TR/Dldr.PurityScan.FK

Résolu
lankhmar Messages postés 25 Statut Membre -  
 Lankhmar -
Bonjour,
j ai une ami qui a un versa c200 qui etait infecter par enormement de virus je lui ai mis antivir et j ai reussit a a enlever la plupart m en reste un le TR/Dldr.PurityScan.FK.
j ai mis spybot et j ai reparer les erreurs ainsi que ccleaner
en faisant ctrl alt sup j arrive a arreter le processus mais je n arrive pas a l effacer de l endroit ou il se situe, le trouve pas
j ai bien entendu desactiver la restauration du systeme et j ai afficher les fichiers cacher ainsi que decocher masquer les extensions des fichiers dont le type est connu ainsi que masquer les fichiers du systeme d exploitation
je ne peut bien sur pas formater car le lecteur interne est casser, et je n arrive pas a le faire booter sur un lecteur externe(rien trouver dans le bios).
en gros j ai des fenetre ie qui s ouvres seules alors que j uttilise mozzilla et j ai le mess d erreurs msconfig a rencontrer une erreur et doit fermer

je vous joins le log de hijack si vous pouvez me dire koi fixer
merci

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:10, on 11/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\NMSAccessU.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\STDSB.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\icon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whynotsearchhere.com/start.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1766989A-510F-2CAA-0266-5D00B9BB8ECE} - (no file)
O2 - BHO: (no name) - {23F0A429-DB9E-41FC-8511-1F531096CB0D} - (no file)
O2 - BHO: (no name) - {2860C741-8F63-45DA-B029-2B4B148AC499} - (no file)
O2 - BHO: (no name) - {336D6BAD-0171-4506-BAB2-7166B7961658} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A123CA27-1F96-489A-A590-02345BF66B52} - (no file)
O2 - BHO: DbarBHO - {CC11617C-259E-429c-9063-7D70B8355EBD} - C:\Program Files\dbar\Deskbar.dll
O2 - BHO: 0 - {DEB44A43-7F2B-4932-1F97-C411523C075B} - (no file)
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\STDSB.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [icon] C:\WINDOWS\system32\icon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Lavxnezd] C:\WINDOWS\??pPatch\m?config.exe
O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: byxxust - byxxust.dll (file missing)
O20 - Winlogon Notify: olfgqcil - olfgqcil.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Fichiers communs\NMSAccessU.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 8057 bytes
Configuration: Windows XP
Firefox 2.0.0.13

11 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !

    Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

    Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

    _________

    recolle un hijackthis et un rapport antivir
    0
  2. lankhmar
     
    bon voila

    ComboFix 08-04-10.9 - princess 2008-04-11 16:53:23.1 - NTFSx86
    Endroit: C:\Documents and Settings\princess\Bureau\Combo-Fix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\princess\Application Data\SKS~1
    C:\Documents and Settings\princess\Application Data\SKS~1\??sks\
    C:\Program Files\outerinfo
    C:\Temp\1cb
    C:\Temp\1cb\syscheck.log
    C:\Temp\isgTi19
    C:\Temp\isgTi19\lPig.log
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\ppatch~1
    C:\WINDOWS\ppatch~1\m?config.exe
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\dp1
    C:\WINDOWS\system32\edqpvpti.ini
    C:\WINDOWS\system32\euouxwij.dllbox
    C:\WINDOWS\system32\feq9
    C:\WINDOWS\system32\gtkfjybt.ini
    C:\WINDOWS\system32\iuvgrugj.ini
    C:\WINDOWS\system32\jhwmsete.ini
    C:\WINDOWS\system32\lbgsmabj.ini
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\nGpxx01
    C:\WINDOWS\system32\nqrqr.ini
    C:\WINDOWS\system32\nqrqr.ini2
    C:\WINDOWS\system32\O13
    C:\WINDOWS\system32\O13\CT\Icon.exe
    C:\WINDOWS\system32\O13\CT\MXKEYBD.DLL
    C:\WINDOWS\system32\O13\CT\Same.exe
    C:\WINDOWS\system32\O13\CT\SETUP.exe
    C:\WINDOWS\system32\O13\CT\STDSB.exe
    C:\WINDOWS\system32\O13\CT\STDSB.inf
    C:\WINDOWS\system32\O13\CT\STDSB.sys
    C:\WINDOWS\system32\O13\CT\UN4SB.bat
    C:\WINDOWS\system32\O13\CT\UNSTDSB.exe
    C:\WINDOWS\system32\O13\CT\WinIo.dll
    C:\WINDOWS\system32\O13\CT\WinIo.sys
    C:\WINDOWS\system32\O13\CT\wireless.exe
    C:\WINDOWS\system32\O13\CT\WL.exe
    C:\WINDOWS\system32\O13\Pictures\CG13.ico
    C:\WINDOWS\system32\O13\Pictures\CG13.jpg
    C:\WINDOWS\system32\O13\Pictures\Oeminfo.ini
    C:\WINDOWS\system32\O13\Pictures\oemlogo.bmp
    C:\WINDOWS\system32\O13\Pictures\oemlogo.jpg
    C:\WINDOWS\system32\O13\Pictures\wallpaper_O13.bmp
    C:\WINDOWS\system32\olfgqcil.dllbox
    C:\WINDOWS\system32\oveahiti.ini
    C:\WINDOWS\system32\pac.txt
    C:\WINDOWS\system32\povufvgp.ini
    C:\WINDOWS\system32\rrgfeqdp.ini
    C:\WINDOWS\system32\ucdnprlk.ini
    C:\WINDOWS\system32\vdjxlrim.ini
    C:\WINDOWS\system32\whptafqs.dllbox
    C:\WINDOWS\system32\winio.dll
    C:\WINDOWS\system32\wl.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_CMDSERVICE
    -------\Legacy_NETWORK_MONITOR

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-11 to 2008-04-11 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-11 16:51 . 2008-04-11 16:51 <REP> d-------- C:\ComboFix
    2008-04-11 15:05 . 2008-04-11 15:05 <REP> d-------- C:\Program Files\Trend Micro
    2008-04-11 14:53 . 2008-04-11 14:53 1,160 --a------ C:\WINDOWS\mozver.dat
    2008-04-10 18:46 . 2008-04-10 18:47 254 --a------ C:\WINDOWS\wininit.ini
    2008-04-10 17:18 . 2008-04-10 17:19 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-04-10 17:18 . 2008-04-10 18:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-09 14:25 . 2008-04-09 14:25 268 --ah----- C:\sqmdata10.sqm
    2008-04-09 14:25 . 2008-04-09 14:25 244 --ah----- C:\sqmnoopt10.sqm
    2008-04-09 12:33 . 2008-04-09 12:33 268 --ah----- C:\sqmdata09.sqm
    2008-04-09 12:33 . 2008-04-09 12:33 244 --ah----- C:\sqmnoopt09.sqm
    2008-04-09 11:50 . 2008-04-09 11:50 <REP> d-------- C:\Program Files\CCleaner
    2008-04-09 11:40 . 2008-04-09 11:40 268 --ah----- C:\sqmdata08.sqm
    2008-04-09 11:40 . 2008-04-09 11:40 244 --ah----- C:\sqmnoopt08.sqm
    2008-04-08 15:44 . 2008-04-08 15:44 0 --a------ C:\WINDOWS\nsreg.dat
    2008-04-08 15:36 . 2008-04-08 15:36 <REP> d-------- C:\Program Files\Avira
    2008-04-08 15:36 . 2008-04-08 15:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-11 15:02 --------- d-----w C:\Program Files\Wanadoo
    2008-04-11 11:22 --------- d-----w C:\Program Files\winvi
    2008-04-08 13:50 --------- d-----w C:\Program Files\vanBasco's Karaoke Player
    2008-04-08 13:49 --------- d-----w C:\Program Files\DivX
    2008-04-08 13:49 --------- d-----w C:\Program Files\dbar
    2008-04-08 13:37 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2008-02-29 21:08 --------- d-----w C:\Documents and Settings\princess\Application Data\Deskbar_{62BA27D2-410F-42cf-BA17-827DE2C001B8}
    2008-02-25 19:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-18 08:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-02-18 08:05 --------- d-----w C:\Program Files\StarOffice7
    2007-01-25 01:52 65,536 ----a-w C:\Program Files\Fichiers communs\NMSAccessU.exe
    2005-07-29 15:24 472 -csha-r C:\WINDOWS\Q29uc2VpbCBH6W7pcmFsIGRlcyBCRFI\kZ6RwZpDvF1JdqeDwAIPK3l5wV1FlIK.vbs
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC11617C-259E-429c-9063-7D70B8355EBD}]
    2007-11-14 15:36 1486848 --a------ C:\Program Files\dbar\Deskbar.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 15:50 122880]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
    "Lavxnezd"="C:\WINDOWS\??pPatch\m?config.exe" [ ]
    "WebSUpdater"="C:\Program Files\winvi\wupda.exe" [2008-02-28 01:55 198185]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "STDSB"="C:\WINDOWS\system32\STDSB.exe" [2002-02-27 19:30 28672]
    "SoundMan"="SOUNDMAN.EXE" [2003-01-07 17:09 46592 C:\WINDOWS\soundman.exe]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2002-10-25 17:21 126976]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2002-10-25 17:20 561152]
    "icon"="C:\WINDOWS\system32\icon.exe" [2003-08-18 15:56 204800]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 32768]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-18 14:08 98304]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-20 01:10 110592 C:\WINDOWS\system32\bthprops.cpl]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-05-17 16:02 180269]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-08 19:35 249896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
    "ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxxust]
    byxxust.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\olfgqcil]
    olfgqcil.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=MsgPlusLoader.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
    --a------ 2007-06-27 13:01 190024 C:\Program Files\MessengerPlus! 3\MsgPlus.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    --a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2006-05-18 14:08 98304 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WL]
    C:\WINDOWS\system32\WL.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\Program Files\\uTorrent\\utorrent.exe"=
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
    "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

    R2 MTC0003_STDSB;Scroll Bar Driver;C:\WINDOWS\system32\STDSB.sys [2002-07-12 13:41]
    R2 NMSAccessU;NMSAccessU;C:\Program Files\Fichiers communs\NMSAccessU.exe [2007-01-25 03:52]
    R3 ENE;ENE;C:\WINDOWS\system32\DRIVERS\EMCR7SK.sys [2002-12-23 09:47]
    R3 wlags48d;Agere Wireless PCCard Service;C:\WINDOWS\system32\DRIVERS\wlags48d.sys [2003-07-07 06:24]
    S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2005-07-13 16:37]
    S3 SNDM360;Philips FunCam;C:\WINDOWS\system32\DRIVERS\sndm360.sys [2003-12-08 19:35]
    S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

    *Newly Created Service* - ZDPNDIS5
    .
    **************************************************************************

    catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-11 17:00:43
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\FTRTSVC.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-11 17:06:12 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-04-11 15:05:54
    Pre-Run: 25,474,080,768 octets libres
    Post-Run: 25,389,268,992 octets libres
    .
    2008-04-09 17:32:39 --- E O F ---
    0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    recolle un hijackthis et un antivir

    a plus
    0
  4. lankhmar
     
    bonjour

    bn apres combo fix j ai eu un autre virus detecter par antivir qui n ai plus revenu apres le scan
    sinon maintenant j ai un message d erreur concernant icon.exe qui dit qu il ne retrouve pas winio.dll, je crois que ca viens du port parrallele j ai trouver un site ou je peut la telecharger apres je doit la placer dans c/windows:system32?

    voila mon rapport hijack
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:10, on 2008-04-12
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Fichiers communs\NMSAccessU.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\STDSB.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whynotsearchhere.com/start.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DbarBHO - {CC11617C-259E-429c-9063-7D70B8355EBD} - C:\Program Files\dbar\Deskbar.dll
    O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\STDSB.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [icon] C:\WINDOWS\system32\icon.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
    O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O20 - Winlogon Notify: byxxust - byxxust.dll (file missing)
    O20 - Winlogon Notify: olfgqcil - olfgqcil.dll (file missing)
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Fichiers communs\NMSAccessU.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok

    Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whynotsearchhere.com/start.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    O2 - BHO: DbarBHO - {CC11617C-259E-429c-9063-7D70B8355EBD} - C:\Program Files\dbar\Deskbar.dll

    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background

    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

    O20 - Winlogon Notify: byxxust - byxxust.dll (file missing)
    O20 - Winlogon Notify: olfgqcil - olfgqcil.dll (file missing)

    __________________

    pour fusionner:

    http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

    _____________________

    Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    File::
    C:\Program Files\dbar\Deskbar.dll
    C:\WINDOWS\??pPatch\m?config.exe
    C:\Program Files\winvi\wupda.exe

    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxxust]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\olfgqcil]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC11617C-259E-429c-9063-7D70B8355EBD}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Lavxnezd"=-
    "WebSUpdater"=-

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Remets aussi un rapport Hijackthis

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    _________________

    colle un rapport antivir
    _________________

    si ton pb winio.dll persiste, telecharge et mets le dans sytem 32

    http://www.dlldll.com/winio.dll_download.html
    0
  7. lankhmar
     
    re

    rapport combofix

    ComboFix 08-04-10.9 - princess 2008-04-12 18:16:10.4 - NTFSx86
    Endroit: C:\Documents and Settings\princess\Bureau\Combo-Fix.exe
    Command switches used :: C:\Documents and Settings\princess\Bureau\CFscript.txt
    * Création d'un nouveau point de restauration

    FILE ::
    C:\Program Files\dbar\deskbar.dll
    C:\Program Files\dbar\Deskbar.dll
    C:\Program Files\winvi\wupda.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\dbar\deskbar.dll
    C:\Program Files\winvi\wupda.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-03-12 to 2008-04-12 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-11 16:51 . 2008-04-11 16:51 <REP> d-------- C:\ComboFix
    2008-04-11 15:05 . 2008-04-11 15:05 <REP> d-------- C:\Program Files\Trend Micro
    2008-04-11 14:53 . 2008-04-11 14:53 1,160 --a------ C:\WINDOWS\mozver.dat
    2008-04-10 18:46 . 2008-04-10 18:47 254 --a------ C:\WINDOWS\wininit.ini
    2008-04-10 17:18 . 2008-04-10 17:19 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-04-10 17:18 . 2008-04-10 18:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-09 14:25 . 2008-04-09 14:25 268 --ah----- C:\sqmdata10.sqm
    2008-04-09 14:25 . 2008-04-09 14:25 244 --ah----- C:\sqmnoopt10.sqm
    2008-04-09 12:33 . 2008-04-09 12:33 268 --ah----- C:\sqmdata09.sqm
    2008-04-09 12:33 . 2008-04-09 12:33 244 --ah----- C:\sqmnoopt09.sqm
    2008-04-09 11:50 . 2008-04-09 11:50 <REP> d-------- C:\Program Files\CCleaner
    2008-04-09 11:40 . 2008-04-09 11:40 268 --ah----- C:\sqmdata08.sqm
    2008-04-09 11:40 . 2008-04-09 11:40 244 --ah----- C:\sqmnoopt08.sqm
    2008-04-08 15:44 . 2008-04-08 15:44 0 --a------ C:\WINDOWS\nsreg.dat
    2008-04-08 15:36 . 2008-04-08 15:36 <REP> d-------- C:\Program Files\Avira
    2008-04-08 15:36 . 2008-04-08 15:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-12 16:16 --------- d-----w C:\Program Files\winvi
    2008-04-12 16:16 --------- d-----w C:\Program Files\dbar
    2008-04-12 12:11 --------- d-----w C:\Program Files\Wanadoo
    2008-04-08 13:50 --------- d-----w C:\Program Files\vanBasco's Karaoke Player
    2008-04-08 13:49 --------- d-----w C:\Program Files\DivX
    2008-04-08 13:37 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
    2008-03-01 16:28 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-02-29 21:08 --------- d-----w C:\Documents and Settings\princess\Application Data\Deskbar_{62BA27D2-410F-42cf-BA17-827DE2C001B8}
    2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2008-02-25 19:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
    2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
    2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
    2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
    2008-02-18 08:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-02-18 08:05 --------- d-----w C:\Program Files\StarOffice7
    2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
    2007-01-25 01:52 65,536 ----a-w C:\Program Files\Fichiers communs\NMSAccessU.exe
    2005-07-29 15:24 472 -csha-r C:\WINDOWS\Q29uc2VpbCBH6W7pcmFsIGRlcyBCRFI\kZ6RwZpDvF1JdqeDwAIPK3l5wV1FlIK.vbs
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 15:50 122880]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "STDSB"="C:\WINDOWS\system32\STDSB.exe" [2002-02-27 19:30 28672]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2002-10-25 17:21 126976]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2002-10-25 17:20 561152]
    "icon"="C:\WINDOWS\system32\icon.exe" [2003-08-18 15:56 204800]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 32768]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-18 14:08 98304]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-20 01:10 110592 C:\WINDOWS\system32\bthprops.cpl]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-05-17 16:02 180269]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-08 19:35 249896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
    "ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe [2007-06-02 13:16:53 835584]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxxust]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\olfgqcil]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=MsgPlusLoader.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
    --a------ 2007-06-27 13:01 190024 C:\Program Files\MessengerPlus! 3\MsgPlus.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    --a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2006-05-18 14:08 98304 C:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WL]
    C:\WINDOWS\system32\WL.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

    R2 MTC0003_STDSB;Scroll Bar Driver;C:\WINDOWS\system32\STDSB.sys [2002-07-12 13:41]
    R2 NMSAccessU;NMSAccessU;C:\Program Files\Fichiers communs\NMSAccessU.exe [2007-01-25 03:52]
    R3 ENE;ENE;C:\WINDOWS\system32\DRIVERS\EMCR7SK.sys [2002-12-23 09:47]
    R3 wlags48d;Agere Wireless PCCard Service;C:\WINDOWS\system32\DRIVERS\wlags48d.sys [2003-07-07 06:24]
    S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2005-07-13 16:37]
    S3 SNDM360;Philips FunCam;C:\WINDOWS\system32\DRIVERS\sndm360.sys [2003-12-08 19:35]
    S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

    .
    **************************************************************************

    catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-12 18:18:55
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-12 18:20:16
    ComboFix-quarantined-files.txt 2008-04-12 16:19:45
    ComboFix2.txt 2008-04-11 15:06:14
    Pre-Run: 25,377,763,328 octets libres
    Post-Run: 25,361,240,064 octets libres
    .
    2008-04-09 17:32:39 --- E O F ---

    et hijack

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:24, on 12/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Fichiers communs\NMSAccessU.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\STDSB.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\STDSB.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [icon] C:\WINDOWS\system32\icon.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
    O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O20 - Winlogon Notify: byxxust - C:\WINDOWS\
    O20 - Winlogon Notify: olfgqcil - C:\WINDOWS\
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Fichiers communs\NMSAccessU.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    0
  8. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    analyse ce fichier sur virus total et colle le rapport:
    https://www.virustotal.com/gui/

    C:\WINDOWS\system32\icon.exe

    encore des soucis????????,
    0
  9. lankhmar
     
    bonjour

    rapport pour icon .exe
    Fichier Icon.exe reçu le 2008.04.14 14:53:23 (CET)
    Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
    Résultat: 0/32 (0%)
    en train de charger les informations du serveur...
    Votre fichier est dans la file d'attente, en position: 1.
    L'heure estimée de démarrage est entre 38 et 55 secondes.
    Ne fermez pas la fenêtre avant la fin de l'analyse.
    L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
    Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
    Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
    les résultats seront affichés au fur et à mesure de leur génération.
    Formaté Formaté
    Impression des résultats Impression des résultats
    Votre fichier a expiré ou n'existe pas.
    Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

    Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
    Email:

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.4.12.0 2008.04.14 -
    AntiVir 7.6.0.85 2008.04.14 -
    Authentium 4.93.8 2008.04.13 -
    Avast 4.8.1169.0 2008.04.14 -
    AVG 7.5.0.516 2008.04.14 -
    BitDefender 7.2 2008.04.14 -
    CAT-QuickHeal 9.50 2008.04.12 -
    ClamAV 0.92.1 2008.04.14 -
    DrWeb 4.44.0.09170 2008.04.14 -
    eSafe 7.0.15.0 2008.04.09 -
    eTrust-Vet 31.3.5697 2008.04.14 -
    Ewido 4.0 2008.04.14 -
    F-Prot 4.4.2.54 2008.04.14 -
    F-Secure 6.70.13260.0 2008.04.14 -
    FileAdvisor 1 2008.04.14 -
    Fortinet 3.14.0.0 2008.04.14 -
    Ikarus T3.1.1.26 2008.04.14 -
    Kaspersky 7.0.0.125 2008.04.14 -
    McAfee 5272 2008.04.11 -
    Microsoft 1.3408 2008.04.14 -
    NOD32v2 3024 2008.04.14 -
    Norman 5.80.02 2008.04.12 -
    Panda 9.0.0.4 2008.04.13 -
    Prevx1 V2 2008.04.14 -
    Rising 20.39.62.00 2008.04.13 -
    Sophos 4.28.0 2008.04.14 -
    Sunbelt 3.0.1041.0 2008.04.12 -
    Symantec 10 2008.04.14 -
    TheHacker 6.2.92.276 2008.04.12 -
    VBA32 3.12.6.4 2008.04.14 -
    VirusBuster 4.3.26:9 2008.04.13 -
    Webwasher-Gateway 6.6.2 2008.04.14 -
    Information additionnelle
    File size: 204800 bytes
    MD5...: 5db3adb2396042588d1df8bb01fad85a
    SHA1..: f4d6b410a9e3402e13c1f4b6ae9437a90a0edc32
    SHA256: ec29167e9fb58f548bc185faa8747594e96c188cf763134ef7b1b62960b6a37d
    SHA512: dfbe95af5ac37c0e55a775442ff021815da47136a5e4481600b86847b671b7c4
    5b11921e350002d05552fffaf8ad155d526d92eb0ab271b83964496de1476768
    PEiD..: Armadillo v1.71
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x409dd7
    timedatestamp.....: 0x3f40a2d8 (Mon Aug 18 09:56:40 2003)
    machinetype.......: 0x14c (I386)

    ( 4 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0x2178b 0x22000 6.55 1b464187a58643051045351d0bf9317a
    .rdata 0x23000 0x8986 0x9000 4.65 11035bfd9694b983e359485a4fc2cbb6
    .data 0x2c000 0x63c8 0x3000 3.17 18856ae8a38f377e00cf3257385e7aa5
    .rsrc 0x33000 0x29b8 0x3000 4.28 da29f7a7f37db0d7a7274624b4a3fa1d

    ( 13 imports )
    > WINIO.dll: ShutdownWinIo, InitializeWinIo, GetPortVal, SetPortVal
    > KERNEL32.dll: RtlUnwind, ExitProcess, GetStartupInfoA, TerminateProcess, RaiseException, HeapAlloc, GetCommandLineA, GetTickCount, FormatMessageA, SetStdHandle, GetFileType, HeapFree, HeapReAlloc, GetACP, GetTimeZoneInformation, UnhandledExceptionFilter, FreeEnvironmentStringsA, HeapSize, SetHandleCount, GetStdHandle, HeapDestroy, HeapCreate, VirtualFree, SetUnhandledExceptionFilter, GetCurrentProcess, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, IsBadReadPtr, IsBadCodePtr, FileTimeToLocalFileTime, CompareStringA, CompareStringW, SetEnvironmentVariableA, FileTimeToSystemTime, SetErrorMode, GetFileTime, GetFileSize, GetFileAttributesA, GetThreadLocale, GetFullPathNameA, GetVolumeInformationA, FindFirstFileA, FindClose, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, CreateFileA, GetEnvironmentStringsW, DuplicateHandle, FindResourceA, LoadResource, LockResource, GetVersion, lstrcatA, GetCurrentThreadId, GlobalGetAtomNameA, lstrcmpiA, GlobalAddAtomA, GlobalFindAtomA, GlobalDeleteAtom, lstrcpyA, GetModuleHandleA, GetProcAddress, WinExec, SizeofResource, WritePrivateProfileStringA, GetOEMCP, GetCPInfo, GetProcessVersion, GlobalFlags, TlsGetValue, LocalReAlloc, TlsSetValue, EnterCriticalSection, GlobalReAlloc, LeaveCriticalSection, TlsFree, GlobalHandle, DeleteCriticalSection, TlsAlloc, InitializeCriticalSection, LocalFree, LocalAlloc, lstrcpynA, GetLastError, MulDiv, SetLastError, MultiByteToWideChar, WideCharToMultiByte, InterlockedDecrement, InterlockedIncrement, lstrlenA, GlobalUnlock, GlobalFree, CloseHandle, GetModuleFileNameA, GlobalLock, GlobalAlloc, lstrcmpA, GetCurrentThread, LoadLibraryA, FreeLibrary, VirtualAlloc, IsBadWritePtr, FreeEnvironmentStringsW, GetEnvironmentStrings, GetProfileStringA
    > USER32.dll: CharUpperA, CharNextA, CopyAcceleratorTableA, SetRect, GetNextDlgGroupItem, MessageBeep, InvalidateRect, InflateRect, RegisterClipboardFormatA, PostThreadMessageA, GetDesktopWindow, PtInRect, GetClassNameA, GrayStringA, DrawTextA, TabbedTextOutA, EndPaint, BeginPaint, GetWindowDC, ReleaseDC, GetDC, ClientToScreen, DestroyMenu, LoadStringA, MapDialogRect, SetWindowContextHelpId, EndDialog, CreateDialogIndirectParamA, GetMessageA, TranslateMessage, GetActiveWindow, ValidateRect, GetCursorPos, SetCursor, PostQuitMessage, LoadBitmapA, GetMenuState, ModifyMenuA, SetMenuItemBitmaps, CheckMenuItem, EnableMenuItem, GetNextDlgTabItem, IsWindowEnabled, ShowWindow, IsDialogMessageA, PostMessageA, UpdateWindow, SendDlgItemMessageA, MapWindowPoints, GetSysColor, LoadCursorA, DispatchMessageA, SetActiveWindow, IsWindow, SetFocus, AdjustWindowRectEx, ScreenToClient, CopyRect, IsWindowVisible, GetTopWindow, MessageBoxA, IsChild, GetParent, GetCapture, WinHelpA, wsprintfA, GetClassInfoA, RegisterClassA, GetMenu, GetMenuItemCount, GetSubMenu, GetMenuItemID, GetDlgItem, GetWindowTextLengthA, GetWindowTextA, GetDlgCtrlID, GetKeyState, DefWindowProcA, DestroyWindow, CreateWindowExA, SetWindowsHookExA, CallNextHookEx, GetClassLongA, SetPropA, UnhookWindowsHookEx, GetSysColorBrush, SetWindowTextA, MoveWindow, PeekMessageA, GetPropA, CallWindowProcA, RemovePropA, GetMessageTime, GetMessagePos, GetLastActivePopup, GetForegroundWindow, SetForegroundWindow, GetWindow, GetWindowLongA, SetWindowLongA, SetWindowPos, RegisterWindowMessageA, OffsetRect, IntersectRect, SystemParametersInfoA, GetWindowPlacement, GetWindowRect, IsIconic, GetSystemMetrics, GetClientRect, DrawIcon, SetTimer, GetSystemMenu, AppendMenuA, SendMessageA, LoadIconA, EnableWindow, RegisterHotKey, UnregisterHotKey, GetFocus, GetMenuCheckMarkDimensions, HideCaret, ShowCaret, ExcludeUpdateRgn, DrawFocusRect, DefDlgProcA, IsWindowUnicode, UnregisterClassA
    > GDI32.dll: BitBlt, GetTextExtentPointA, CreateCompatibleDC, CreateDIBitmap, DeleteObject, GetDeviceCaps, GetViewportExtEx, GetWindowExtEx, CreateSolidBrush, PtVisible, RectVisible, TextOutA, ExtTextOutA, Escape, GetTextColor, GetBkColor, DPtoLP, LPtoDP, GetMapMode, PatBlt, IntersectClipRect, ScaleWindowExtEx, SetWindowExtEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SetMapMode, SetBkMode, GetStockObject, SelectObject, RestoreDC, SaveDC, DeleteDC, CreateBitmap, GetObjectA, SetBkColor, SetTextColor, GetClipBox
    > comdlg32.dll: GetFileTitleA
    > WINSPOOL.DRV: OpenPrinterA, DocumentPropertiesA, ClosePrinter
    > ADVAPI32.dll: RegSetValueExA, RegCloseKey, RegCreateKeyExA, RegOpenKeyExA
    > SHELL32.dll: Shell_NotifyIconA
    > COMCTL32.dll: -
    > oledlg.dll: -
    > ole32.dll: CoFreeUnusedLibraries, OleInitialize, OleUninitialize, CoGetClassObject, CLSIDFromString, CLSIDFromProgID, StgCreateDocfileOnILockBytes, CoRegisterMessageFilter, StgOpenStorageOnILockBytes, CoRevokeClassObject, OleIsCurrentClipboard, OleFlushClipboard, CoTaskMemAlloc, CoTaskMemFree, CreateILockBytesOnHGlobal
    > OLEPRO32.DLL: -
    > OLEAUT32.dll: -, -, -, -, -, -, -, -, -

    ( 0 exports )
    0
  10. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok rin

    encore des soucis
    0
  11. lankhmar
     
    encore des soucis rapport a icon.exe ?

    te colle un rapport antivir il ne detecte plus aucun virus

    AntiVir PersonalEdition Classic
    Report file date: lundi 14 avril 2008 18:31

    Scanning for 1200071 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: SYSTEM
    Computer name: PC-000000000

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 17:35:07
    ANTIVIR2.VDF : 7.0.3.156 795136 Bytes 11/04/2008 12:16:42
    ANTIVIR3.VDF : 7.0.3.161 79360 Bytes 14/04/2008 12:36:16
    AVEWIN32.DLL : 7.6.0.85 3461632 Bytes 12/04/2008 12:16:43
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 08/04/2008 17:35:09
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: on
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: high

    Start of the scan: lundi 14 avril 2008 18:31

    Starting search for hidden objects.
    '46413' objects were checked, '0' hidden objects were found.

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'WLANUTL.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
    Scan process 'realsched.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'qttask.exe' - '1' Module(s) have been scanned
    Scan process 'Icon.exe' - '1' Module(s) have been scanned
    Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
    Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
    Scan process 'STDSB.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'slserv.exe' - '1' Module(s) have been scanned
    Scan process 'NMSAccessU.exe' - '1' Module(s) have been scanned
    Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    35 processes with 35 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [NOTE] No virus was found!
    Master boot sector HD1
    [NOTE] No virus was found!
    [WARNING] The boot sector file could not be read!
    [WARNING] Error code: 0x0015

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '25' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!

    End of the scan: lundi 14 avril 2008 19:18
    Used time: 47:36 min

    The scan has been done completely.

    3309 Scanning directories
    189385 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    189385 Files not concerned
    7210 Archives were scanned
    2 Warnings
    0 Notes
    46413 Objects were scanned with rootkit scan
    0 Hidden objects were found
    0
  12. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    oui as tu encore le moindre probleme sur l'ordi

    si il n'y en a pas c'est bon!
    0
    1. Lankhmar
       
      merci a toi c est cool
      je vais faire resolu sur le forum
      encore merci
      0