files\Spybot - Search & Destroy 2008-04-10 17:18 . 2008-04-10 18:48 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-04-09 14:25 . 2008-04-09 14:25 268 --ah----- C:\sqmdata10.sqm 2008-04-09 14:25 . 2008-04-09 14:25 244 --ah----- C:\sqmnoopt10.sqm 2008-04-09 12:33 . 2008-04-09 12:33 268 --ah----- C:\sqmdata09.sqm 2008-04-09 12:33 . 2008-04-09 12:33 244 --ah----- C:\sqmnoopt09.sqm 2008-04-09 11:50 . 2008-04-09 11:50 d-------- C:\Program Files\CCleaner 2008-04-09 11:40 . 2008-04-09 11:40 268 --ah----- C:\sqmdata08.sqm 2008-04-09 11:40 . 2008-04-09 11:40 244 --ah----- C:\sqmnoopt08.sqm 2008-04-08 15:44 . 2008-04-08 15:44 0 --a------ C:\WINDOWS sreg.dat 2008-04-08 15:36 . 2008-04-08 15:36 d-------- C:\Program Files\Avira 2008-04-08 15:36 . 2008-04-08 15:36 d-------- C:\Documents and Settings\All Users\Application Data\Avira . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-11 15:02 --------- d-----w C:\Program Files\Wanadoo 2008-04-11 11:22 --------- d-----w C:\Program Files\winvi 2008-04-08 13:50 --------- d-----w C:\Program Files\vanBasco's Karaoke Player 2008-04-08 13:49 --------- d-----w C:\Program Files\DivX 2008-04-08 13:49 --------- d-----w C:\Program Files\dbar 2008-04-08 13:37 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2008-02-29 21:08 --------- d-----w C:\Documents and Settings\princess\Application Data\Deskbar_{62BA27D2-410F-42cf-BA17-827DE2C001B8} 2008-02-25 19:43 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-18 08:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2008-02-18 08:05 --------- d-----w C:\Program Files\StarOffice7 2007-01-25 01:52 65,536 ----a-w C:\Program Files\Fichiers communs\NMSAccessU.exe 2005-07-29 15:24 472 -csha-r C:\WINDOWS\Q29uc2VpbCBH6W7pcmFsIGRlcyBCRFI\kZ6RwZpDvF1JdqeDwAIPK3l5wV1FlIK.vbs . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC11617C-259E-429c-9063-7D70B8355EBD}] 2007-11-14 15:36 1486848 --a------ C:\Program Files\dbar\Deskbar.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 15:50 122880] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360] "Lavxnezd"="C:\WINDOWS\??pPatch\m?config.exe" [ ] "WebSUpdater"="C:\Program Files\winvi\wupda.exe" [2008-02-28 01:55 198185] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "STDSB"="C:\WINDOWS\system32\STDSB.exe" [2002-02-27 19:30 28672] "SoundMan"="SOUNDMAN.EXE" [2003-01-07 17:09 46592 C:\WINDOWS\soundman.exe] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2002-10-25 17:21 126976] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2002-10-25 17:20 561152] "icon"="C:\WINDOWS\system32\icon.exe" [2003-08-18 15:56 204800] "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49 20480] "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 32768] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-18 14:08 98304] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-20 01:10 110592 C:\WINDOWS\system32\bthprops.cpl] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" [2006-05-17 16:02 180269] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-08 19:35 249896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360] "ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\byxxust] byxxust.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\olfgqcil] olfgqcil.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=MsgPlusLoader.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3] --a------ 2007-06-27 13:01 190024 C:\Program Files\MessengerPlus! 3\MsgPlus.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-05-18 14:08 98304 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WL] C:\WINDOWS\system32\WL.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\Program Files\Messenger\msmsgs.exe"= "C:\Program Files\MSN Messenger\msnmsgr.exe"= "C:\Program Files\MSN Messenger\livecall.exe"= "C:\Program Files\uTorrent\utorrent.exe"= "C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"= "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 R2 MTC0003_STDSB;Scroll Bar Driver;C:\WINDOWS\system32\STDSB.sys [2002-07-12 13:41] R2 NMSAccessU;NMSAccessU;C:\Program Files\Fichiers communs\NMSAccessU.exe [2007-01-25 03:52] R3 ENE;ENE;C:\WINDOWS\system32\DRIVERS\EMCR7SK.sys [2002-12-23 09:47] R3 wlags48d;Agere Wireless PCCard Service;C:\WINDOWS\system32\DRIVERS\wlags48d.sys [2003-07-07 06:24] S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2005-07-13 16:37] S3 SNDM360;Philips FunCam;C:\WINDOWS\system32\DRIVERS\sndm360.sys [2003-12-08 19:35] S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [] *Newly Created Service* - ZDPNDIS5 . ************************************************************************** catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-11 17:00:43 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\FTRTSVC.exe C:\WINDOWS\system32 undll32.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe . ************************************************************************** . Temps d'accomplissement: 2008-04-11 17:06:12 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-11 15:05:54 Pre-Run: 25,474,080,768 octets libres Post-Run: 25,389,268,992 octets libres . 2008-04-09 17:32:39 --- E O F ---

jlpjlp · Answer

recolle un hijackthis et un antivir

a plus

lankhmar · Answer

bonjour

bn apres combo fix j ai eu un autre virus detecter par antivir qui n ai plus revenu apres le scan
sinon maintenant j ai un message d erreur concernant icon.exe qui dit qu il ne retrouve pas winio.dll, je crois que ca viens du port parrallele j ai trouver un site ou je peut la telecharger apres je doit la placer dans c/windows:system32?

voila mon rapport hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:10, on 2008-04-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\NMSAccessU.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\STDSB.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whynotsearchhere.com/start.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DbarBHO - {CC11617C-259E-429c-9063-7D70B8355EBD} - C:\Program Files\dbar\Deskbar.dll
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\STDSB.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [icon] C:\WINDOWS\system32\icon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: byxxust - byxxust.dll (file missing)
O20 - Winlogon Notify: olfgqcil - olfgqcil.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Fichiers communs\NMSAccessU.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe

jlpjlp · Answer

ok



Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked". 


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whynotsearchhere.com/start.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: DbarBHO - {CC11617C-259E-429c-9063-7D70B8355EBD} - C:\Program Files\dbar\Deskbar.dll

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O20 - Winlogon Notify: byxxust - byxxust.dll (file missing)
O20 - Winlogon Notify: olfgqcil - olfgqcil.dll (file missing)


__________________



pour fusionner:

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif


_____________________




Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :






File::
C:\Program Files\dbar\Deskbar.dll
C:\WINDOWS\??pPatch\m?config.exe
C:\Program Files\winvi\wupda.exe





Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\byxxust]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\olfgqcil]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC11617C-259E-429c-9063-7D70B8355EBD}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lavxnezd"=-  
"WebSUpdater"=-



Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


_________________

colle un rapport antivir
_________________

si ton pb  winio.dll persiste, telecharge et mets le dans sytem 32

http://www.dlldll.com/winio.dll_download.html

lankhmar · Answer

re rapport combofix ComboFix 08-04-10.9 - princess 2008-04-12 18:16:10.4 - NTFSx86 Endroit: C:\Documents and Settings\princess\Bureau\Combo-Fix.exe Command switches used :: C:\Documents and Settings\princess\Bureau\CFscript.txt * Création d'un nouveau point de restauration FILE :: C:\Program Files\dbar\deskbar.dll C:\Program Files\dbar\Deskbar.dll C:\Program Files\winvi\wupda.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\dbar\deskbar.dll C:\Program Files\winvi\wupda.exe . ((((((((((((((((((((((((((((( Fichiers créés 2008-03-12 to 2008-04-12 )))))))))))))))))))))))))))))))))))) . 2008-04-11 16:51 . 2008-04-11 16:51 d-------- C:\ComboFix 2008-04-11 15:05 . 2008-04-11 15:05 d-------- C:\Program Files\Trend Micro 2008-04-11 14:53 . 2008-04-11 14:53 1,160 --a------ C:\WINDOWS\mozver.dat 2008-04-10 18:46 . 2008-04-10 18:47 254 --a------ C:\WINDOWS\wininit.ini 2008-04-10 17:18 . 2008-04-10 17:19 d-------- C:\Program Files\Spybot - Search & Destroy 2008-04-10 17:18 . 2008-04-10 18:48 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-04-09 14:25 . 2008-04-09 14:25 268 --ah----- C:\sqmdata10.sqm 2008-04-09 14:25 . 2008-04-09 14:25 244 --ah----- C:\sqmnoopt10.sqm 2008-04-09 12:33 . 2008-04-09 12:33 268 --ah----- C:\sqmdata09.sqm 2008-04-09 12:33 . 2008-04-09 12:33 244 --ah----- C:\sqmnoopt09.sqm 2008-04-09 11:50 . 2008-04-09 11:50 d-------- C:\Program Files\CCleaner 2008-04-09 11:40 . 2008-04-09 11:40 268 --ah----- C:\sqmdata08.sqm 2008-04-09 11:40 . 2008-04-09 11:40 244 --ah----- C:\sqmnoopt08.sqm 2008-04-08 15:44 . 2008-04-08 15:44 0 --a------ C:\WINDOWS sreg.dat 2008-04-08 15:36 . 2008-04-08 15:36 d-------- C:\Program Files\Avira 2008-04-08 15:36 . 2008-04-08 15:36 d-------- C:\Documents and Settings\All Users\Application Data\Avira . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-12 16:16 --------- d-----w C:\Program Files\winvi 2008-04-12 16:16 --------- d-----w C:\Program Files\dbar 2008-04-12 12:11 --------- d-----w C:\Program Files\Wanadoo 2008-04-08 13:50 --------- d-----w C:\Program Files\vanBasco's Karaoke Player 2008-04-08 13:49 --------- d-----w C:\Program Files\DivX 2008-04-08 13:37 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys 2008-03-01 16:28 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-02-29 21:08 --------- d-----w C:\Documents and Settings\princess\Application Data\Deskbar_{62BA27D2-410F-42cf-BA17-827DE2C001B8} 2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-02-25 19:43 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll 2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll 2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-02-18 08:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft 2008-02-18 08:05 --------- d-----w C:\Program Files\StarOffice7 2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll 2007-01-25 01:52 65,536 ----a-w C:\Program Files\Fichiers communs\NMSAccessU.exe 2005-07-29 15:24 472 -csha-r C:\WINDOWS\Q29uc2VpbCBH6W7pcmFsIGRlcyBCRFI\kZ6RwZpDvF1JdqeDwAIPK3l5wV1FlIK.vbs . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 15:50 122880] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "STDSB"="C:\WINDOWS\system32\STDSB.exe" [2002-02-27 19:30 28672] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2002-10-25 17:21 126976] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2002-10-25 17:20 561152] "icon"="C:\WINDOWS\system32\icon.exe" [2003-08-18 15:56 204800] "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49 20480] "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 32768] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-18 14:08 98304] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-20 01:10 110592 C:\WINDOWS\system32\bthprops.cpl] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" [2006-05-17 16:02 180269] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-08 19:35 249896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360] "ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe [2007-06-02 13:16:53 835584] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\byxxust] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\olfgqcil] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=MsgPlusLoader.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3] --a------ 2007-06-27 13:01 190024 C:\Program Files\MessengerPlus! 3\MsgPlus.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-05-18 14:08 98304 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WL] C:\WINDOWS\system32\WL.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\Program Files\Messenger\msmsgs.exe"= "C:\Program Files\MSN Messenger\msnmsgr.exe"= "C:\Program Files\MSN Messenger\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 R2 MTC0003_STDSB;Scroll Bar Driver;C:\WINDOWS\system32\STDSB.sys [2002-07-12 13:41] R2 NMSAccessU;NMSAccessU;C:\Program Files\Fichiers communs\NMSAccessU.exe [2007-01-25 03:52] R3 ENE;ENE;C:\WINDOWS\system32\DRIVERS\EMCR7SK.sys [2002-12-23 09:47] R3 wlags48d;Agere Wireless PCCard Service;C:\WINDOWS\system32\DRIVERS\wlags48d.sys [2003-07-07 06:24] S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2005-07-13 16:37] S3 SNDM360;Philips FunCam;C:\WINDOWS\system32\DRIVERS\sndm360.sys [2003-12-08 19:35] S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [] . ************************************************************************** catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-12 18:18:55 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-04-12 18:20:16 ComboFix-quarantined-files.txt 2008-04-12 16:19:45 ComboFix2.txt 2008-04-11 15:06:14 Pre-Run: 25,377,763,328 octets libres Post-Run: 25,361,240,064 octets libres . 2008-04-09 17:32:39 --- E O F --- et hijack Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:24, on 12/04/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Fichiers communs\NMSAccessU.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\STDSB.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\STDSB.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [icon] C:\WINDOWS\system32\icon.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" -osboot O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM= O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ? O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O20 - Winlogon Notify: byxxust - C:\WINDOWS\ O20 - Winlogon Notify: olfgqcil - C:\WINDOWS\ O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Fichiers communs\NMSAccessU.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

jlpjlp · Answer

analyse ce fichier sur virus total et colle le rapport:
https://www.virustotal.com/gui/


C:\WINDOWS\system32\icon.exe 




encore des soucis????????,

lankhmar · Answer

bonjour


rapport pour icon .exe
  Fichier Icon.exe reçu le 2008.04.14 14:53:23 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 0/32 (0%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 1.
L'heure estimée de démarrage est entre 38 et 55 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Formaté
Impression des résultats Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email: 	
	
Antivirus 	Version 	Dernière mise à jour 	Résultat
AhnLab-V3	2008.4.12.0	2008.04.14	-
AntiVir	7.6.0.85	2008.04.14	-
Authentium	4.93.8	2008.04.13	-
Avast	4.8.1169.0	2008.04.14	-
AVG	7.5.0.516	2008.04.14	-
BitDefender	7.2	2008.04.14	-
CAT-QuickHeal	9.50	2008.04.12	-
ClamAV	0.92.1	2008.04.14	-
DrWeb	4.44.0.09170	2008.04.14	-
eSafe	7.0.15.0	2008.04.09	-
eTrust-Vet	31.3.5697	2008.04.14	-
Ewido	4.0	2008.04.14	-
F-Prot	4.4.2.54	2008.04.14	-
F-Secure	6.70.13260.0	2008.04.14	-
FileAdvisor	1	2008.04.14	-
Fortinet	3.14.0.0	2008.04.14	-
Ikarus	T3.1.1.26	2008.04.14	-
Kaspersky	7.0.0.125	2008.04.14	-
McAfee	5272	2008.04.11	-
Microsoft	1.3408	2008.04.14	-
NOD32v2	3024	2008.04.14	-
Norman	5.80.02	2008.04.12	-
Panda	9.0.0.4	2008.04.13	-
Prevx1	V2	2008.04.14	-
Rising	20.39.62.00	2008.04.13	-
Sophos	4.28.0	2008.04.14	-
Sunbelt	3.0.1041.0	2008.04.12	-
Symantec	10	2008.04.14	-
TheHacker	6.2.92.276	2008.04.12	-
VBA32	3.12.6.4	2008.04.14	-
VirusBuster	4.3.26:9	2008.04.13	-
Webwasher-Gateway	6.6.2	2008.04.14	-
Information additionnelle
File size: 204800 bytes
MD5...: 5db3adb2396042588d1df8bb01fad85a
SHA1..: f4d6b410a9e3402e13c1f4b6ae9437a90a0edc32
SHA256: ec29167e9fb58f548bc185faa8747594e96c188cf763134ef7b1b62960b6a37d
SHA512: dfbe95af5ac37c0e55a775442ff021815da47136a5e4481600b86847b671b7c4
5b11921e350002d05552fffaf8ad155d526d92eb0ab271b83964496de1476768
PEiD..: Armadillo v1.71
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x409dd7
timedatestamp.....: 0x3f40a2d8 (Mon Aug 18 09:56:40 2003)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2178b 0x22000 6.55 1b464187a58643051045351d0bf9317a
.rdata 0x23000 0x8986 0x9000 4.65 11035bfd9694b983e359485a4fc2cbb6
.data 0x2c000 0x63c8 0x3000 3.17 18856ae8a38f377e00cf3257385e7aa5
.rsrc 0x33000 0x29b8 0x3000 4.28 da29f7a7f37db0d7a7274624b4a3fa1d

( 13 imports )
> WINIO.dll: ShutdownWinIo, InitializeWinIo, GetPortVal, SetPortVal
> KERNEL32.dll: RtlUnwind, ExitProcess, GetStartupInfoA, TerminateProcess, RaiseException, HeapAlloc, GetCommandLineA, GetTickCount, FormatMessageA, SetStdHandle, GetFileType, HeapFree, HeapReAlloc, GetACP, GetTimeZoneInformation, UnhandledExceptionFilter, FreeEnvironmentStringsA, HeapSize, SetHandleCount, GetStdHandle, HeapDestroy, HeapCreate, VirtualFree, SetUnhandledExceptionFilter, GetCurrentProcess, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, IsBadReadPtr, IsBadCodePtr, FileTimeToLocalFileTime, CompareStringA, CompareStringW, SetEnvironmentVariableA, FileTimeToSystemTime, SetErrorMode, GetFileTime, GetFileSize, GetFileAttributesA, GetThreadLocale, GetFullPathNameA, GetVolumeInformationA, FindFirstFileA, FindClose, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, CreateFileA, GetEnvironmentStringsW, DuplicateHandle, FindResourceA, LoadResource, LockResource, GetVersion, lstrcatA, GetCurrentThreadId, GlobalGetAtomNameA, lstrcmpiA, GlobalAddAtomA, GlobalFindAtomA, GlobalDeleteAtom, lstrcpyA, GetModuleHandleA, GetProcAddress, WinExec, SizeofResource, WritePrivateProfileStringA, GetOEMCP, GetCPInfo, GetProcessVersion, GlobalFlags, TlsGetValue, LocalReAlloc, TlsSetValue, EnterCriticalSection, GlobalReAlloc, LeaveCriticalSection, TlsFree, GlobalHandle, DeleteCriticalSection, TlsAlloc, InitializeCriticalSection, LocalFree, LocalAlloc, lstrcpynA, GetLastError, MulDiv, SetLastError, MultiByteToWideChar, WideCharToMultiByte, InterlockedDecrement, InterlockedIncrement, lstrlenA, GlobalUnlock, GlobalFree, CloseHandle, GetModuleFileNameA, GlobalLock, GlobalAlloc, lstrcmpA, GetCurrentThread, LoadLibraryA, FreeLibrary, VirtualAlloc, IsBadWritePtr, FreeEnvironmentStringsW, GetEnvironmentStrings, GetProfileStringA
> USER32.dll: CharUpperA, CharNextA, CopyAcceleratorTableA, SetRect, GetNextDlgGroupItem, MessageBeep, InvalidateRect, InflateRect, RegisterClipboardFormatA, PostThreadMessageA, GetDesktopWindow, PtInRect, GetClassNameA, GrayStringA, DrawTextA, TabbedTextOutA, EndPaint, BeginPaint, GetWindowDC, ReleaseDC, GetDC, ClientToScreen, DestroyMenu, LoadStringA, MapDialogRect, SetWindowContextHelpId, EndDialog, CreateDialogIndirectParamA, GetMessageA, TranslateMessage, GetActiveWindow, ValidateRect, GetCursorPos, SetCursor, PostQuitMessage, LoadBitmapA, GetMenuState, ModifyMenuA, SetMenuItemBitmaps, CheckMenuItem, EnableMenuItem, GetNextDlgTabItem, IsWindowEnabled, ShowWindow, IsDialogMessageA, PostMessageA, UpdateWindow, SendDlgItemMessageA, MapWindowPoints, GetSysColor, LoadCursorA, DispatchMessageA, SetActiveWindow, IsWindow, SetFocus, AdjustWindowRectEx, ScreenToClient, CopyRect, IsWindowVisible, GetTopWindow, MessageBoxA, IsChild, GetParent, GetCapture, WinHelpA, wsprintfA, GetClassInfoA, RegisterClassA, GetMenu, GetMenuItemCount, GetSubMenu, GetMenuItemID, GetDlgItem, GetWindowTextLengthA, GetWindowTextA, GetDlgCtrlID, GetKeyState, DefWindowProcA, DestroyWindow, CreateWindowExA, SetWindowsHookExA, CallNextHookEx, GetClassLongA, SetPropA, UnhookWindowsHookEx, GetSysColorBrush, SetWindowTextA, MoveWindow, PeekMessageA, GetPropA, CallWindowProcA, RemovePropA, GetMessageTime, GetMessagePos, GetLastActivePopup, GetForegroundWindow, SetForegroundWindow, GetWindow, GetWindowLongA, SetWindowLongA, SetWindowPos, RegisterWindowMessageA, OffsetRect, IntersectRect, SystemParametersInfoA, GetWindowPlacement, GetWindowRect, IsIconic, GetSystemMetrics, GetClientRect, DrawIcon, SetTimer, GetSystemMenu, AppendMenuA, SendMessageA, LoadIconA, EnableWindow, RegisterHotKey, UnregisterHotKey, GetFocus, GetMenuCheckMarkDimensions, HideCaret, ShowCaret, ExcludeUpdateRgn, DrawFocusRect, DefDlgProcA, IsWindowUnicode, UnregisterClassA
> GDI32.dll: BitBlt, GetTextExtentPointA, CreateCompatibleDC, CreateDIBitmap, DeleteObject, GetDeviceCaps, GetViewportExtEx, GetWindowExtEx, CreateSolidBrush, PtVisible, RectVisible, TextOutA, ExtTextOutA, Escape, GetTextColor, GetBkColor, DPtoLP, LPtoDP, GetMapMode, PatBlt, IntersectClipRect, ScaleWindowExtEx, SetWindowExtEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SetMapMode, SetBkMode, GetStockObject, SelectObject, RestoreDC, SaveDC, DeleteDC, CreateBitmap, GetObjectA, SetBkColor, SetTextColor, GetClipBox
> comdlg32.dll: GetFileTitleA
> WINSPOOL.DRV: OpenPrinterA, DocumentPropertiesA, ClosePrinter
> ADVAPI32.dll: RegSetValueExA, RegCloseKey, RegCreateKeyExA, RegOpenKeyExA
> SHELL32.dll: Shell_NotifyIconA
> COMCTL32.dll: -
> oledlg.dll: -
> ole32.dll: CoFreeUnusedLibraries, OleInitialize, OleUninitialize, CoGetClassObject, CLSIDFromString, CLSIDFromProgID, StgCreateDocfileOnILockBytes, CoRegisterMessageFilter, StgOpenStorageOnILockBytes, CoRevokeClassObject, OleIsCurrentClipboard, OleFlushClipboard, CoTaskMemAlloc, CoTaskMemFree, CreateILockBytesOnHGlobal
> OLEPRO32.DLL: -
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -

( 0 exports )

jlpjlp · Answer

ok rin

encore des soucis

lankhmar · Answer

encore des soucis rapport a icon.exe ?

te colle un rapport antivir il ne detecte plus aucun virus

AntiVir PersonalEdition Classic
Report file date: lundi 14 avril 2008  18:31

Scanning for 1200071 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (Service Pack 2)  [5.1.2600]
Username:         SYSTEM
Computer name:    PC-000000000

Version information:
BUILD.DAT    : 270           15603 Bytes  19/09/2007 13:32:00
AVSCAN.EXE   : 7.0.6.1      290856 Bytes  23/08/2007 12:16:29
AVSCAN.DLL   : 7.0.6.0       49192 Bytes  16/08/2007 11:23:51
LUKE.DLL     : 7.0.5.3      147496 Bytes  14/08/2007 14:32:47
LUKERES.DLL  : 7.0.6.1       10280 Bytes  21/08/2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0    11030528 Bytes  18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.3.2     5447168 Bytes  07/03/2008 17:35:07
ANTIVIR2.VDF : 7.0.3.156    795136 Bytes  11/04/2008 12:16:42
ANTIVIR3.VDF : 7.0.3.161     79360 Bytes  14/04/2008 12:36:16
AVEWIN32.DLL : 7.6.0.85    3461632 Bytes  12/04/2008 12:16:43
AVWINLL.DLL  : 1.0.0.7       14376 Bytes  26/02/2007 09:36:26
AVPREF.DLL   : 7.0.2.2       25640 Bytes  18/07/2007 06:39:17
AVREP.DLL    : 7.0.0.1      155688 Bytes  16/04/2007 12:16:24
AVPACK32.DLL : 7.6.0.3      360488 Bytes  08/04/2008 17:35:09
AVREG.DLL    : 7.0.1.6       30760 Bytes  18/07/2007 06:17:06
AVARKT.DLL   : 1.0.0.20     278568 Bytes  28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20      86056 Bytes  18/07/2007 06:10:18
NETNT.DLL    : 7.0.0.0        7720 Bytes  08/03/2007 10:09:42
RCIMAGE.DLL  : 7.0.1.30    2342952 Bytes  07/08/2007 11:38:13
RCTEXT.DLL   : 7.0.62.0      86056 Bytes  21/08/2007 11:50:37
SQLITE3.DLL  : 3.3.17.1     339968 Bytes  23/07/2007 08:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, 
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high

Start of the scan: lundi 14 avril 2008  18:31

Starting search for hidden objects.
'46413' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'WLANUTL.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'Icon.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
Scan process 'STDSB.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'slserv.exe' - '1' Module(s) have been scanned
Scan process 'NMSAccessU.exe' - '1' Module(s) have been scanned
Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
35 processes with 35 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
      [NOTE]      No virus was found!
Master boot sector HD1
      [NOTE]      No virus was found!
      [WARNING]   The boot sector file could not be read!
      [WARNING]   Error code: 0x0015

Start scanning boot sectors:
Boot sector 'C:\'
      [NOTE]      No virus was found!

Starting to scan the registry.
The registry was scanned ( '25' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
      [WARNING]   The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
      [WARNING]   The file could not be opened!


End of the scan: lundi 14 avril 2008  19:18
Used time: 47:36 min

The scan has been done completely.

   3309 Scanning directories
 189385 Files were scanned
      0 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      2 Files cannot be scanned
 189385 Files not concerned
   7210 Archives were scanned
      2 Warnings
      0 Notes
  46413 Objects were scanned with rootkit scan
      0 Hidden objects were found

jlpjlp · Answer

oui as tu encore le moindre probleme sur l'ordi

si il n'y en a pas c'est bon!

TR/Dldr.PurityScan.FK

11 réponses

Discussions similaires

Newsletters