Sujet Précédent Sujet Suivant

Virus lance security warning tout le temps

Résolu/Fermé
Simouss77 Messages postés 18 Date d'inscription mercredi 23 avril 2008 Statut Membre Dernière intervention 4 mai 2008 - 23 avril 2008 à 11:04
 Utilisateur anonyme - 24 avril 2008 à 21:01
Bonjour, j'ai telechargé un logiciel gratui sur internet et depuis security warning (un antivirus que je n'est jamais installé) m'indique des virus inéxistant! j'ai essayer avast,cclean,spybot et meme les indications du site mais cela ne change
rien!
A voir également:

10 réponses

Réponse 1 / 10
Utilisateur anonyme
23 avril 2008 à 11:06
BONJOUR

Télécharger sur le bureau
http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
= clic droit sur Hijackthis ==> renommer ==> écrire : test.exe ( à la place de hijackthis.exe) <== Important
=Double-clic dessus
= Clic Do a system scan and save the log
= un rapport s'ouvre ==> l'enregistrer sur le bureau ET POSTE LE RAPPORT
0
Réponse 2 / 10
Simouss77 Messages postés 18 Date d'inscription mercredi 23 avril 2008 Statut Membre Dernière intervention 4 mai 2008
23 avril 2008 à 11:11
merci de repondre si vite voila le rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:06, on 23/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\TF1Vision\TF1vision.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ejlgowsk.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\sbuatois\Mes documents\My Completed Downloads\test.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A41A5AE2-40EE-4EC5-89DE-6C4C4B128FA3} - C:\WINDOWS\system32\awttuvvw.dll
O2 - BHO: (no name) - {B8CB333B-1460-40F3-B351-F8F110758277} - C:\WINDOWS\system32\ljJBqppP.dll (file missing)
O2 - BHO: (no name) - {EE5A1465-1E73-4784-8F63-45983FDF0DB8} - C:\WINDOWS\system32\opnmKaYo.dll
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [e-TF1] C:\Program Files\TF1Vision\TF1vision.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ejlgowsk] C:\WINDOWS\system32\ejlgowsk.exe
O4 - HKLM\..\Run: [341ff292] rundll32.exe "C:\WINDOWS\system32\qmdmxfcb.dll",b
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [englvedj] C:\WINDOWS\system32\whsvqpmr.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKLM\..\Policies\Explorer\Run: [LrQicezbhI] C:\WINDOWS\system32\winver.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone (HKLM)
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: opnmKaYo - C:\WINDOWS\SYSTEM32\opnmKaYo.dll
O20 - Winlogon Notify: winzdn32 - C:\WINDOWS\SYSTEM32\winzdn32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
0
Réponse 3 / 10
Utilisateur anonyme
23 avril 2008 à 11:33
Télécharger Vundofix.exe (par Atribune) sur votre Bureau.

http://www.atribune.org/ccount/click.php?id=4

* Double-cliquer sur VundoFix.exe afin de le lancer.
* Cliquer sur le bouton Scan for Vundo.
* Lorsque le scan est complété, cliquer sur le bouton fix Vundo.
* Une invite de commande demandera si l’on souhaite supprimer les fichiers, cliquer sur YES
* Après avoir cliqué "YES", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Une nouvelle invite de commande annoncera que le PC devra s'éteindre ("shutdown"). Cliquer sur OK , puis laisser le redémarrer.
* Le contenu du rapport est situé dans C:\vundofix.txt, POSTE LE
* Refaire un rapport hijackthis,
0
Réponse 4 / 10
Simouss77 Messages postés 18 Date d'inscription mercredi 23 avril 2008 Statut Membre Dernière intervention 4 mai 2008
23 avril 2008 à 12:19
il m'annonce : aucun fichier infecté n'a été trouvé..
0
Utilisateur anonyme
23 avril 2008 à 13:49
on continue

Télécharger VirtumundoBegone sur le bureau:

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Double cliquer sur VirtumundoBeGone.exe et suivre les instructions.
Une fois terminé, redémarrer le PC, le rapport VBG.TXT sera crée sur le bureau .poste le rapport!!
(Si un message Ecran bleu "Erreur fatale" apparaît, pas d’inquiétude car c'est normal et attendu). Comme précédemment, refaire un rapport hijackthis, !!
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 10
Simouss77 Messages postés 18 Date d'inscription mercredi 23 avril 2008 Statut Membre Dernière intervention 4 mai 2008
24 avril 2008 à 01:48
voila pour VBG:
[04/24/2008, 1:40:45] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\sbuatois\Mes documents\My Completed Downloads\VirtumundoBeGone.exe" )
[04/24/2008, 1:40:48] - Detected System Information:
[04/24/2008, 1:40:48] - Windows Version: 5.1.2600, Service Pack 2
[04/24/2008, 1:40:48] - Current Username: sbuatois (Admin)
[04/24/2008, 1:40:48] - Windows is in NORMAL mode.
[04/24/2008, 1:40:48] - Searching for Browser Helper Objects:
[04/24/2008, 1:40:48] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} ()
[04/24/2008, 1:40:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 1:40:48] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[04/24/2008, 1:40:48] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[04/24/2008, 1:40:48] - BHO 2: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
[04/24/2008, 1:40:48] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/24/2008, 1:40:48] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[04/24/2008, 1:40:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 1:40:48] - No filename found. Continuing.
[04/24/2008, 1:40:48] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[04/24/2008, 1:40:48] - BHO 6: {A41A5AE2-40EE-4EC5-89DE-6C4C4B128FA3} ()
[04/24/2008, 1:40:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 1:40:48] - Checking for HKLM\...\Winlogon\Notify\awttuvvw
[04/24/2008, 1:40:48] - Key not found: HKLM\...\Winlogon\Notify\awttuvvw, continuing.
[04/24/2008, 1:40:48] - BHO 7: {B8CB333B-1460-40F3-B351-F8F110758277} ()
[04/24/2008, 1:40:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 1:40:48] - Checking for HKLM\...\Winlogon\Notify\ljJBqppP
[04/24/2008, 1:40:48] - Key not found: HKLM\...\Winlogon\Notify\ljJBqppP, continuing.
[04/24/2008, 1:40:48] - BHO 8: {EE5A1465-1E73-4784-8F63-45983FDF0DB8} ()
[04/24/2008, 1:40:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 1:40:48] - Checking for HKLM\...\Winlogon\Notify\opnmKaYo
[04/24/2008, 1:40:48] - Found: HKLM\...\Winlogon\Notify\opnmKaYo - This is probably Virtumundo.
[04/24/2008, 1:40:48] - Assigning {EE5A1465-1E73-4784-8F63-45983FDF0DB8} MSEvents Object
[04/24/2008, 1:40:48] - BHO list has been changed! Starting over...
[04/24/2008, 1:40:48] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} ()
[04/24/2008, 1:40:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 1:40:48] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[04/24/2008, 1:40:48] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[04/24/2008, 1:40:48] - BHO 2: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
[04/24/2008, 1:40:48] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/24/2008, 1:40:48] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[04/24/2008, 1:40:48] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 1:40:49] - No filename found. Continuing.
[04/24/2008, 1:40:49] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[04/24/2008, 1:40:49] - BHO 6: {A41A5AE2-40EE-4EC5-89DE-6C4C4B128FA3} ()
[04/24/2008, 1:40:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 1:40:49] - Checking for HKLM\...\Winlogon\Notify\awttuvvw
[04/24/2008, 1:40:49] - Key not found: HKLM\...\Winlogon\Notify\awttuvvw, continuing.
[04/24/2008, 1:40:49] - BHO 7: {B8CB333B-1460-40F3-B351-F8F110758277} ()
[04/24/2008, 1:40:49] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 1:40:49] - Checking for HKLM\...\Winlogon\Notify\ljJBqppP
[04/24/2008, 1:40:49] - Key not found: HKLM\...\Winlogon\Notify\ljJBqppP, continuing.
[04/24/2008, 1:40:49] - BHO 8: {EE5A1465-1E73-4784-8F63-45983FDF0DB8} (MSEvents Object)
[04/24/2008, 1:40:49] - ALERT: Found MSEvents Object!
[04/24/2008, 1:40:49] - Finished Searching Browser Helper Objects
[04/24/2008, 1:40:49] - *** Detected MSEvents Object
[04/24/2008, 1:40:49] - Trying to remove MSEvents Object...
[04/24/2008, 1:40:50] - Terminating Process: IEXPLORE.EXE
[04/24/2008, 1:40:51] - Terminating Process: RUNDLL32.EXE
[04/24/2008, 1:40:52] - Disabling Automatic Shell Restart
[04/24/2008, 1:40:52] - Terminating Process: EXPLORER.EXE
[04/24/2008, 1:40:54] - Suspending the NT Session Manager System Service
[04/24/2008, 1:40:54] - Terminating Windows NT Logon/Logoff Manager
[04/24/2008, 1:40:54] - Re-enabling Automatic Shell Restart
[04/24/2008, 1:40:55] - File to disable: C:\WINDOWS\system32\opnmKaYo.dll
[04/24/2008, 1:40:55] - Renaming C:\WINDOWS\system32\opnmKaYo.dll -> C:\WINDOWS\system32\opnmKaYo.dll.vir
[04/24/2008, 1:40:55] - File successfully renamed!
[04/24/2008, 1:40:55] - Removing HKLM\...\Browser Helper Objects\{EE5A1465-1E73-4784-8F63-45983FDF0DB8}
[04/24/2008, 1:40:55] - Removing HKCR\CLSID\{EE5A1465-1E73-4784-8F63-45983FDF0DB8}
[04/24/2008, 1:40:55] - Adding Kill Bit for ActiveX for GUID: {EE5A1465-1E73-4784-8F63-45983FDF0DB8}
[04/24/2008, 1:40:55] - Deleting ATLEvents/MSEvents Registry entries
[04/24/2008, 1:40:55] - Removing HKLM\...\Winlogon\Notify\opnmKaYo
[04/24/2008, 1:40:55] - Searching for Browser Helper Objects:
[04/24/2008, 1:40:55] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} ()
[04/24/2008, 1:40:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 1:40:55] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[04/24/2008, 1:40:55] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[04/24/2008, 1:40:55] - BHO 2: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
[04/24/2008, 1:40:55] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[04/24/2008, 1:40:55] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[04/24/2008, 1:40:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 1:40:55] - No filename found. Continuing.
[04/24/2008, 1:40:55] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[04/24/2008, 1:40:55] - BHO 6: {A41A5AE2-40EE-4EC5-89DE-6C4C4B128FA3} ()
[04/24/2008, 1:40:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 1:40:55] - Checking for HKLM\...\Winlogon\Notify\awttuvvw
[04/24/2008, 1:40:55] - Key not found: HKLM\...\Winlogon\Notify\awttuvvw, continuing.
[04/24/2008, 1:40:55] - BHO 7: {B8CB333B-1460-40F3-B351-F8F110758277} ()
[04/24/2008, 1:40:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[04/24/2008, 1:40:56] - Checking for HKLM\...\Winlogon\Notify\ljJBqppP
[04/24/2008, 1:40:56] - Key not found: HKLM\...\Winlogon\Notify\ljJBqppP, continuing.
[04/24/2008, 1:40:56] - Finished Searching Browser Helper Objects
[04/24/2008, 1:40:56] - Finishing up...
[04/24/2008, 1:40:56] - A restart is needed.
[04/24/2008, 1:40:56] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[04/24/2008, 1:41:08] - Attempting to Restart via STOP error (Blue Screen!)
0
Réponse 6 / 10
Simouss77 Messages postés 18 Date d'inscription mercredi 23 avril 2008 Statut Membre Dernière intervention 4 mai 2008
24 avril 2008 à 01:49
et voila pour hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:48:51, on 24/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\TF1Vision\TF1vision.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ejlgowsk.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\sbuatois\Mes documents\My Completed Downloads\test.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B2F3DAFC-C09A-4DB5-B6D1-3457F1B6EA99} - C:\WINDOWS\system32\awttuvvw.dll
O2 - BHO: (no name) - {B8CB333B-1460-40F3-B351-F8F110758277} - C:\WINDOWS\system32\ljJBqppP.dll (file missing)
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [e-TF1] C:\Program Files\TF1Vision\TF1vision.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ejlgowsk] C:\WINDOWS\system32\ejlgowsk.exe
O4 - HKLM\..\Run: [341ff292] rundll32.exe "C:\WINDOWS\system32\qmdmxfcb.dll",b
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [englvedj] C:\WINDOWS\system32\whsvqpmr.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKLM\..\Policies\Explorer\Run: [LrQicezbhI] C:\WINDOWS\system32\winver.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone (HKLM)
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: winzdn32 - C:\WINDOWS\SYSTEM32\winzdn32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
0
Utilisateur anonyme
24 avril 2008 à 07:50
bonjour

relance hijackthis et coches les lignes ci dessous et clic sur fix checkhed et a ce moment seul la fenêtre d'hijackthis doit être ouvert

tuto pour fixer les lignes
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm

lignes a fixer:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {B2F3DAFC-C09A-4DB5-B6D1-3457F1B6EA99} - C:\WINDOWS\system32\awttuvvw.dll
O2 - BHO: (no name) - {B8CB333B-1460-40F3-B351-F8F110758277} - C:\WINDOWS\system32\ljJBqppP.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ejlgowsk] C:\WINDOWS\system32\ejlgowsk.exe
O4 - HKLM\..\Run: [341ff292] rundll32.exe "C:\WINDOWS\system32\qmdmxfcb.dll",b
O4 - HKCU\..\Run: [englvedj] C:\WINDOWS\system32\whsvqpmr.exe
O4 - HKLM\..\Policies\Explorer\Run: [LrQicezbhI] C:\WINDOWS\system32\winver.exe
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O20 - Winlogon Notify: winzdn32 - C:\WINDOWS\SYSTEM32\winzdn32.dll

Télécharges ComboFix à partir d'un de ces liens :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
https://forospyware.com
http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/

Et important, enregistre le sur le bureau.

Avant d'utiliser ComboFix :

► Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

► Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.


Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

► Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

► Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

et un hijackthis!!!!!
0
Réponse 7 / 10
Simouss77 Messages postés 18 Date d'inscription mercredi 23 avril 2008 Statut Membre Dernière intervention 4 mai 2008
24 avril 2008 à 12:58
ComboFix 08-04-22.5 - sbuatois 2008-04-24 12:42:27.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.203 [GMT 2:00]
Endroit: C:\Documents and Settings\sbuatois\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\sbuatois\Bureaublackbird.jpg
C:\Documents and Settings\sbuatois\BureauEditorFKWP1.5.exe
C:\Documents and Settings\sbuatois\BureauEditorFKWP2.0.exe
C:\Documents and Settings\sbuatois\Bureaufilemanagerclient.exe
C:\Documents and Settings\sbuatois\Bureaufkwp1.5.exe
C:\Documents and Settings\sbuatois\Bureaufkwp2.0.exe
C:\Documents and Settings\sbuatois\Bureaufwebd.exe
C:\Documents and Settings\sbuatois\BureauFWebdEditor.exe
C:\Documents and Settings\sbuatois\BureauTrojan.Win32.BlackBird.exe
C:\Documents and Settings\sbuatois\Bureauvirii
C:\Documents and Settings\sbuatois\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdn.com
C:\WINDOWS\cookies.ini
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\system32\awttuvvw.dll
C:\WINDOWS\system32\bcfxmdmq.ini
C:\WINDOWS\system32\gbtrmgfm.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mfgmrtbg.dll
C:\WINDOWS\system32\PppqBJjl.ini
C:\WINDOWS\system32\PppqBJjl.ini2
C:\WINDOWS\system32\qmdmxfcb.dll
C:\WINDOWS\system32\wvvuttwa.ini
C:\WINDOWS\system32\wvvuttwa.ini2
C:\WINDOWS\system32akttzn.exe
C:\WINDOWS\system32anticipator.dll
C:\WINDOWS\system32awtoolb.dll
C:\WINDOWS\system32bdn.com
C:\WINDOWS\system32bsva-egihsg52.exe
C:\WINDOWS\system32dpcproxy.exe
C:\WINDOWS\system32emesx.dll
C:\WINDOWS\system32h@tkeysh@@k.dll
C:\WINDOWS\system32hoproxy.dll
C:\WINDOWS\system32hxiwlgpm.dat
C:\WINDOWS\system32hxiwlgpm.exe
C:\WINDOWS\system32medup012.dll
C:\WINDOWS\system32medup020.dll
C:\WINDOWS\system32msgp.exe
C:\WINDOWS\system32msnbho.dll
C:\WINDOWS\system32mssecu.exe
C:\WINDOWS\system32msvchost.exe
C:\WINDOWS\system32mtr2.exe
C:\WINDOWS\system32mwin32.exe
C:\WINDOWS\system32netode.exe
C:\WINDOWS\system32newsd32.exe
C:\WINDOWS\system32ps1.exe
C:\WINDOWS\system32psof1.exe
C:\WINDOWS\system32psoft1.exe
C:\WINDOWS\system32regc64.dll
C:\WINDOWS\system32regm64.dll
C:\WINDOWS\system32Rundl1.exe
C:\WINDOWS\system32smp
C:\WINDOWS\system32smp\msrc.exe
C:\WINDOWS\system32sncntr.exe
C:\WINDOWS\system32ssurf022.dll
C:\WINDOWS\system32ssvchost.com
C:\WINDOWS\system32ssvchost.exe
C:\WINDOWS\system32sysreq.exe
C:\WINDOWS\system32taack.dat
C:\WINDOWS\system32taack.exe
C:\WINDOWS\system32temp#01.exe
C:\WINDOWS\system32thun.dll
C:\WINDOWS\system32thun32.dll
C:\WINDOWS\system32VBIEWER.OCX
C:\WINDOWS\system32vbsys2.dll
C:\WINDOWS\system32vcatchpi.dll
C:\WINDOWS\system32winlogonpc.exe
C:\WINDOWS\system32winsystem.exe
C:\WINDOWS\system32WINWGPX.EXE
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\Web\def.htm
C:\WINDOWS\winsystem.exe
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-24 to 2008-04-24 ))))))))))))))))))))))))))))))))))))
.

2008-04-22 11:38 . 2008-04-23 10:49 1,542,093 ---hs---- C:\WINDOWS\system32\tibjplad.ini
2008-04-21 11:37 . 2008-04-22 11:37 1,541,913 ---hs---- C:\WINDOWS\system32\uaeltoqw.ini
2008-04-20 10:36 . 2008-04-21 11:36 1,541,793 ---hs---- C:\WINDOWS\system32\nmypdteg.ini
2008-04-19 14:28 . 2008-04-19 14:28 <REP> d-------- C:\VundoFix Backups
2008-04-19 14:20 . 2008-04-19 14:20 110,592 --a------ C:\WINDOWS\system32\vckbirou.dll
2008-04-19 14:20 . 2008-04-19 14:20 106,496 --a------ C:\WINDOWS\system32\ejlgowsk.exe
2008-04-19 14:19 . 2008-04-19 14:19 38 --a------ C:\WINDOWS\system32\a.bat
2008-04-19 11:59 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-19 11:59 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-19 11:59 . 2008-04-14 19:28 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-19 11:59 . 2008-04-12 13:49 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-19 11:59 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-19 11:59 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-19 11:59 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-19 11:59 . 2008-04-19 12:09 2,330 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-19 08:35 . 2008-04-20 10:36 1,541,673 ---hs---- C:\WINDOWS\system32\yjxtqkjp.ini
2008-04-17 21:45 . 2008-04-17 21:45 37,888 --a------ C:\WINDOWS\system32\opnmKaYo.dll.vir
2008-04-17 21:44 . 2008-04-17 21:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\whgtutwb
2008-04-17 21:44 . 2008-04-16 10:07 290,816 --a------ C:\WINDOWS\pmsoarbf.dll
2008-04-17 21:44 . 2008-04-16 10:07 98,304 --a------ C:\WINDOWS\npqtsrak.exe
2008-04-17 21:44 . 2008-04-17 21:44 94,208 --a------ C:\WINDOWS\system32\whsvqpmr.exe
2008-04-17 21:32 . 2008-04-17 21:32 27,136 --a------ C:\WINDOWS\system32\winzdn32.dll
2008-04-17 21:10 . 2008-04-18 13:20 <REP> d-------- C:\Program Files\VirtualDJ
2008-04-13 10:42 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-04-13 10:36 . 2008-04-13 10:36 <REP> d-------- C:\Program Files\Microsoft.NET
2008-04-13 10:32 . 2008-04-13 10:32 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-04-13 10:30 . 2008-04-13 10:38 <REP> d-------- C:\WINDOWS\SHELLNEW
2008-04-13 10:29 . 2008-04-13 10:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-13 10:28 . 2008-04-13 10:28 <REP> dr-h----- C:\MSOCache
2008-04-10 17:52 . 2008-04-10 17:52 <REP> d-------- C:\Program Files\Apple Software Update
2008-04-10 17:51 . 2008-04-10 17:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-07 18:39 . 2008-04-07 18:39 <REP> d-------- C:\Documents and Settings\sbuatois\Application Data\Template
2008-04-07 18:35 . 2008-04-13 10:39 <REP> d-------- C:\Program Files\Microsoft Works
2008-04-06 16:44 . 2008-04-06 16:44 <REP> d-------- C:\Documents and Settings\sbuatois\Application Data\skypePM
2008-04-06 16:44 . 2008-04-06 16:44 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-04-06 16:39 . 2008-04-06 20:49 <REP> d-------- C:\Documents and Settings\sbuatois\Application Data\Skype
2008-04-06 16:38 . 2008-04-06 16:38 <REP> d-------- C:\Program Files\Skype
2008-04-06 16:38 . 2008-04-06 16:38 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-04-06 16:38 . 2008-04-06 16:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-04-06 15:27 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-06 15:27 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-03-24 17:14 . 2008-03-24 17:14 268 --ah----- C:\sqmdata07.sqm
2008-03-24 17:14 . 2008-03-24 17:14 244 --ah----- C:\sqmnoopt07.sqm
2008-03-24 03:20 . 2008-03-24 03:20 268 --ah----- C:\sqmdata06.sqm
2008-03-24 03:20 . 2008-03-24 03:20 244 --ah----- C:\sqmnoopt06.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-24 10:48 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-17 19:35 --------- d-----w C:\Program Files\Azureus
2008-04-17 19:35 --------- d-----w C:\Documents and Settings\sbuatois\Application Data\Azureus
2008-04-13 08:39 --------- d-----w C:\Program Files\MSBuild
2008-04-10 15:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-05 05:31 --------- d-----w C:\Program Files\Avast4
2008-03-21 21:09 --------- d-----w C:\Documents and Settings\sbuatois\Application Data\Apple Computer
2008-03-21 21:01 --------- d-----w C:\Documents and Settings\sbuatois\Application Data\VideoReDo-TVSuite
2008-03-16 16:47 --------- d-----w C:\Program Files\DAP
2008-03-16 16:45 --------- d-----w C:\Program Files\SpeedBit Video Accelerator
2008-03-12 20:30 --------- d-----w C:\Documents and Settings\sbuatois\Application Data\DivX
2008-03-08 21:27 --------- d-----w C:\Program Files\TF1Vision
2008-03-08 21:15 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-25 00:21 --------- d-----w C:\Documents and Settings\sbuatois\Application Data\vlc
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-08 12:06 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2006-09-19 10:07 827392]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41 45056]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 20:42 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"e-TF1"="C:\Program Files\TF1Vision\TF1vision.exe" [2007-12-24 11:38 345600]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2008-03-16 18:42 3057152]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 12:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoInstrumentation"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoUserNameInStartMenu"= 1 (0x1)
"NoInstrumentation"= 0 (0x0)
"NoStartMenuPinnedList"= 0 (0x0)
"ForceStartMenuLogoff"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\FEAR Perseus Mandate\\FEARXP2.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\WINDOWS\\system32\\winver.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 Dnscache;Client DNS;C:\WINDOWS\system32\svchost.exe [2004-08-05 12:00]
R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2008-03-16 18:44]
R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [2008-03-16 18:44]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S3 W8335PCI;IEEE 802.11g Wireless Cardbus/PCI Adapter HW51;C:\WINDOWS\system32\DRIVERS\Mrv8000c.sys [2004-12-24 08:42]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-17 17:33:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-24 12:48:27
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 88

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\locator.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-24 12:53:56 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-24 10:53:52

Pre-Run: 46,251,581,440 octets libres
Post-Run: 51,769,528,320 octets libres

252 --- E O F --- 2008-04-11 21:14:32
0
Réponse 8 / 10
Simouss77 Messages postés 18 Date d'inscription mercredi 23 avril 2008 Statut Membre Dernière intervention 4 mai 2008
24 avril 2008 à 12:59
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:58:50, on 24/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\TF1Vision\TF1vision.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\sbuatois\Mes documents\My Completed Downloads\test.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [e-TF1] C:\Program Files\TF1Vision\TF1vision.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
0
Utilisateur anonyme
24 avril 2008 à 13:32
et comment ce comporte ton pc?
0
Réponse 9 / 10
Simouss77 Messages postés 18 Date d'inscription mercredi 23 avril 2008 Statut Membre Dernière intervention 4 mai 2008
24 avril 2008 à 14:52
tout est nikel fluide et plus aucun problème avec les apparitions d'anti-virus! je te confirme ça se soir merci beaucoup!!!
0
Utilisateur anonyme
24 avril 2008 à 16:21
ok
0
Réponse 10 / 10
Simouss77 Messages postés 18 Date d'inscription mercredi 23 avril 2008 Statut Membre Dernière intervention 4 mai 2008
24 avril 2008 à 19:05
je n'ai plus aucun problème merci pour tout!
0
Utilisateur anonyme
24 avril 2008 à 21:01
si tout est ok met le sujet en résolu!!

@+
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Acces à snapchat temporairement désactivé
Anto_1234 -
M2 -

87 réponses
Boîte mail piratée ?
mike the llama -
mike the llama -

4 réponses
Code de réinitialisation mdp facebook sans le demander
Colonel_El_Moustachat -
Colonel_El_Moustachat -

4 réponses
Security boot fail lors du démarrage
Steu -
NBK -

4 réponses