Sujet Précédent Sujet Suivant

Win32 tratHBO au secours svp

Résolu
kesseksa -  
ep44 Messages postés 7432 Statut Contributeur -
Bonjour,
Je suis infecté depuis hier par virus Win32 tratHBO (détecté par avast) - essayé de l'éradiquer, mais bien sûr impossible - vu sur internet que plusieurs ont même problème ; ai lu certains échanges de solutions sur le sujet, c'est compliqué non ?

Je suis vraiment novice en la matière - (ah, j'ai essayé de télécharger hijack this, au cas où j'en aurais besoin, mais apparemment je ne peux même plus télécharger quoi que ce soit , car quand je télécharge, je clique sur "enregistrer", mais rien ne se passe ... !!)

quelqu'un peut-il m'aider ?

je suis sous :
Windows XP
Firefox 2.0.0.14

33 réponses

Précédent
  • 1
  • 2
Réponse 21 / 33
ep44 Messages postés 7432 Statut Contributeur 3
 
beeennnn oui ;-)
0
kesseksa
 
bon, il a fini par me laisser redémarrer (antivir) ça a été long ... bref, le scan est parti, en mode sans échec, je mets tout en quarantaine,
je te tiens au courant
ça va durer un moment je pense

(ah ! quelle vie trépidante nous vivons ... )

@+
0
Réponse 22 / 33
ep44 Messages postés 7432 Statut Contributeur 3
 
;-)))

@+
0
kesseksa
 
bonjour,
bon antivir a scanné, a trouvé vundo à plusieurs reprise, j'ai fait "mise en quarantaine pour tout" - à la fin ai redémarré en mode normal, arrivé sur le bureau, je n'est que le fond d'écran et une fenêtre antivir me signalant le virus vundo, je clique sur quarantaine, mais, j'ai beau cliquer, il reste sur la fenetre antivir me signalant vundo, je clique, il reste sur la fenêtre ....... bref je n'ai rien d'autre à l'écran.

donc, je suis retourné en mode sans échec pour copier le rapport d'antivir suite au scan pour te l'envoyer d'un autre poste.
ci-dessous :


Avira AntiVir Personal
Report file date: 2008-05-05 22:27

Scanning for 1252167 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: Lagadec
Computer name: SNCH75000508

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 2008-04-09 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-05-05 19:44:10
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-05-05 19:44:10
LUKE.DLL : 8.1.2.9 151809 Bytes 2008-05-05 19:44:10
LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-05-05 19:44:10
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 13:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 19:44:11
ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 2008-05-05 19:44:11
ANTIVIR3.VDF : 7.0.4.1 2048 Bytes 2008-05-05 19:44:11
Engineversion : 8.1.0.37
AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-05-05 19:44:11
AESCRIPT.DLL : 8.1.0.28 233851 Bytes 2008-05-05 19:44:11
AESCN.DLL : 8.1.0.15 119157 Bytes 2008-05-05 19:44:11
AERDL.DLL : 8.1.0.20 418165 Bytes 2008-05-05 19:44:11
AEPACK.DLL : 8.1.1.4 364918 Bytes 2008-05-05 19:44:11
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 2008-05-05 19:44:11
AEHEUR.DLL : 8.1.0.21 1196407 Bytes 2008-05-05 19:44:11
AEHELP.DLL : 8.1.0.14 115063 Bytes 2008-05-05 19:44:11
AEGEN.DLL : 8.1.0.18 299381 Bytes 2008-05-05 19:44:11
AEEMU.DLL : 8.1.0.5 430450 Bytes 2008-05-05 19:44:11
AECORE.DLL : 8.1.0.27 168310 Bytes 2008-05-05 19:44:11
AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-05-05 19:44:10
AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-05-05 19:44:10
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 12:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 2008-05-05 19:44:10
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-05-05 19:44:09
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-05-05 19:44:09
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-05-05 19:44:10
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-05-05 19:44:10
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-05-05 19:44:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-05-05 19:44:04
RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-05-05 19:44:05

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, A:, D:, R:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 2008-05-05 22:27

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'A:\'
[INFO] In the drive 'A:\' no data medium is inserted!

Starting to scan the registry.
C:\WINDOWS\system32\ahyufjxe.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '48986e44.qua'!
C:\WINDOWS\system32\wbiuagqi.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '48886e3e.qua'!

The registry was scanned ( '48' files ).


Starting the file scan:

Begin scan in 'C:\' <HDD>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\upload_moi_SNCH75000508.tar.gz
[0] Archive type: GZ
--> upload_moi.tar
[1] Archive type: TAR (tape archiver)
--> WINDOWS/System32/fidaphiy.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '488b6e67.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\TeknumUpdater16.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '488a705a.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F5D2A5A.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3BA37B32.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{AE51165C-7C7E-4BC6-BCA4-E3665D132FB2}\00000001.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{AE51165C-7C7E-4BC6-BCA4-E3665D132FB2}\00000001.URM
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.CO
[NOTE] The file was moved to '484f70cb.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{AE51165C-7C7E-4BC6-BCA4-E3665D132FB2}\00000002.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{AE51165C-7C7E-4BC6-BCA4-E3665D132FB2}\00000002.URM
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.CO
[NOTE] The file was moved to '49c98c2c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{AE51165C-7C7E-4BC6-BCA4-E3665D132FB2}\00000003.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{AE51165C-7C7E-4BC6-BCA4-E3665D132FB2}\00000003.URM
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.CO
[NOTE] The file was moved to '484f70cd.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{AE51165C-7C7E-4BC6-BCA4-E3665D132FB2}\00000004.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{AE51165C-7C7E-4BC6-BCA4-E3665D132FB2}\00000004.URM
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.CO
[NOTE] The file was moved to '484f70cc.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{AE51165C-7C7E-4BC6-BCA4-E3665D132FB2}\00000005.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{AE51165C-7C7E-4BC6-BCA4-E3665D132FB2}\00000005.URM
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.CO
[NOTE] The file was moved to '49c98c2e.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{AE51165C-7C7E-4BC6-BCA4-E3665D132FB2}\00000006.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{AE51165C-7C7E-4BC6-BCA4-E3665D132FB2}\00000006.URM
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.CO
[NOTE] The file was moved to '484f70cf.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{AE51165C-7C7E-4BC6-BCA4-E3665D132FB2}\00000007.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{AE51165C-7C7E-4BC6-BCA4-E3665D132FB2}\00000007.URM
[DETECTION] Is the Trojan horse TR/Swizzor.A
[NOTE] The file was moved to '484f70ce.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{AE51165C-7C7E-4BC6-BCA4-E3665D132FB2}\00000009.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{AE51165C-7C7E-4BC6-BCA4-E3665D132FB2}\00000009.URM
[DETECTION] Is the Trojan horse TR/Swizzor.A
[NOTE] The file was moved to '49c98c30.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{AE51165C-7C7E-4BC6-BCA4-E3665D132FB2}\0000000A.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{AE51165C-7C7E-4BC6-BCA4-E3665D132FB2}\0000000A.URM
[DETECTION] Is the Trojan horse TR/Swizzor.A
[NOTE] The file was moved to '484f70d1.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{AE51165C-7C7E-4BC6-BCA4-E3665D132FB2}\0000000C.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{AE51165C-7C7E-4BC6-BCA4-E3665D132FB2}\0000000C.URM
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.CO
[NOTE] The file was moved to '484f70d0.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{AE51165C-7C7E-4BC6-BCA4-E3665D132FB2}\0000000D.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{AE51165C-7C7E-4BC6-BCA4-E3665D132FB2}\0000000D.URM
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.CO
[NOTE] The file was moved to '49c98c32.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{AE51165C-7C7E-4BC6-BCA4-E3665D132FB2}\0000000E.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{AE51165C-7C7E-4BC6-BCA4-E3665D132FB2}\0000000E.URM
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.CO
[NOTE] The file was moved to '484f70d2.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E51B8CBB-60D4-43F7-8D1C-59237D55B2F5}\00000001.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E51B8CBB-60D4-43F7-8D1C-59237D55B2F5}\00000001.URM
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV
[NOTE] The file was moved to '484f70d9.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E51B8CBB-60D4-43F7-8D1C-59237D55B2F5}\00000002.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E51B8CBB-60D4-43F7-8D1C-59237D55B2F5}\00000002.URM
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV
[NOTE] The file was moved to '484f70da.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E51B8CBB-60D4-43F7-8D1C-59237D55B2F5}\00000003.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E51B8CBB-60D4-43F7-8D1C-59237D55B2F5}\00000003.URM
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV
[NOTE] The file was moved to '49c98c3b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E51B8CBB-60D4-43F7-8D1C-59237D55B2F5}\00000004.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E51B8CBB-60D4-43F7-8D1C-59237D55B2F5}\00000004.URM
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV
[NOTE] The file was moved to '484f70dc.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E51B8CBB-60D4-43F7-8D1C-59237D55B2F5}\00000005.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E51B8CBB-60D4-43F7-8D1C-59237D55B2F5}\00000005.URM
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV
[NOTE] The file was moved to '484f70db.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E51B8CBB-60D4-43F7-8D1C-59237D55B2F5}\00000006.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E51B8CBB-60D4-43F7-8D1C-59237D55B2F5}\00000006.URM
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV
[NOTE] The file was moved to '49c98c3c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E51B8CBB-60D4-43F7-8D1C-59237D55B2F5}\00000007.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E51B8CBB-60D4-43F7-8D1C-59237D55B2F5}\00000007.URM
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV
[NOTE] The file was moved to '49c98c3d.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E51B8CBB-60D4-43F7-8D1C-59237D55B2F5}\00000008.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E51B8CBB-60D4-43F7-8D1C-59237D55B2F5}\00000008.URM
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV
[NOTE] The file was moved to '484f70de.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E51B8CBB-60D4-43F7-8D1C-59237D55B2F5}\00000009.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E51B8CBB-60D4-43F7-8D1C-59237D55B2F5}\00000009.URM
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV
[NOTE] The file was moved to '484f70dd.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E51B8CBB-60D4-43F7-8D1C-59237D55B2F5}\0000000A.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E51B8CBB-60D4-43F7-8D1C-59237D55B2F5}\0000000A.URM
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV
[NOTE] The file was moved to '49c98c3e.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E51B8CBB-60D4-43F7-8D1C-59237D55B2F5}\0000000B.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E51B8CBB-60D4-43F7-8D1C-59237D55B2F5}\0000000B.URM
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV
[NOTE] The file was moved to '484f70df.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E51B8CBB-60D4-43F7-8D1C-59237D55B2F5}\0000000C.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E51B8CBB-60D4-43F7-8D1C-59237D55B2F5}\0000000C.URM
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV
[NOTE] The file was moved to '49c98c3f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E51B8CBB-60D4-43F7-8D1C-59237D55B2F5}\0000000D.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E51B8CBB-60D4-43F7-8D1C-59237D55B2F5}\0000000D.URM
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV
[NOTE] The file was moved to '484f70a0.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E51B8CBB-60D4-43F7-8D1C-59237D55B2F5}\0000000E.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E51B8CBB-60D4-43F7-8D1C-59237D55B2F5}\0000000E.URM
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV
[NOTE] The file was moved to '49c98c41.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E51B8CBB-60D4-43F7-8D1C-59237D55B2F5}\0000000F.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E51B8CBB-60D4-43F7-8D1C-59237D55B2F5}\0000000F.URM
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV
[NOTE] The file was moved to '49c98c00.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E51B8CBB-60D4-43F7-8D1C-59237D55B2F5}\00000010.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E51B8CBB-60D4-43F7-8D1C-59237D55B2F5}\00000010.URM
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV
[NOTE] The file was moved to '484f70e1.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E51B8CBB-60D4-43F7-8D1C-59237D55B2F5}\00000011.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E51B8CBB-60D4-43F7-8D1C-59237D55B2F5}\00000011.URM
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV
[NOTE] The file was moved to '484f70e0.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E51B8CBB-60D4-43F7-8D1C-59237D55B2F5}\00000012.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E51B8CBB-60D4-43F7-8D1C-59237D55B2F5}\00000012.URM
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV
[NOTE] The file was moved to '49c98c01.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E51B8CBB-60D4-43F7-8D1C-59237D55B2F5}\00000013.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{E51B8CBB-60D4-43F7-8D1C-59237D55B2F5}\00000013.URM
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV
[NOTE] The file was moved to '49c98c02.qua'!
C:\Documents and Settings\Lagadec\Local Settings\Temporary Internet Files\Content.IE5\541C1A0M\idkfa[1]
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '488a7274.qua'!
C:\Documents and Settings\Lagadec\Local Settings\Temporary Internet Files\Content.IE5\HN70QCLJ\glas[1]
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '48807282.qua'!
C:\Documents and Settings\Lagadec\Local Settings\Temporary Internet Files\Content.IE5\XG3HGQPX\kriv[1]
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '4888728b.qua'!
C:\System Volume Information\_restore{C563218A-304B-4932-87D0-324947F95954}\RP3\A0002533.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '484f991c.qua'!
C:\System Volume Information\_restore{C563218A-304B-4932-87D0-324947F95954}\RP4\A0003809.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '484f9938.qua'!
C:\System Volume Information\_restore{C563218A-304B-4932-87D0-324947F95954}\RP4\A0003810.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '49cd4591.qua'!
C:\WINDOWS\system32\kayfyjco.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '4898a22e.qua'!
C:\WINDOWS\system32\npmwdtvj.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '488ca26d.qua'!
C:\WINDOWS\system32\rqRJApMg.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
Begin scan in 'A:\'
Search path A:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'D:\'
Search path D:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'R:\'
Search path R:\ could not be opened!
Le périphérique n'est pas prêt.



End of the scan: 2008-05-06 08:08
Used time: 9:40:26 min

The scan has been done completely.

10417 Scanning directories
427628 Files were scanned
43 viruses and/or unwanted programs were found
1 Files were classified as suspicious:
0 files were deleted
0 files were repaired
43 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
427585 Files not concerned
8337 Archives were scanned
4 Warnings
43 Notes


donc ? quoi kon fé ?
suis-je bloqué à vie ?
0
Réponse 23 / 33
ep44 Messages postés 7432 Statut Contributeur 3
 
pour Symantec tu le met à la poubelle

Télécharge sur le Bureau.
http://www.atribune.org/ccount/click.php?id=4

=> Double-clic VundoFix.exe.
=> Clic OK
=> Attendre le redemarrage de Vundofix
=> Clic Scan for Vundo
=> Le scan est assez long , à la fin
=> Clic Remove Vundo
=> Puis yes
=> Le Bureau disparaît un moment lors de la suppression des fichiers.
=> Message shutdown
=> clic OK
=> Redémarrage auto
=> copier le rapport qui est dans C:vundofix.txt

ensuite
Télécharge VirtumundoBeGone sur ton bureau .
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
=> double-clic sur VirtumundoBeGone.exe
=> Suis les instructions à l'écran
=> Quand le scan est terminé, enregistre le rapport.
=> Copie/Colle le ici

refais aussi un nouveau rapport hijack
@+
0
kesseksa
 
ok, ai supprimé symantec

ensuite je fais toutes autres les manip' en mode sans échec , on est bien d'accord ? (c'est le seul mode où j'ai la main)
0
Réponse 24 / 33
ep44 Messages postés 7432 Statut Contributeur 3
 
vu tout ce que l'on à supprimer tu ne peux toujours pas travailler en mode normal?

si non ok pour MSE
@+
0
kesseksa
 
bon, j'ai redémarré en mode normal, apparemment j'aurai la main, les icones se mettent en place (mais qu'est ce que ça raaaaaaaame ) antivir beep encore, spybot me signale toujours les deux modif registre

je lance les scans
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 33
ep44 Messages postés 7432 Statut Contributeur 3
 
ok essaye de passez les scans
0
kesseksa
 
RESULTAT SCAN VUNDO :


VundoFix V7.0.3

Scan started at 14:06:06 03/05/2008

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V7.0.3

Scan started at 21:46:33 2008-05-06

Listing files found while scanning....

No infected files were found.


Beginning removal...


SCAN VIRTUMUNDO


[05/06/2008, 22:48:22] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Lagadec\Bureau\VirtumundoBeGone.exe" )
[05/06/2008, 22:48:36] - Detected System Information:
[05/06/2008, 22:48:36] - Windows Version: 5.1.2600, Service Pack 2
[05/06/2008, 22:48:36] - Current Username: Lagadec (Admin)
[05/06/2008, 22:48:36] - Windows is in NORMAL mode.
[05/06/2008, 22:48:36] - Searching for Browser Helper Objects:
[05/06/2008, 22:48:36] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[05/06/2008, 22:48:36] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[05/06/2008, 22:48:37] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/06/2008, 22:48:37] - BHO 4: {8CFCB57E-AEDB-4FB9-A58F-B6F91C97499B} ()
[05/06/2008, 22:48:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/06/2008, 22:48:37] - Checking for HKLM\...\Winlogon\Notify\rqRJApMg
[05/06/2008, 22:48:37] - Key not found: HKLM\...\Winlogon\Notify\rqRJApMg, continuing.
[05/06/2008, 22:48:37] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[05/06/2008, 22:48:37] - BHO 6: {a8e75cfb-12a3-4096-a7cf-70ebd5eeb460} ()
[05/06/2008, 22:48:37] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/06/2008, 22:48:37] - Checking for HKLM\...\Winlogon\Notify\npmwdtvj
[05/06/2008, 22:48:37] - Key not found: HKLM\...\Winlogon\Notify\npmwdtvj, continuing.
[05/06/2008, 22:48:37] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[05/06/2008, 22:48:37] - BHO 8: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[05/06/2008, 22:48:37] - BHO 9: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[05/06/2008, 22:48:37] - Finished Searching Browser Helper Objects
[05/06/2008, 22:48:37] - Finishing up...
[05/06/2008, 22:48:37] - Nothing found! Exiting...


RESULTAT HIJACK

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:54, on 2008-05-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Apps\ActivBoard\MMKeybd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Documents and Settings\Lagadec\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Orange\Deskboard\deskboard.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Documents and Settings\Lagadec\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8CFCB57E-AEDB-4FB9-A58F-B6F91C97499B} - C:\WINDOWS\system32\rqRJApMg.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {064bee5d-be07-fc7a-6904-3a21bfc57e8a} - {a8e75cfb-12a3-4096-a7cf-70ebd5eeb460} - C:\WINDOWS\system32\npmwdtvj.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Documents and Settings\Morgane\Mes documents\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [84f8b0be] rundll32.exe "C:\WINDOWS\system32\ahyufjxe.dll",b
O4 - HKLM\..\Run: [BM87cb8322] Rundll32.exe "C:\WINDOWS\system32\kayfyjco.dll",s
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AnumanLive] C:\Documents and Settings\Lagadec\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Documents and Settings\Morgane\Mes documents\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Documents and Settings\Morgane\Mes documents\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ?
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=https://www.orange.fr/portail
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://images.goa.com/v3/InstallGoaIT/Itpp/V2,0,1,6/npwwg.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://11731.kit.carpediem.fr/FanParis.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FD40EC41-D860-4579-8BA4-52671A45C71C} (AxHtChat Class) - http://images.goa.com/v3/InstallGoaIT/ChatAx/V4,0,5,4/npaxchat.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
0
Réponse 26 / 33
ep44 Messages postés 7432 Statut Contributeur 3
 
on va y arrivé

Télécharge Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
=> déconnecte toi d'internet et ferme toutes tes applications.
=> désactive tes protections (antivirus, parefeu,antispyware)
=> Double-clic sur combofix,
=> Ne touche à rien tant que le scan n'est pas terminé.Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
=> Attends que combofix ait terminé, un rapport sera créé.
=> réactive ton parefeu, ton antivirus, la garde de ton antispyware
=> copie/colle le rapport C:\ComboFix.txt

@+
0
kesseksa
 
Bonjour,
bon, j'ai tout fait la manip comme prévu
combofix à scanné
à la fin, le pc à redémarré tout seul, je suis allé sur ma session, combo a préparé le rapport.
pendant ce temps deux petites fenêtres se sont affichées :

erreur de chargement - C:WINDOWS\System32\kayfyjo.dll - le module spécifié est introuvable
erreur de chargement - C:WINDOWS\System32\ahyufjxe.dll - le module spécifié est introuvable

(c'est plutôt bon signe ça non ?)

bon bref, ci dessous rapport combofix :


ComboFix 08-05-01.3 - Lagadec 2008-05-07 18:06:46.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.424 [GMT 2:00]
Endroit: C:\Documents and Settings\Lagadec\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bvkfogam.ini
C:\WINDOWS\system32\exjfuyha.ini
C:\WINDOWS\system32\gMpAJRqr.ini
C:\WINDOWS\system32\gMpAJRqr.ini2
C:\WINDOWS\system32\kuvejuyd.ini
C:\WINDOWS\system32\rqRJApMg.dll
.
---- Previous Run -------
.
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\pac.txt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PERFORMANCE_MONITOR


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-07 to 2008-05-07 ))))))))))))))))))))))))))))))))))))
.

2008-05-06 21:38 . 2008-05-06 21:38 8 --a------ C:\WINDOWS\system32\84f8a230
2008-05-05 20:42 . 2008-05-05 20:42 <REP> d-------- C:\Program Files\Avira
2008-05-05 20:42 . 2008-05-05 20:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-04 21:23 . 2008-05-05 00:43 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-05-04 20:30 . 2008-05-04 20:30 <REP> d-------- C:\_OTMoveIt
2008-05-04 12:50 . 2008-05-04 12:50 <REP> d-------- C:\Deckard
2008-05-03 17:54 . 2008-05-03 17:54 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-03 17:51 . 2008-05-03 17:44 691,545 --a------ C:\WINDOWS\unins000.exe
2008-05-03 17:51 . 2008-05-03 17:51 2,554 --a------ C:\WINDOWS\unins000.dat
2008-05-03 14:06 . 2008-05-03 14:06 <REP> d-------- C:\VundoFix Backups
2008-05-03 12:21 . 2008-05-03 12:21 <REP> d-------- C:\Program Files\CCleaner
2008-05-03 12:19 . 2008-05-03 12:14 2,897,456 --a------ C:\Program Files\ccsetup207.exe
2008-05-02 23:26 . 2008-05-02 23:26 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-02 23:26 . 2008-05-02 23:26 <REP> d-------- C:\Documents and Settings\Lagadec\Application Data\Malwarebytes
2008-05-02 23:26 . 2008-05-02 23:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-01 23:51 . 2008-05-02 18:59 <REP> d-------- C:\Program Files\Navilog1
2008-05-01 23:46 . 2008-05-01 23:49 <REP> d-------- C:\Program Files\ANTIVIRUS pour pb win32
2008-05-01 21:25 . 2008-05-01 21:25 <REP> d-------- C:\Program Files\Trend Micro
2008-04-27 07:43 . 2008-05-05 21:05 109,774 --a------ C:\WINDOWS\BM87cb8322.xml
2008-04-26 19:33 . 2008-04-26 19:33 <REP> d-------- C:\Temp\zvebs14
2008-04-26 17:35 . 2008-04-26 17:35 <REP> d-------- C:\Program Files\LimeWire
2008-04-26 17:35 . 2008-04-28 23:31 <REP> d-------- C:\Documents and Settings\Lagadec\Application Data\LimeWire
2008-04-26 17:33 . 2008-04-26 17:34 4,502,280 --a------ C:\Program Files\LimeWireWin.exe
2008-04-24 14:08 . 2008-04-26 19:30 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-24 14:08 . 2008-04-24 14:08 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-03 17:11 --------- d-s---w C:\Program Files\Fichiers communs\Teknum Systems
2008-05-03 15:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-28 15:44 --------- d-----w C:\Documents and Settings\MATHIEU\Application Data\Skype
2008-04-27 14:33 --------- d-----w C:\Program Files\HandyBits
2008-03-24 18:04 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-23 21:45 --------- d-----w C:\Program Files\MSN Messenger
2008-03-23 21:43 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-23 21:42 --------- d-----w C:\Program Files\Windows Live
2008-03-23 21:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-21 21:15 --------- d-----w C:\Program Files\orange
2008-03-21 21:13 --------- d-----w C:\Program Files\Wanadoo
2008-03-21 21:13 --------- d-----w C:\Program Files\Fichiers communs\France Telecom
2008-03-21 21:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-21 21:04 --------- d-----w C:\Program Files\SAGEM
2008-03-21 21:04 --------- d-----w C:\Documents and Settings\Lagadec\Application Data\InstallShield
2008-03-21 21:02 --------- d-----w C:\Program Files\Securitoo
2008-03-19 20:43 --------- d-----w C:\Program Files\Microsoft Games
2008-03-19 17:14 --------- d-----w C:\Program Files\Dofus
2008-03-08 12:54 --------- d-----w C:\Program Files\Java
2008-01-17 18:19 58,619,176 ----a-w C:\Program Files\iTunesSetup.exe
2007-11-23 19:26 706,008 ----a-w C:\Program Files\installer-1104-33-HandyBits-EasyCrypto-Deluxe-5-5-French.exe
2007-10-15 18:25 1,164,456 ----a-w C:\Program Files\install_flash_player.exe
2007-10-14 19:11 20,256,064 ----a-w C:\Program Files\QuickTimeInstaller.exe
2007-10-03 20:40 1,163,592 ----a-w C:\Program Files\flash-player_flash_player_9.0.60.120_version_firefox_opera_mozilla_francais_21292.exe
2006-11-11 18:27 5,711,904 ----a-w C:\Program Files\Firefox Setup 2.0.exe
2006-07-27 17:14 5,185,136 ----a-w C:\Program Files\Firefox Setup 1.5.0.5.exe
2006-02-04 12:43 5,239,328 ----a-w C:\Program Files\Firefox Setup 1.5.0.1.exe
2005-12-10 17:50 1,892,864 ----a-w C:\Program Files\ecSetup.exe
2005-12-10 17:10 5,240,608 ----a-w C:\Program Files\Firefox Setup 1.5.exe
2005-09-26 16:49 4,214,207 ----a-w C:\Documents and Settings\Lagadec\Scenarios-pack.exe
2005-04-12 16:53 1,147,380 ----a-w C:\Program Files\jean claude 1.exe
2005-04-12 16:49 22 ----a-w C:\Program Files\humour.net.zip
2005-04-08 16:45 5,910,927 ----a-w C:\Program Files\3dduke13.zip
2005-04-08 16:34 245 ----a-w C:\Program Files\clip brice de nice.wvx
2005-04-04 16:45 410,969 ----a-w C:\Program Files\EnterTheMatrix_setup.zip
2004-11-10 19:49 17 ----a-w C:\Program Files\stinger.opt
2004-08-25 19:34 466,624 ----a-w C:\Program Files\GoogleToolbarInstaller.exe
2004-08-24 16:18 61,952 ----a-w C:\Program Files\AntiMabutu-EN.exe
2004-08-24 16:17 816,135 ----a-w C:\Program Files\stinger.exe
2004-08-24 16:11 77 ----a-w C:\Program Files\antivbsvirus.reg
2004-07-29 17:05 2,150,574 ----a-w C:\Program Files\aaw6181.exe
2004-07-29 16:47 350,817 ----a-w C:\Program Files\aaw-lang-pack.exe
2005-04-12 17:14 56 --sh--r C:\WINDOWS\system32\9B7A27A4BD.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a8e75cfb-12a3-4096-a7cf-70ebd5eeb460}]
C:\WINDOWS\system32\npmwdtvj.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 19:05 143360]
"AnumanLive"="C:\Documents and Settings\Lagadec\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe" [2007-11-06 20:27 347136]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-03 20:24 68856]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 20:19 57344]
"Update Service"="C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\Money Express.exe" [1999-08-04 01:00 127040]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ORAHSSSessionManager"="C:\Program Files\Orange\SessionManager\SessionManager.exe" [2007-09-25 20:10 102400]
"SystrayORAHSS"="C:\Program Files\Orange\Systray\SystrayApp.exe" [2007-09-25 21:08 94208]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-20 01:10 110592 C:\WINDOWS\system32\bthprops.cpl]
"PCSuiteTrayApplication"="C:\Documents and Settings\Morgane\Mes documents\Nokia PC Suite 6\LaunchApplication.exe" [ ]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-29 20:19 40960]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36 256576]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"ACTIVBOARD"="C:\Apps\ActivBoard\MMKeybd.exe" [2001-05-03 19:41 159744]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2005-03-31 16:32 53248]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2005-03-31 16:32 135168]
"NAV Agent"="C:\PROGRA~1\NORTON~1\navapw32.exe" [ ]
"NvCplDaemon"="NvQTwk" []
"POINTER"="point32.exe" []
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [ ]
"YeppStudioAgent"="C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [2005-09-12 14:21 40960]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-05-05 21:44 262401]
"84f8b0be"="C:\WINDOWS\system32\ahyufjxe.dll" [ ]
"BM87cb8322"="C:\WINDOWS\system32\kayfyjco.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Documents and Settings\Morgane\Mes documents\Nokia PC Suite 6\PcSync2.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.MJPG"= pvmjpg21.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"C:\\Program Files\\EA GAMES\\MOHDA\\MOHAA.exe"=
"C:\\APPS\\PHOTOS\\Setup.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2000-10-03 16:18]
R2 nhksrv;Netropa NHK Server;C:\Apps\ActivBoard\nhksrv.exe [2000-09-13 17:18]
R3 CVIAAUD;NEC VIA 3D Environmental Audio;C:\WINDOWS\system32\drivers\cviaaud.sys [2001-09-20 12:33]
R3 CVIAHALA;CVIAHALA;C:\WINDOWS\system32\drivers\cviahal.sys [2001-09-20 12:36]
S3 gel90xne;gel90xne;C:\DOCUME~1\Lagadec\LOCALS~1\Temp\gel90xne.sys []
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2005-04-21 07:33]
S3 V90drv;v90drv;C:\WINDOWS\system32\DRIVERS\v90drv.sys [2001-09-30 19:05]
S3 WLAN_USB; Wireless LAN USB Driver;C:\WINDOWS\system32\DRIVERS\wlanUSB.sys []

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-07 18:25:06
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\[u]0[/u]\FTRTSVC.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\[u]0[/u]\AlertModule.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\APPS\ActivBoard\Traymon.exe
C:\APPS\ActivBoard\osd.exe
C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10IC2.EXE
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-07 18:36:12 - machine was rebooted [Lagadec]
ComboFix-quarantined-files.txt 2008-05-07 16:36:04

Pre-Run: 13,919,899,648 octets libres
Post-Run: 14,172,880,896 octets libres

211 --- E O F --- 2008-04-09 21:49:08


alors Her doctor ???
0
Réponse 27 / 33
ep44 Messages postés 7432 Statut Contributeur 3
 
selectionne ceci

registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a8e75cfb-12a3-4096-a7cf-70ebd5eeb460}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"=-

* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Veille à ce que Retour à la ligne ne soit pas coché dans Format.
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme ceci
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

@+
0
kesseksa
 
Ok, voici resultat scan combo.fix


ComboFix 08-05-01.3 - Lagadec 2008-05-08 0:53:42.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.363 [GMT 2:00]
Endroit: C:\Documents and Settings\Lagadec\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Lagadec\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-07 to 2008-05-07 ))))))))))))))))))))))))))))))))))))
.

2008-05-07 18:36 . 2008-05-07 18:36 <REP> d-------- C:\Documents and Settings\Propriétaire
2008-05-07 18:36 . <REP> C:\Documents and Settings\PropriÚtaire\Local Settings
2008-05-07 18:36 . <REP> C:\Documents and Settings\PropriÚtaire\Local Settings
2008-05-06 21:38 . 2008-05-06 21:38 8 --a------ C:\WINDOWS\system32\84f8a230
2008-05-05 20:42 . 2008-05-05 20:42 <REP> d-------- C:\Program Files\Avira
2008-05-05 20:42 . 2008-05-05 20:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-04 21:23 . 2008-05-05 00:43 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-05-04 20:30 . 2008-05-04 20:30 <REP> d-------- C:\_OTMoveIt
2008-05-04 12:50 . 2008-05-04 12:50 <REP> d-------- C:\Deckard
2008-05-03 17:54 . 2008-05-03 17:54 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-03 17:51 . 2008-05-03 17:44 691,545 --a------ C:\WINDOWS\unins000.exe
2008-05-03 17:51 . 2008-05-03 17:51 2,554 --a------ C:\WINDOWS\unins000.dat
2008-05-03 14:06 . 2008-05-03 14:06 <REP> d-------- C:\VundoFix Backups
2008-05-03 12:21 . 2008-05-03 12:21 <REP> d-------- C:\Program Files\CCleaner
2008-05-03 12:19 . 2008-05-03 12:14 2,897,456 --a------ C:\Program Files\ccsetup207.exe
2008-05-02 23:26 . 2008-05-02 23:26 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-02 23:26 . 2008-05-02 23:26 <REP> d-------- C:\Documents and Settings\Lagadec\Application Data\Malwarebytes
2008-05-02 23:26 . 2008-05-02 23:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-01 23:51 . 2008-05-02 18:59 <REP> d-------- C:\Program Files\Navilog1
2008-05-01 23:46 . 2008-05-01 23:49 <REP> d-------- C:\Program Files\ANTIVIRUS pour pb win32
2008-05-01 21:25 . 2008-05-01 21:25 <REP> d-------- C:\Program Files\Trend Micro
2008-04-27 07:43 . 2008-05-05 21:05 109,774 --a------ C:\WINDOWS\BM87cb8322.xml
2008-04-26 19:33 . 2008-04-26 19:33 <REP> d-------- C:\Temp\zvebs14
2008-04-26 17:35 . 2008-04-26 17:35 <REP> d-------- C:\Program Files\LimeWire
2008-04-26 17:35 . 2008-04-28 23:31 <REP> d-------- C:\Documents and Settings\Lagadec\Application Data\LimeWire
2008-04-26 17:33 . 2008-04-26 17:34 4,502,280 --a------ C:\Program Files\LimeWireWin.exe
2008-04-24 14:08 . 2008-04-26 19:30 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-24 14:08 . 2008-04-24 14:08 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-03 17:11 --------- d-s---w C:\Program Files\Fichiers communs\Teknum Systems
2008-05-03 15:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-28 15:44 --------- d-----w C:\Documents and Settings\MATHIEU\Application Data\Skype
2008-04-27 14:33 --------- d-----w C:\Program Files\HandyBits
2008-03-24 18:04 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-23 21:45 --------- d-----w C:\Program Files\MSN Messenger
2008-03-23 21:43 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-23 21:42 --------- d-----w C:\Program Files\Windows Live
2008-03-23 21:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-21 21:15 --------- d-----w C:\Program Files\orange
2008-03-21 21:13 --------- d-----w C:\Program Files\Wanadoo
2008-03-21 21:13 --------- d-----w C:\Program Files\Fichiers communs\France Telecom
2008-03-21 21:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-21 21:04 --------- d-----w C:\Program Files\SAGEM
2008-03-21 21:04 --------- d-----w C:\Documents and Settings\Lagadec\Application Data\InstallShield
2008-03-21 21:02 --------- d-----w C:\Program Files\Securitoo
2008-03-19 20:43 --------- d-----w C:\Program Files\Microsoft Games
2008-03-19 17:14 --------- d-----w C:\Program Files\Dofus
2008-03-08 12:54 --------- d-----w C:\Program Files\Java
2008-01-17 18:19 58,619,176 ----a-w C:\Program Files\iTunesSetup.exe
2007-11-23 19:26 706,008 ----a-w C:\Program Files\installer-1104-33-HandyBits-EasyCrypto-Deluxe-5-5-French.exe
2007-10-15 18:25 1,164,456 ----a-w C:\Program Files\install_flash_player.exe
2007-10-14 19:11 20,256,064 ----a-w C:\Program Files\QuickTimeInstaller.exe
2007-10-03 20:40 1,163,592 ----a-w C:\Program Files\flash-player_flash_player_9.0.60.120_version_firefox_opera_mozilla_francais_21292.exe
2006-11-11 18:27 5,711,904 ----a-w C:\Program Files\Firefox Setup 2.0.exe
2006-07-27 17:14 5,185,136 ----a-w C:\Program Files\Firefox Setup 1.5.0.5.exe
2006-02-04 12:43 5,239,328 ----a-w C:\Program Files\Firefox Setup 1.5.0.1.exe
2005-12-10 17:50 1,892,864 ----a-w C:\Program Files\ecSetup.exe
2005-12-10 17:10 5,240,608 ----a-w C:\Program Files\Firefox Setup 1.5.exe
2005-09-26 16:49 4,214,207 ----a-w C:\Documents and Settings\Lagadec\Scenarios-pack.exe
2005-04-12 16:53 1,147,380 ----a-w C:\Program Files\jean claude 1.exe
2005-04-12 16:49 22 ----a-w C:\Program Files\humour.net.zip
2005-04-08 16:45 5,910,927 ----a-w C:\Program Files\3dduke13.zip
2005-04-08 16:34 245 ----a-w C:\Program Files\clip brice de nice.wvx
2005-04-04 16:45 410,969 ----a-w C:\Program Files\EnterTheMatrix_setup.zip
2004-11-10 19:49 17 ----a-w C:\Program Files\stinger.opt
2004-08-25 19:34 466,624 ----a-w C:\Program Files\GoogleToolbarInstaller.exe
2004-08-24 16:18 61,952 ----a-w C:\Program Files\AntiMabutu-EN.exe
2004-08-24 16:17 816,135 ----a-w C:\Program Files\stinger.exe
2004-08-24 16:11 77 ----a-w C:\Program Files\antivbsvirus.reg
2004-07-29 17:05 2,150,574 ----a-w C:\Program Files\aaw6181.exe
2004-07-29 16:47 350,817 ----a-w C:\Program Files\aaw-lang-pack.exe
2005-04-12 17:14 56 --sh--r C:\WINDOWS\system32\9B7A27A4BD.sys
.

((((((((((((((((((((((((((((( snapshot@2008-05-07_18.35.43.89 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-07 16:19:09 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-07 23:01:58 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 19:05 143360]
"AnumanLive"="C:\Documents and Settings\Lagadec\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe" [2007-11-06 20:27 347136]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-03 20:24 68856]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 20:19 57344]
"Update Service"="C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\Money Express.exe" [1999-08-04 01:00 127040]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ORAHSSSessionManager"="C:\Program Files\Orange\SessionManager\SessionManager.exe" [2007-09-25 20:10 102400]
"SystrayORAHSS"="C:\Program Files\Orange\Systray\SystrayApp.exe" [2007-09-25 21:08 94208]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-20 01:10 110592 C:\WINDOWS\system32\bthprops.cpl]
"PCSuiteTrayApplication"="C:\Documents and Settings\Morgane\Mes documents\Nokia PC Suite 6\LaunchApplication.exe" [ ]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-29 20:19 40960]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36 256576]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"ACTIVBOARD"="C:\Apps\ActivBoard\MMKeybd.exe" [2001-05-03 19:41 159744]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2005-03-31 16:32 53248]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2005-03-31 16:32 135168]
"NAV Agent"="C:\PROGRA~1\NORTON~1\navapw32.exe" [ ]
"NvCplDaemon"="NvQTwk" []
"POINTER"="point32.exe" []
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [ ]
"YeppStudioAgent"="C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [2005-09-12 14:21 40960]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-05-05 21:44 262401]
"84f8b0be"="C:\WINDOWS\system32\ahyufjxe.dll" [ ]
"BM87cb8322"="C:\WINDOWS\system32\kayfyjco.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Documents and Settings\Morgane\Mes documents\Nokia PC Suite 6\PcSync2.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"C:\\Program Files\\EA GAMES\\MOHDA\\MOHAA.exe"=
"C:\\APPS\\PHOTOS\\Setup.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2000-10-03 16:18]
R2 nhksrv;Netropa NHK Server;C:\Apps\ActivBoard\nhksrv.exe [2000-09-13 17:18]
R3 CVIAAUD;NEC VIA 3D Environmental Audio;C:\WINDOWS\system32\drivers\cviaaud.sys [2001-09-20 12:33]
R3 CVIAHALA;CVIAHALA;C:\WINDOWS\system32\drivers\cviahal.sys [2001-09-20 12:36]
S3 gel90xne;gel90xne;C:\DOCUME~1\Lagadec\LOCALS~1\Temp\gel90xne.sys []
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2005-04-21 07:33]
S3 V90drv;v90drv;C:\WINDOWS\system32\DRIVERS\v90drv.sys [2001-09-30 19:05]
S3 WLAN_USB; Wireless LAN USB Driver;C:\WINDOWS\system32\DRIVERS\wlanUSB.sys []

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-08 01:04:01
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\[u]0[/u]\FTRTSVC.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\orange\Launcher\Launcher.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\[u]0[/u]\AlertModule.exe
C:\APPS\ActivBoard\Traymon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\APPS\ActivBoard\osd.exe
C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10IC2.EXE
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\orange\Deskboard\Deskboard.exe
C:\Program Files\orange\Connectivity\ConnectivityManager.exe
C:\Program Files\orange\Connectivity\corecom\CoreCom.exe
C:\Program Files\orange\Connectivity\corecom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\[u]0[/u]\FTCOMModule.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-08 1:16:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-07 23:15:50
ComboFix2.txt 2008-05-07 16:36:13

Pre-Run: 14,244,020,224 octets libres
Post-Run: 14,228,127,744 octets libres

202 --- E O F --- 2008-04-09 21:49:08
0
Réponse 28 / 33
ep44 Messages postés 7432 Statut Contributeur 3
 
Bonjour

je suis désolé je ai laissé passé deux à la trappe
pour celle-ci C:\Program Files\3dduke13.zip est-ce que tu connais
si non tu la rajoute à la liste sous file::

peut tu refaire le manip avec

selectionne ceci

registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"84f8b0be"=-
"BM87cb8322"=-

File::
C:\WINDOWS\system32\84f8a230
C:\WINDOWS\BM87cb8322.xml

* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Veille à ce que Retour à la ligne ne soit pas coché dans Format.
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme ceci
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

@+
0
kesseksa
 
Bonjour ep44

y a pas de problème, manip' faite je te joins le rapport.

parcontre, après le redémarrage, pendant la préparation du rapport, spybot a décelé "un élément important registre modifié - modif : valeur supprimée - élément : 84f8b0be - anvienne valeur : rundll32.exe C:\WINDOWS\System32\ahyufjxe.dll"

il me demande accepter ou refuser la modif ?? qu'est ce que je dit ??? (dans la mesure où apparemment les deux valeurs sont des trucs qui nous em..... ???

bon sinon, le rapport :


ComboFix 08-05-01.3 - Lagadec 2008-05-08 12:15:45.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.431 [GMT 2:00]
Endroit: C:\Documents and Settings\Lagadec\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Lagadec\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color

FILE ::
C:\Program Files\3dduke13.zip
C:\WINDOWS\BM87cb8322.xml
C:\WINDOWS\system32\84f8a230
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\3dduke13.zip
C:\WINDOWS\BM87cb8322.xml
C:\WINDOWS\system32\84f8a230

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-08 to 2008-05-08 ))))))))))))))))))))))))))))))))))))
.

2008-05-07 18:36 . 2008-05-07 18:36 <REP> d-------- C:\Documents and Settings\Propriétaire
2008-05-07 18:36 . <REP> C:\Documents and Settings\PropriÚtaire\Local Settings
2008-05-07 18:36 . <REP> C:\Documents and Settings\PropriÚtaire\Local Settings
2008-05-05 20:42 . 2008-05-05 20:42 <REP> d-------- C:\Program Files\Avira
2008-05-05 20:42 . 2008-05-05 20:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-04 21:23 . 2008-05-05 00:43 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-05-04 20:30 . 2008-05-04 20:30 <REP> d-------- C:\_OTMoveIt
2008-05-04 12:50 . 2008-05-04 12:50 <REP> d-------- C:\Deckard
2008-05-03 17:54 . 2008-05-03 17:54 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-03 17:51 . 2008-05-03 17:44 691,545 --a------ C:\WINDOWS\unins000.exe
2008-05-03 17:51 . 2008-05-03 17:51 2,554 --a------ C:\WINDOWS\unins000.dat
2008-05-03 14:06 . 2008-05-03 14:06 <REP> d-------- C:\VundoFix Backups
2008-05-03 12:21 . 2008-05-03 12:21 <REP> d-------- C:\Program Files\CCleaner
2008-05-03 12:19 . 2008-05-03 12:14 2,897,456 --a------ C:\Program Files\ccsetup207.exe
2008-05-02 23:26 . 2008-05-02 23:26 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-02 23:26 . 2008-05-02 23:26 <REP> d-------- C:\Documents and Settings\Lagadec\Application Data\Malwarebytes
2008-05-02 23:26 . 2008-05-02 23:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-01 23:51 . 2008-05-02 18:59 <REP> d-------- C:\Program Files\Navilog1
2008-05-01 23:46 . 2008-05-01 23:49 <REP> d-------- C:\Program Files\ANTIVIRUS pour pb win32
2008-05-01 21:25 . 2008-05-01 21:25 <REP> d-------- C:\Program Files\Trend Micro
2008-04-26 19:33 . 2008-04-26 19:33 <REP> d-------- C:\Temp\zvebs14
2008-04-26 17:35 . 2008-04-26 17:35 <REP> d-------- C:\Program Files\LimeWire
2008-04-26 17:35 . 2008-04-28 23:31 <REP> d-------- C:\Documents and Settings\Lagadec\Application Data\LimeWire
2008-04-26 17:33 . 2008-04-26 17:34 4,502,280 --a------ C:\Program Files\LimeWireWin.exe
2008-04-24 14:08 . 2008-04-26 19:30 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-24 14:08 . 2008-04-24 14:08 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-03 17:11 --------- d-s---w C:\Program Files\Fichiers communs\Teknum Systems
2008-05-03 15:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-28 15:44 --------- d-----w C:\Documents and Settings\MATHIEU\Application Data\Skype
2008-04-27 14:33 --------- d-----w C:\Program Files\HandyBits
2008-03-24 18:04 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-23 21:45 --------- d-----w C:\Program Files\MSN Messenger
2008-03-23 21:43 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-23 21:42 --------- d-----w C:\Program Files\Windows Live
2008-03-23 21:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-21 21:15 --------- d-----w C:\Program Files\orange
2008-03-21 21:13 --------- d-----w C:\Program Files\Wanadoo
2008-03-21 21:13 --------- d-----w C:\Program Files\Fichiers communs\France Telecom
2008-03-21 21:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-21 21:04 --------- d-----w C:\Program Files\SAGEM
2008-03-21 21:04 --------- d-----w C:\Documents and Settings\Lagadec\Application Data\InstallShield
2008-03-21 21:02 --------- d-----w C:\Program Files\Securitoo
2008-03-19 20:43 --------- d-----w C:\Program Files\Microsoft Games
2008-03-19 17:14 --------- d-----w C:\Program Files\Dofus
2008-03-08 12:54 --------- d-----w C:\Program Files\Java
2008-01-17 18:19 58,619,176 ----a-w C:\Program Files\iTunesSetup.exe
2007-11-23 19:26 706,008 ----a-w C:\Program Files\installer-1104-33-HandyBits-EasyCrypto-Deluxe-5-5-French.exe
2007-10-15 18:25 1,164,456 ----a-w C:\Program Files\install_flash_player.exe
2007-10-14 19:11 20,256,064 ----a-w C:\Program Files\QuickTimeInstaller.exe
2007-10-03 20:40 1,163,592 ----a-w C:\Program Files\flash-player_flash_player_9.0.60.120_version_firefox_opera_mozilla_francais_21292.exe
2006-11-11 18:27 5,711,904 ----a-w C:\Program Files\Firefox Setup 2.0.exe
2006-07-27 17:14 5,185,136 ----a-w C:\Program Files\Firefox Setup 1.5.0.5.exe
2006-02-04 12:43 5,239,328 ----a-w C:\Program Files\Firefox Setup 1.5.0.1.exe
2005-12-10 17:50 1,892,864 ----a-w C:\Program Files\ecSetup.exe
2005-12-10 17:10 5,240,608 ----a-w C:\Program Files\Firefox Setup 1.5.exe
2005-09-26 16:49 4,214,207 ----a-w C:\Documents and Settings\Lagadec\Scenarios-pack.exe
2005-04-12 16:53 1,147,380 ----a-w C:\Program Files\jean claude 1.exe
2005-04-12 16:49 22 ----a-w C:\Program Files\humour.net.zip
2005-04-08 16:34 245 ----a-w C:\Program Files\clip brice de nice.wvx
2005-04-04 16:45 410,969 ----a-w C:\Program Files\EnterTheMatrix_setup.zip
2004-11-10 19:49 17 ----a-w C:\Program Files\stinger.opt
2004-08-25 19:34 466,624 ----a-w C:\Program Files\GoogleToolbarInstaller.exe
2004-08-24 16:18 61,952 ----a-w C:\Program Files\AntiMabutu-EN.exe
2004-08-24 16:17 816,135 ----a-w C:\Program Files\stinger.exe
2004-08-24 16:11 77 ----a-w C:\Program Files\antivbsvirus.reg
2004-07-29 17:05 2,150,574 ----a-w C:\Program Files\aaw6181.exe
2004-07-29 16:47 350,817 ----a-w C:\Program Files\aaw-lang-pack.exe
2005-04-12 17:14 56 --sh--r C:\WINDOWS\system32\9B7A27A4BD.sys
.

((((((((((((((((((((((((((((( snapshot@2008-05-07_18.35.43.89 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-07 16:19:09 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-08 10:23:51 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 19:05 143360]
"AnumanLive"="C:\Documents and Settings\Lagadec\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe" [2007-11-06 20:27 347136]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-03 20:24 68856]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 20:19 57344]
"Update Service"="C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\Money Express.exe" [1999-08-04 01:00 127040]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ORAHSSSessionManager"="C:\Program Files\Orange\SessionManager\SessionManager.exe" [2007-09-25 20:10 102400]
"SystrayORAHSS"="C:\Program Files\Orange\Systray\SystrayApp.exe" [2007-09-25 21:08 94208]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-20 01:10 110592 C:\WINDOWS\system32\bthprops.cpl]
"PCSuiteTrayApplication"="C:\Documents and Settings\Morgane\Mes documents\Nokia PC Suite 6\LaunchApplication.exe" [ ]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-29 20:19 40960]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36 256576]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"ACTIVBOARD"="C:\Apps\ActivBoard\MMKeybd.exe" [2001-05-03 19:41 159744]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2005-03-31 16:32 53248]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2005-03-31 16:32 135168]
"NAV Agent"="C:\PROGRA~1\NORTON~1\navapw32.exe" [ ]
"NvCplDaemon"="NvQTwk" []
"POINTER"="point32.exe" []
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [ ]
"YeppStudioAgent"="C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe" [2005-09-12 14:21 40960]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-05-05 21:44 262401]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Documents and Settings\Morgane\Mes documents\Nokia PC Suite 6\PcSync2.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"C:\\Program Files\\EA GAMES\\MOHDA\\MOHAA.exe"=
"C:\\APPS\\PHOTOS\\Setup.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2000-10-03 16:18]
R2 nhksrv;Netropa NHK Server;C:\Apps\ActivBoard\nhksrv.exe [2000-09-13 17:18]
R3 CVIAAUD;NEC VIA 3D Environmental Audio;C:\WINDOWS\system32\drivers\cviaaud.sys [2001-09-20 12:33]
R3 CVIAHALA;CVIAHALA;C:\WINDOWS\system32\drivers\cviahal.sys [2001-09-20 12:36]
S3 gel90xne;gel90xne;C:\DOCUME~1\Lagadec\LOCALS~1\Temp\gel90xne.sys []
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2005-04-21 07:33]
S3 V90drv;v90drv;C:\WINDOWS\system32\DRIVERS\v90drv.sys [2001-09-30 19:05]
S3 WLAN_USB; Wireless LAN USB Driver;C:\WINDOWS\system32\DRIVERS\wlanUSB.sys []

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-08 12:29:37
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\[u]0/u\FTRTSVC.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\orange\Launcher\Launcher.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\[u]0/u\AlertModule.exe
C:\APPS\ActivBoard\Traymon.exe
C:\APPS\ActivBoard\osd.exe
C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10IC2.EXE
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\orange\Deskboard\Deskboard.exe
C:\Program Files\orange\Connectivity\ConnectivityManager.exe
C:\Program Files\orange\Connectivity\corecom\CoreCom.exe
C:\Program Files\orange\Connectivity\corecom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\[u]0/u\FTCOMModule.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-08 12:40:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-08 10:40:16
ComboFix2.txt 2008-05-07 23:16:02
ComboFix3.txt 2008-05-07 16:36:13

Pre-Run: 14,203,609,088 octets libres
Post-Run: 14,187,544,576 octets libres

208 --- E O F --- 2008-04-09 21:49:08


voili voilou
0
Réponse 29 / 33
ep44 Messages postés 7432 Statut Contributeur 3
 
fait un scan en ligne

avec bitdefender et colle le rapport

https://www.bitdefender.com/toolbox/

Scan à faire sous Internet Explorer

un tuto
http://pageperso.aol.fr/rginformatique/mapage/defender.htm

ensuite un nouveau rapport hijack stp
@+
0
kesseksa
 
re
alors voilà le rapport hijack suite à scan bitdefender

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:41:51, on 08/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Apps\ActivBoard\MMKeybd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Documents and Settings\Lagadec\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Orange\Deskboard\deskboard.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Lagadec\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Documents and Settings\Morgane\Mes documents\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AnumanLive] C:\Documents and Settings\Lagadec\Application Data\Anuman Interactive\AnumanLive\AnumanLive.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Documents and Settings\Morgane\Mes documents\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Documents and Settings\Morgane\Mes documents\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ?
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=https://www.orange.fr/portail
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://images.goa.com/v3/InstallGoaIT/Itpp/V2,0,1,6/npwwg.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://11731.kit.carpediem.fr/FanParis.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FD40EC41-D860-4579-8BA4-52671A45C71C} (AxHtChat Class) - http://images.goa.com/v3/InstallGoaIT/ChatAx/V4,0,5,4/npaxchat.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
0
Réponse 30 / 33
ep44 Messages postés 7432 Statut Contributeur 3
 
accepte la modif

ensuite relance hijack et coche ceci

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://11731.kit.carpediem.fr/FanParis.exe
O16 - DPF: {FD40EC41-D860-4579-8BA4-52671A45C71C} (AxHtChat Class) - http://images.goa.com/v3/InstallGoaIT/ChatAx/V4,0,5,4/npaxchat.cab
ensuite clique sur fix checked

redémarre ton pc et dit moi si tu as encore des soucis
@+
0
kesseksa
 
J'ai fait la manip'
redémarrage Ok

Pour l'instant tout à l'air normal !

Alors là moi je dis : Chapeau - T'es le plus fort

Grandement Merci - pour ta compétence - ta patience

Sympa

pour les logiciels téléchargés , je peux en garder certains, utiles pour des "nettoyages" de temps en temps ?

CCleaner ?
Malwarebytes ?

(que je pourrais utiliser sans danger ... sans faire de bêtises)

(les combofix, virtumundo, vundofix, OTMoveIt, ATF-cleaner, dss, OAD, mbam, navilog1 ... je pense que je peux les vire non ? )

merci encore
Kesseksa
0
Réponse 31 / 33
ep44 Messages postés 7432 Statut Contributeur 3
 
content que ton pc tourne bien

pour malewarebytes et CCleaner oui garde les sur ton pc

pour le reste

Ferme toutes les applications en cours, puis télécharge ToolsCleaner2 sur ton Bureau.
http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe

Double clique sur ToolsCleaner2.exe >
puis Recherche
et sur Suppression
Note : ton bureau va disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante :

CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

Tape explorer.exe et valide. Cela fera re-apparaître le Bureau

ensuite

ensuite fait ceci (IMPORTANT)

=démarrer
=panneau de configuration
=système
=onglet Restauration système
=coche la case (Désactiver la restauration système)
=redémarre l'ordinateur
=réactive la ensuite

Dénonce ton infection pour faire condamner les auteurs

Vous avez été victime d'une infection, et vous avez été aidé par un site comme CommentCaMarche.net ou autre pour vous faire désinfecter, alors ce paragraphe s'adresse à vous !

Nous vous invitons à créer un message pour faire avancer les choses sur le site Malware-Complaints, plus vous serez nombreux à dénoncer votre infection, et plus nous aurons de chance de voir les choses bouger !

* Voir les règles du forum
* Après s'être enregistré à l'aide du bouton en haut se nommant Register, choisissez votre situation :
**Si vous avez plus de 13 ans, choisir : "I Agree to these terms and am over or exactly 13 years of age"
**Si vous avez moins, clique sur : "I Agree to these terms and am under 13 years of age"
*Vous avez alors sous forme de liste un sujet par type d'infection (Look2Me, Smitfraud, SpywareQuake etc..), il vous suffit d'ajouter votre voix !
*Si le malware dont vous avez été victime n'apparait pas dans la liste, ou si vous ne savez pas par quoi vous avez été infecté(e), créez un message dans le sujet Autres infections conforme aux règles du forum (âge, ville, département etc..)
*Indiquez aussi le nom du Forum qui vous a aidé à vous désinfecter
0
kesseksa
 
Ok, tout roule

Merci encore
0
Réponse 32 / 33
ep44 Messages postés 7432 Statut Contributeur 3
 
bye ;-)
0
Réponse 33 / 33
ep44 Messages postés 7432 Statut Contributeur 3
 
--
C’est généralement lorsque le disque dur plante qu’on se rend compte qu’on a oublié de le sauvegarder.
0

Discussions similaires

Problème avec "PUADIManager:Win32/OfferCore
Knaki -
bazfile -

3 réponses
PUADlManager:Win32/OfferCore
tenmalade -
tenmalade -

2 réponses
win32:malware-gen bloqué par avast
ikkual -
Utilisateur anonyme -

69 réponses
PUABundler:Win32/CandyOpen : dangereux ?
joubine -
bazfile -

2 réponses
Pb Windows 7, .EXE n'est pas app win32 valide
Witeric -
Lio -

15 réponses