Sujet Précédent Sujet Suivant

Mon PC ne m'appartient plus?! que faire?

aabdelbari Messages postés 26 Statut Membre -  
 aabdelbari -
Bonjou a tous,
Ma connaissance en informatique est "novice", permettez moi de me servire de votres gentillesses et patiences et bien entendu, votres connaissances dans la matiere.
Mes amis, j'ai ete attaque par des virus ou des trojans, j'avais "Norton Antivirus" que j'ai change par "Avira antiVir Personnal" par les conseils de certains amis de ce forum, que je remercie.

J'ignore ce qie c'est le : "scan HijackThis " que je vois souvent dans certains messages des amis.

Alors, apres l'installation de ce nouveau antivirus Avira AntiVir, et la mise a jour et le scan en mode sans echec, il a detecte des anomalies que j'espere resolues, d'ailleurs j'ai vu mon PC me revenir petit a petit. Mais je ne sais pas si mon Pc est propre ou necessite d'autres interventions.
J'attends votres aides mes amis,
Voici le dernier rapport du Scan :

*************************************
Avira AntiVir Personal
Report file date: lundi 28 avril 2008 20:57

Scanning for 1242663 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PORTO-FARINA

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 08:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 07:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 07:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 07:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 09:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 12:08:58
ANTIVIR2.VDF : 7.0.3.197 1260032 Bytes 22/04/2008 13:55:08
ANTIVIR3.VDF : 7.0.3.222 203776 Bytes 28/04/2008 13:55:10
Engineversion : 8.1.0.35
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 08:58:21
AESCRIPT.DLL : 8.1.0.27 233851 Bytes 28/04/2008 13:55:34
AESCN.DLL : 8.1.0.14 119156 Bytes 28/04/2008 13:55:32
AERDL.DLL : 8.1.0.20 418165 Bytes 28/04/2008 13:55:30
AEPACK.DLL : 8.1.1.2 364917 Bytes 28/04/2008 13:55:28
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 28/04/2008 13:55:25
AEHEUR.DLL : 8.1.0.20 1196406 Bytes 28/04/2008 13:55:23
AEHELP.DLL : 8.1.0.14 115063 Bytes 28/04/2008 13:55:16
AEGEN.DLL : 8.1.0.18 299381 Bytes 28/04/2008 13:55:15
AEEMU.DLL : 8.1.0.5 430450 Bytes 07/04/2008 14:34:43
AECORE.DLL : 8.1.0.27 168310 Bytes 28/04/2008 13:55:13
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 16:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 09:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 16:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 07:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 07:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 16:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 16:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 11:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 13:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 11:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: lundi 28 avril 2008 20:57

The scan of running processes will be started
Scan process 'sidebar.exe' - '0' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'HpqToaster.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'OSA.EXE' - '1' Module(s) have been scanned
Scan process 'EasyShare.exe' - '1' Module(s) have been scanned
Scan process 'BTTray.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'ccleaner.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'SearchSettings.exe' - '1' Module(s) have been scanned
Scan process 'PIFSvc.exe' - '1' Module(s) have been scanned
Scan process 'Reader_SL.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'Athan.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'WiFiMsg.exe' - '1' Module(s) have been scanned
Scan process 'HPWAMain.exe' - '1' Module(s) have been scanned
Scan process 'HPHC_Scheduler.exe' - '1' Module(s) have been scanned
Scan process 'QLBCTRL.exe' - '1' Module(s) have been scanned
Scan process 'QPService.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'sm56hlpr.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'CLSched.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PIFSvc.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'AluSchedulerSvc.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'asghost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
80 processes with 80 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '23' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\ProgramData\Symantec\SRTSP\Quarantine\AP0154C293.HTML
[DETECTION] Contains detection pattern of the VBS script virus VBS/Redlof.N
[NOTE] The file was moved to '484625e2.qua'!
C:\ProgramData\Symantec\SRTSP\Quarantine\AP102E2850.HTML
[DETECTION] Contains detection pattern of the VBS script virus VBS/Redlof.N
[NOTE] The file was moved to '484725e4.qua'!
C:\ProgramData\Symantec\SRTSP\Quarantine\AP110AF5CA.HTML
[DETECTION] Contains detection pattern of the VBS script virus VBS/Redlof.N
[NOTE] The file was moved to '4a298b55.qua'!
C:\ProgramData\Symantec\SRTSP\Quarantine\AP116D11C8.HTML
[DETECTION] Contains detection pattern of the VBS script virus VBS/Redlof.N
[NOTE] The file was moved to '484725e5.qua'!
C:\ProgramData\Symantec\SRTSP\Quarantine\AP1F2D6360.htm
[DETECTION] Contains detection pattern of the VBS script virus VBS/Redlof.N
[NOTE] The file was moved to '4a298f26.qua'!
C:\ProgramData\Symantec\SRTSP\Quarantine\AP23C50AE9.HTML
[DETECTION] Contains detection pattern of the VBS script virus VBS/Redlof.N
[NOTE] The file was moved to '484825e6.qua'!
C:\ProgramData\Symantec\SRTSP\Quarantine\AP4834C6EC.HTML
[DETECTION] Contains detection pattern of the VBS script virus VBS/Redlof.N
[NOTE] The file was moved to '484a25e6.qua'!
C:\ProgramData\Symantec\SRTSP\Quarantine\AP4F8DF8E6.HTML
[DETECTION] Contains detection pattern of the VBS script virus VBS/Redlof.N
[NOTE] The file was moved to '484a25e7.qua'!
C:\ProgramData\Symantec\SRTSP\Quarantine\AP59FB0478.HTML
[DETECTION] Contains detection pattern of the VBS script virus VBS/Redlof.N
[NOTE] The file was moved to '484b25e7.qua'!
C:\ProgramData\Symantec\SRTSP\Quarantine\AP5C207137.HTML
[DETECTION] Contains detection pattern of the VBS script virus VBS/Redlof.N
[NOTE] The file was moved to '4a258b58.qua'!
C:\ProgramData\Symantec\SRTSP\Quarantine\AP61D08F1C.HTML
[DETECTION] Contains detection pattern of the VBS script virus VBS/Redlof.N
[NOTE] The file was moved to '484c25e8.qua'!
C:\ProgramData\Symantec\SRTSP\Quarantine\AP62D28871.HTML
[DETECTION] Contains detection pattern of the VBS script virus VBS/Redlof.N
[NOTE] The file was moved to '4a228f29.qua'!
C:\ProgramData\Symantec\SRTSP\Quarantine\AP6C0873A6.HTML
[DETECTION] Contains detection pattern of the VBS script virus VBS/Redlof.N
[NOTE] The file was moved to '484c25ea.qua'!
C:\ProgramData\Symantec\SRTSP\Quarantine\AP6F7A2217.HTML
[DETECTION] Contains detection pattern of the VBS script virus VBS/Redlof.N
[NOTE] The file was moved to '484c25e9.qua'!
C:\ProgramData\Symantec\SRTSP\Quarantine\AP7EEB69E9.htm
[DETECTION] Contains detection pattern of the VBS script virus VBS/Redlof.N
[NOTE] The file was moved to '484d25e9.qua'!
C:\ProgramData\Symantec\SRTSP\Quarantine\AP848913D1.HTML
[DETECTION] Contains detection pattern of the VBS script virus VBS/Redlof.N
[NOTE] The file was moved to '484e25e9.qua'!
C:\ProgramData\Symantec\SRTSP\Quarantine\AP8C9A184C.HTML
[DETECTION] Contains detection pattern of the VBS script virus VBS/Redlof.N
[NOTE] The file was moved to '4a208f2a.qua'!
C:\ProgramData\Symantec\SRTSP\Quarantine\APA7083DAF.HTML
[DETECTION] Contains detection pattern of the VBS script virus VBS/Redlof.N
[NOTE] The file was moved to '485725ea.qua'!
C:\ProgramData\Symantec\SRTSP\Quarantine\APC9C9B3D0.HTML
[DETECTION] Contains detection pattern of the VBS script virus VBS/Redlof.N
[NOTE] The file was moved to '485925ea.qua'!
C:\ProgramData\Symantec\SRTSP\Quarantine\APCEE964C4.HTML
[DETECTION] Contains detection pattern of the VBS script virus VBS/Redlof.N
[NOTE] The file was moved to '4a378f2b.qua'!
C:\ProgramData\Symantec\SRTSP\Quarantine\APDE77BE5E.HTML
[DETECTION] Contains detection pattern of the VBS script virus VBS/Redlof.N
[NOTE] The file was moved to '485a25eb.qua'!
C:\ProgramData\Symantec\SRTSP\Quarantine\APF124D728.HTML
[DETECTION] Contains detection pattern of the VBS script virus VBS/Redlof.N
[NOTE] The file was moved to '485c25eb.qua'!
Begin scan in 'D:\' <HP_RECOVERY>

End of the scan: lundi 28 avril 2008 23:42
Used time: 2:45:59 min

The scan has been done completely.

16778 Scanning directories
429538 Files were scanned
22 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
22 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
429516 Files not concerned
2326 Archives were scanned
1 Warnings
22 Notes
********************************************************8

Je remerci toute personne aiyant la patience de lire ce message et la gentillesse de me donner de l'aide.
Merci a toi aussi DIID .....
A voir également:

21 réponses

  • 1
  • 2
Réponse 1 / 21
manu_dog Messages postés 536 Statut Membre 41
 
Commence par ceci

Télécharge BTFix 1.017 (de bibi26)
BTFix vous propose de détecter et de désinstaller les barres d'outils publicitaires, qui s'invitent souvent lors de l'installation d'applications. Ce programme vous permet d'éliminer facilement les toolbars indésirables telles que Zango, MyWebSearch, MySearch, WhenU, Spam Blocker Utility, EZshopper, Browser Accelerator et beaucoup d'autres.

http://cluster1.easy-hebergement.net/

RECHERCHE
* Décompresse l'archive sur ton Bureau (Clique-Droit/Extraire tout).
* Ouvre le dossier "BTFix"
* Double clique sur "BTFix.exe"
* Clique sur "Rechercher"
* Un rapport va apparaître, copie/colle-le dans ta prochaine réponse
NETTOYAGE
* Démarre l'ordinateur en MSE comme ceci http://www.coupdepoucepc.com/modules/news/article.php?storyid=253 > ==> (Une fois le chargement du BIOS terminé, il y a un écran noir. Appuie sur la touche F8 ou F5, à répétition jusqu'à l'affichage du menu des options avancées de Windows. Ensuite, en utilisant les touches du curseur, sélectionne "mode sans échec" et appuie sur [Entrée]. Choisis ton compte usuel et non pas "Administrateur".)
* Ouvre "BTFix"
* Clique sur "Nettoyer" * Un rapport va apparaître, copie/colle-le dans ta prochaine réponse

Poursuis avec cette analyse, STP:

Télécharge et installe Malwarebyte's Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Suivre ce tutoriel https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm

A la fin du scan >>> clique sur « Afficher les résultats » >>> « Enregistrer le Rapport »
Suppression des éléments détectés >>>> clique sur « Supprimer la sélection »
S'il t'est demandé de redémarrer >>> clique sur "Yes"

Un rapport de scan s'ouvre, poste le rapport.

Merci
1
Réponse 2 / 21
aabdelbari Messages postés 26 Statut Membre 1
 
Salut manu_dog,
Je te remercie pour ta reponse.
Je ne sais plus quoi dire ?! toujours on me propose de nouveaux logiciels de detections et je ne sais pas lequel installer ?!
Ceux que tu as propose sont des sortes de logiciels d'anivirus et que font ils exactement.?!
Je te remercie pour tes explications,
J'attends une explication.
Amicalement,
0
manu_dog Messages postés 536 Statut Membre 41
 
c'est pas assez bien expliquer?
0
Réponse 3 / 21
aabdelbari Messages postés 26 Statut Membre 1
 
Re salut,
Manu_dog, j'ai bie saisi ton message et tres bien compris mais je suis confus, car on m'a propose d'autres logiciels et je suis confus.
Ce que j'ai demande c'est peu d'explication des roles des logiciels que tu m'as propose.
Je te remercie pour tout.
a bientot
0
manu_dog Messages postés 536 Statut Membre 41
 
sa va te donner des résultats que j'ai besoin de voir pour corriger ton problème
0
Réponse 4 / 21
aabdelbari Messages postés 26 Statut Membre 1
 
ok, merci , j'ai imprime ton message pour suivre les etape.
je vais telecharger le liens et plustard j'essayerai.
Merci pour tou mon amis
a bientot
0
manu_dog Messages postés 536 Statut Membre 41
 
ok
bonne aprem'
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 21
Utilisateur anonyme
 
Bonjour,
Commence par poster un rapport HijackThis stp,
>Télécharge HiJackThis : https://www.commentcamarche.net/telecharger/securite/11747-hijackthis/
- Lance Hijackthis, sélectionne < do a system scan and save a logfile >
- Enregistre le rapport sur ton bureau.
Et envoie stp, par collier/coller, ton log Hijackthis sur le forum,

;)

A+
0
Réponse 6 / 21
aabdelbari Messages postés 26 Statut Membre 1
 
Salut DIID et a tous,

Voici comme tu m'as conseille, le resultat du HIJack ScanJ'attendrai ta reponse DIID avec mes remerciements :

*****************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:36:56, on 01/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\FlashGet\flashget.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe
C:\Windows\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\AABDEL~1\AppData\Local\Temp\byXQJCSm.dll,#1
O4 - HKCU\..\Run: [16802785] rundll32.exe "C:\Users\AABDEL~1\AppData\Local\Temp\anspthih.dll",b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BM15b31419] Rundll32.exe "C:\Users\AABDEL~1\AppData\Local\Temp\gledsnik.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
0
Utilisateur anonyme
 
Bonjour,
commence par faire ceci stp : http://www.commentcamarche.net/forum/affich 6205229 mon pc ne m appartient plus que faire#1

C'est exactement ça....
Pour BTFix je ne vois pas comment l'avoir prévu avant HJT. Chapeau (le profil :)) !

+1
0
Réponse 7 / 21
aabdelbari
 
Salut DIID,

comme tu m'as demande, j'ai suivie les etapes explique plus haut.

Voila le 2eme rapport de BTFix, excuse moi, j'ai oublie de te laisser une copie, mais sache qu'il a trouve 4 virus ,en MSE, et les a tous nettoyer .. :

************
BTFix 1.098 (par bibi26) - 02/05/2008 21:38:46 - Analyse
Lancé depuis C:\Users\aabdelbari\Desktop\BTFix\BTFix\BTFix.exe

---> Fichiers/Dossiers trouvés

---> Analyse terminée le 02/05/2008 21:38:46
*************************

De meme avec Malwarebam ...

S'il y a d'autres instructions, j'attends ta reponse.

@+
0
Réponse 8 / 21
Utilisateur anonyme
 
Bonjour,

En fait BTFix n'a pas marché ! Il aurait du démasquer ta Dealio Toolbar.....

De toute façon ton HiJackT est loin d'être propre. Il reste pas mal de bébêtes...

Et il est où le rapport Malewarebytes ? Tu peux le poster stp ? (sinon refais le en MSE - voir plus bas).

Tu n'a pas non plus de pare feu....
> Installe un pare feu :
- Je te conseille Kerio : http://www.commentcamarche.net/telecharger/telecharger 206 kerio . Si problème, tuto : https://kerio.probb.fr/
- Si tu as des difficultés avec les configuration de Kerio, alors installe Zone Alarme : /telecharger/telecharger-157-zonealarm, en cas de problème : http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/zonealarm-tutorial-sujet_169658_1.htm
- Installe le nouveau pare-feu, puis désactive le pare-feu windows.

Ensuite.
Pour le nettoyage :
> Les logiciels suivants (MalwareByte's Anti-Malware et Ccleaner) te seront utiles par la suite - ils sont à conserver...

> Télécharge MalwareByte's Anti-Malware :
- Installe le programme puis lance le stp.
NB : S'il te manque COMCTL32.OCX alors télécharge le ici
- Fais les mises à jour (clique sur "Mises à jour" puis "Recherche de mises à jour") puis ferme le programme.
NB : Si tu as besoin : Tuto

> Télécharge et installe Ccleaner :
- Fais les mises à jour puis ferme le programme.
Si besoin est tu trouveras des Tutoriaux : ici, ici et là.

> Télécharge Clean (de Malekal Morte) (différent de Ccleaner)

> Télécharge SDFix (de AndyManchesta) sur ton bureau :
- Double clique sur l'archive SDFix qui à été créé sur le Bureau et installe le programme (l'installation va créer un dossier (à la racine du disque dur par défaut) nommé SDFix. Ferme ensuite le programme.

> Commence par faire un copier/coller de ce poste (cette manip.): (conseillé)
Ouvre un nouveau fichier Bloc notes (clique sur "Démarrer" => "Programmes" =>"Accessoires" => "Bloc notes"),
puis fait un copier/coller de tout le contenu de la fenêtre de ce poste dans le fichier texte.
Sauvegarde le sur le bureau, tu pourras alors y avoir accès même déconnecté ou en mode sans échec.

> Démarre en mode sans échec : (image). Si problème : tuto ici

> Lance MalwareByte's Anti-Malware,
- Clique sur "Executer un examen complet" puis "Rechercher" et sélectionne tous tes disques durs => le scan débute....patiente...
- A la fin du scanne, clique sur "supprimer" (Si des éléments sont difficiles à supprimer, un message te demandera de redémarrer : clique sur "Oui" alors)
- Un rapport va être généré (le dernier après supression des infections) : sauvegarde le et poste le sur forum stp.

> Lance Ccleaner,
- Choisi l’onglet "Options" puis clique sur "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures" (tout doit être supprimé).
- Dans l'onglet "Nettoyeur" clique sur "Analyse".
- Une fois l'analyse terminée, clique sur "Lancer le Nettoyage".
- Dans l'onglet "registre" => Recherches des erreurs => Réparer les erreurs sélectionnées => enregistre une sauvegarde => corriger toutes erreurs sélectionnées => ok => fermer.
N.B : Si Ccleaner te propose d'enregistrer une sauvegarde, reponds oui et enregistre sous 'Bureau'
Recommence jusqu’à ce qu’il ne trouve plus rien (cela varie en général entre 1 et 4 fois).

> Pour Clean (encore en mode sans échec) :
- Double-clic sur clean.cmd
- Une fenêtre va apparaître, choisis l'option 2, suis les consignes et poste le rapport clean (Le rapport clean se trouve ici : C:\rapport_clean.txt)
NB : Si besoin : Tuto

> Pour SDFix (toujours en mode sans échec) :
- Vas dans c:/SDFix et double-clique sur RunThis.bat
- Appuie sur < Y > puis < Entrée >....Le nettoyage commence....patience...
- Le programme va te demander de relancer le PC, frappe une touche...
- Le nettoyage se termine...un rapport apparait...
-Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse

> Relance ton PC en mode normal

> Relance Hijackthis :
Puis sélectionne < do a system scan and save a logfile >,

Et envoie moi, par collier/coller, ton log Hijackthis stp,

Bon courage,

:)

NB : N'oublie pas de poster TOUS les rapports stp ( MalwareByte's Anti-Malware, Clean (différent de Ccleaner - ne poste pas celui de Ccleaner), SDFix puis HiJAckT).

A+
0
Réponse 9 / 21
aabdelbari
 
Salut DIID,

voila les rapports :
Clean :
Script executed in Safe Mode
Rapport clean par Malekal_morte - http://www.malekal.com
Script executed in Safe Mode 04/05/2008 a 8:54:53,42

Microsoft Windows [Version 6.0.6000]

*** Suppression C:

*** Suppression C:\Windows\

*** Suppression C:\Windows\system32
tentative de suppression de C:\Windows\system32\wininit.exe
Impossible de supprimer C:\Windows\system32\wininit.exe
tentative de suppression de C:\Windows\system32\wininit.exe
Impossible de supprimer C:\Windows\system32\wininit.exe

*** Suppression C:\Program Files

*** Deletion of the registry keys successful..
*** End of the report !

*******************************
Rapport Malwares :
Malwarebytes' Anti-Malware 1.11
Version de la base de données: 707

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 241653
Temps écoulé: 1 hour(s), 51 minute(s), 25 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

***************************
Rapport de BTFix :
BTFix 1.098 (par bibi26) - 04/05/2008 09:01:38 - Nettoyage - Mode sans échec
Lancé depuis C:\Users\aabdelbari\Desktop\Applications\Entretien\BTFix\BTFix\BTFix.exe

---> Fichiers/dossiers supprimés (Première passe)

- Fichiers temporaires effacés

---> Nettoyage terminé le 04/05/2008 09:01:42
*******************************
Rapport de Hijack :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:36:56, on 01/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Athan\Athan.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\FlashGet\flashget.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe
C:\Windows\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\AABDEL~1\AppData\Local\Temp\byXQJCSm.dll,#1
O4 - HKCU\..\Run: [16802785] rundll32.exe "C:\Users\AABDEL~1\AppData\Local\Temp\anspthih.dll",b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BM15b31419] Rundll32.exe "C:\Users\AABDEL~1\AppData\Local\Temp\gledsnik.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
0
Réponse 10 / 21
jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
 
salut ,a la demande de DllD ,je reprend la suite du post .

aabdelbari: je regarde ton log hijackthis en début de soirée et je te donnerais la suite de la démarche .
0
Réponse 11 / 21
aabdelbari
 
Salut JFKpresident et a tous,
Merci JFK, j'attends une suite.
A bientot.
0
Réponse 12 / 21
jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
 
salut,

dans un premier temps ,tu as deux antivirus actifs donc risque de conflits et ralentissements du pc !!

désinstalle norton avec cet outil :http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924
désactive Windows defender aussi et tu garde antivir actif .
il ne te faut qu'un seul antivirus et pare-feu sur ton pc !pour ce qui est des anti-spywares tu peux en avoir plusieurs ,pas de soucis .

Ensuite :

Télécharges ComboFix à partir d'un de ces liens :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
https://forospyware.com
http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/

Et important, enregistre le sur le bureau.

Avant d'utiliser ComboFix :

? Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

? Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
la protection en temps réel de ton Antivirus et de tes Antispywares,
qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt,.
est automatiquement sauvegardé et rangé à C:\Combofix.txt)

? Réactive la protection en temps réel de ton Antivirus et de tes Antispywares,
avant de te reconnecter à internet.

? Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

pour ce qui est des outils que je te fait téléchargés ne t'inquiete pas on vire tout ca a la fin .
0
Réponse 13 / 21
aabdelbari
 
Salut JFKPresident,

Merci a toi pour ton aide,
voila comme tu m'as demande le rapport :

ComboFix 08-05-01.3 - aabdelbari 2008-05-06 17:31:24.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.241 [GMT 3:00]
Running from: C:\Users\aabdelbari\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\aabdelbari\AppData\Roaming\inst.exe
C:\Windows\system32\x64

.
((((((((((((((((((((((((( Files Created from 2008-04-06 to 2008-05-06 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-05 14:11 --------- d-----w C:\Users\aabdelbari\AppData\Roaming\Skype
2008-05-04 16:59 --------- d-----w C:\Program Files\directx
2008-05-04 16:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-03 20:07 --------- d-----w C:\Program Files\CCleaner
2008-05-01 18:09 --------- d-----w C:\Users\aabdelbari\AppData\Roaming\Malwarebytes
2008-05-01 18:05 --------- d-----w C:\ProgramData\Malwarebytes
2008-05-01 18:05 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-05-01 17:36 --------- d-----w C:\Program Files\Trend Micro
2008-04-30 09:38 86,152 ----a-w C:\Users\aabdelbari\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-04-29 11:32 --------- d--h--w C:\ProgramData\{BD789F20-928D-4DE9-9595-8D150B6482B8}
2008-04-29 11:29 --------- d---a-w C:\ProgramData\TEMP
2008-04-28 13:53 --------- d-----w C:\ProgramData\Avira
2008-04-28 13:53 --------- d-----w C:\Program Files\Avira
2008-04-28 13:45 --------- d-----w C:\ProgramData\Symantec
2008-04-28 13:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-28 13:36 --------- d-----w C:\Program Files\Symantec
2008-04-28 11:47 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-04-28 11:00 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-28 10:52 691,545 ----a-w C:\Windows\unins000.exe
2008-04-26 18:26 --------- d-----w C:\ProgramData\Kodak
2008-04-26 18:23 --------- d-----w C:\Program Files\QuickTime
2008-04-26 18:21 --------- d-----w C:\ProgramData\Apple Computer
2008-04-26 18:16 --------- d-----w C:\Program Files\Kodak
2008-04-26 18:14 --------- d-----w C:\Program Files\Common Files\Kodak
2008-04-26 18:13 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-04-25 07:34 --------- d-----w C:\ProgramData\Roxio
2008-04-21 13:21 --------- d-----w C:\Program Files\Google
2008-04-21 10:33 --------- d-----w C:\Program Files\AnglaisFacile.com
2008-04-21 10:32 --------- d-----w C:\Users\aabdelbari\AppData\Roaming\ESTsoft
2008-04-21 10:32 --------- d-----w C:\Program Files\ESTsoft
2008-04-20 12:30 944,184 ----a-w C:\Windows\System32\winload.exe
2008-04-20 12:30 905,400 ----a-w C:\Windows\System32\winresume.exe
2008-04-20 12:30 620,088 ----a-w C:\Windows\System32\ci.dll
2008-04-20 12:30 613,888 ----a-w C:\Windows\System32\wpd_ci.dll
2008-04-20 12:30 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-04-20 12:30 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-04-20 12:30 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-04-20 12:30 224,824 ----a-w C:\Windows\System32\clfs.sys
2008-04-20 12:30 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-04-20 12:30 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-04-20 12:30 1,585,664 ----a-w C:\Windows\System32\setupapi.dll
2008-04-20 12:27 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-04-19 08:47 --------- d-----w C:\Program Files\Windows Mail
2008-04-19 08:04 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-04-19 08:04 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-04-19 08:00 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-04-19 08:00 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-04-19 08:00 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-04-19 08:00 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-04-19 08:00 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-04-19 08:00 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-04-19 08:00 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-04-19 08:00 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-04-19 07:57 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-04-19 07:57 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
2008-04-19 07:55 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-19 07:55 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-19 07:55 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-19 07:55 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-04-19 00:06 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-04-19 00:06 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-04-19 00:04 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-04-04 20:14 --------- d-----w C:\Program Files\Dictionnaire
2007-09-29 09:42 47,360 ----a-w C:\Users\aabdelbari\AppData\Roaming\pcouffin.sys
2007-08-30 06:39 174 --sha-w C:\Program Files\desktop.ini
2007-08-17 15:25 0 ----a-w C:\Users\aabdelbari\AppData\Roaming\wklnhst.dat
2007-12-26 16:15 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-12-26 16:15 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-12-26 16:15 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-09-06 17:30 22 --sha-w C:\Windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 04:02 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 15:34 2159104 C:\Windows\System32\oobefldr.dll]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 15:35 125440]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 02:15 221184]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2008-04-23 19:19 1189104]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 15:36 201728]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-19 12:42 1006264]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 23:43 729088]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 03:50 1021224]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 18:38 4390912 C:\Windows\RtHDVCpl.exe]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 09:11 49152]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-02-16 12:08 172032]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 21:38 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 22:39 46704]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 22:18 472776]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-11 01:12 317128]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"CognizanceTS"="c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 22:12 17920]
"Athan"="C:\Program Files\Athan\Athan.exe" [2007-06-10 19:08 974848]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-19 20:59 185632]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 20:51 583048]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 03:29 102400]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-10-18 10:19 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-10-18 10:18 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-10-18 10:18 133656]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-20 12:27:40 719664]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-689571348-2675742143-476182123-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E1DB5F64-BEF0-49D4-A505-64EEE9CEE6E9}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{9A42A9F2-3C5E-4946-8D31-411B2A2CE275}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"TCP Query User{7A5B57FD-32F4-482F-9E66-692A3ED35AA9}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{EF02AC7C-28ED-4562-BA7D-192457130E79}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{2B3A8913-D42A-4EFD-9849-0FEEA03E4D7A}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{A75C0F17-33FE-4BB3-B113-CC14D9226C98}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{EE693781-14B1-490D-ADB5-30F7A5A5A5DC}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{9AA463A9-54B9-4C9F-BC6B-001AC6D006FA}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{24CF73AE-BF44-4266-8902-137B8EB5E965}"= Disabled:UDP:C:\Windows\System32\P2P Networking\P2P Networking.exe:P2P Networking
"{F7658866-7FDD-4278-8566-15BFE33A479C}"= Disabled:TCP:C:\Windows\System32\P2P Networking\P2P Networking.exe:P2P Networking
"{0F880E49-5D5E-44B3-8EEA-A2BA760E741A}"= UDP:C:\Program Files\VoipCheapCom\VoipCheapCom.exe:VoipCheapCom
"{7C9C31BE-601D-4CCB-A0D7-99F7351D2B04}"= TCP:C:\Program Files\VoipCheapCom\VoipCheapCom.exe:VoipCheapCom
"{05A4430D-7C94-4EEA-ABE5-1BFEC60F1502}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{C0B19C18-5957-4C4D-9C69-204C4254B471}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{C766F811-5E4B-4CB3-8C34-43D6F17F104B}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{3C0BCD64-538B-4B8F-81D9-0C1D245FBF93}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{3C615DB6-3256-4341-9218-56A68B1E75B9}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{9D795FBD-F263-4C4D-B2A3-5644012521B9}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{887DD74D-2B05-4E76-835A-0A37C19E7E23}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{F91FD35F-260F-4189-B8FC-BE7C70BCD05E}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{DDABD300-C4EE-46B4-ABA2-B3B293BA0BAA}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{10CDC10A-FF7E-4E2A-AE60-8D431460DDEF}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImApp.exe:IncrediMail
"{237EF237-5A29-429D-AC00-AE4586BFB8D8}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{85B174E8-CD21-4D71-B0CC-F0DB481AE04C}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{63CC8A2A-BD6E-431E-9427-FF691A2B25C0}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{8417F815-2D37-4FE1-9CB0-411EE17F3131}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"TCP Query User{69E88E74-DDCA-4536-91F3-09927313F2B0}E:\\setup.exe"= UDP:E:\setup.exe:setup
"UDP Query User{F54A78E4-67B3-496C-AC2E-45EB5F2A8AC7}E:\\setup.exe"= TCP:E:\setup.exe:setup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 10:30]
S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-01-02 13:45]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-01-02 13:45]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-01-02 13:45]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
GPSvcGroup REG_MULTI_SZ GPSvc

.
Contents of the 'Scheduled Tasks' folder
"2008-04-28 10:20:57 C:\Windows\Tasks\EasyShare Registration Task.job"
- C:\Windows\system32\rundll32.exeZC:\PROGRA~2\Kodak\EasyShareSetup\$REGIS~1\Registration_7.5.20.2.sxt _RegistrationOffer@16
"2008-05-06 14:50:07 C:\Windows\Tasks\User_Feed_Synchronization-{F7E47F5C-836F-42A0-B501-3B07459462C3}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-06 17:39:29
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

folder error: C:\Users\aabdelbari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hp\QuickPlay\Kernel\TV\CLSched.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\System32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\System32\lpremove.exe
C:\Windows\System32\RacAgent.exe
C:\Windows\System32\lpksetup.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-05-06 17:53:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-06 14:52:45

The system cannot find message text for message number 0x2379 in the message file for Application.
The system cannot find message text for message number 0x2379 in the message file for Application.

225 --- E O F --- 2008-05-02 14:05:26

J'attends ta reponse,
Avec mes remerciements
0
Réponse 14 / 21
jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
 
re,je vois encore des traces de symantec ,as tu bien désinstallé Norton ?

reposte moi un nouveau hijack STP .
0
Réponse 15 / 21
aabdelbari
 
Salut,
voila le rapport HIJAck
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:22:07, on 01/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\AABDEL~1\AppData\Local\Temp\byXQJCSm.dll,#1
O4 - HKCU\..\Run: [16802785] rundll32.exe "C:\Users\AABDEL~1\AppData\Local\Temp\anspthih.dll",b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BM15b31419] Rundll32.exe "C:\Users\AABDEL~1\AppData\Local\Temp\gledsnik.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
0
Réponse 16 / 21
aabdelbari
 
J'ai oublie de te preciser que j'ai desinstalle Norton Antivirus avec la simple commande de desinstallation {Ajout supp Prog de windows}.
Comme tu l'as remarque il y reside quelques fichiers, alors que faire now ???
Merci a toi.
0
Réponse 17 / 21
jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
 
salut,je t'avais mis le lien post#16 pour désinstaller Norton proprement :

désinstalle norton avec cet outil :http://service1.symantec.com/

reposte moi un hijackthis complet sur celui que tu m'as mis il manque les processus de démarrage ainsi que les programmes qui se lancent a l'ouverture de windows !
0
Réponse 18 / 21
aabdelbari
 
bonsoir JFK,
Je te remercie pour ta reponse, mais l'adresse est incomplete, je te prie de me la renvoyer,
Mille merci.
0
Réponse 19 / 21
jfkpresident Messages postés 13877 Statut Contributeur sécurité 1 175
 
re,

Je te remercie pour ta reponse, mais l'adresse est incomplete, je te prie de me la renvoyer, ==>>tu as juste a cliquer dessus !!

n'oubli pas de me renvoyer un log hijack complet .
0
Réponse 20 / 21
aabdelbari
 
Oui, c'est ce que j'ai fait mais elle ne s'ouvre pas ..????
0