Gros virus sur mon bureau (GIF)

Résolu
wizzone Messages postés 17 Statut Membre -  
 metin2 -
Bonjour,depuis quelques temps un virus a infecté mon ordi.Il c'est installé sur mon bureau en fond ecran et a pris la forme d'un gros GIF
qui change tous les jours.Sur ce GIF plein de petits "clik!" sont affichés (je n'ais pas cliqué dessu).Mais ce n'est pas tout!
les commandes pour changer mon fond ecran sont grisées et je ne peut pas y toucher.Je vais donc prendre une image quelconque et je fais "definir en tant que papier paint du bureau" mais rien n'y fait cet enorme GIF qui pompe un max de ram reste la.Je voudrais savoir si quelq'un a deja été confronté a se probleme et si il peut m'aider.
A voir également:

29 réponses

  • 1
  • 2
Réponse 1 / 29
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
salut,
Télécharges et instales le logiciel HijackThis :

ftp://ftp.commentcamarche.com/download/HJTInstall.exe

1-Cliker sur le setup pour lancer l'instale . Laisses toi guider et instales le à l'endroit par défaut ( C\: programme file \ ) .
A la fin tu doit avoir un raccouci sur ton bureau et aussi un cheminement comme : "C:\ programme file\Trend Micro\HijackThis\HijackThis.exe " .

Important :
Renommer le prg HijackThis :
Rends toi sur ton PC ici "C:\ programme file\Trend Micro\HijackThis\HijackThis.exe"<---clik droit sur ce dernier et choisis "renommer" : tapes monjack et valide .

tuto pour l’utiliser
regarde ici c'est parfaitement expliqué en images
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

2-!!Déconnectes toi et fermes toute tes applications en cours !!

Double clik sur le raccourci du bureau,
Fais un scan monjack (ou HijackThis renommé) et postes le rapport générer pour analyse ...
2
Réponse 2 / 29
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
Télécharges SmitfraudFix (de S!Ri, balltrap34 et moe31 ) :
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

!!Déconnectes toi,fermes toute tes applications et désactives tes défences ( anti-virus ,anti-spyware,...) le temps de la manipe !!

Installes le soft à la racine de C\ ( et pas ailleur! --->"C\:SmitfraudFix.exe" ) : double clique sur l'.exe pour le décompresser et lancer le fix.

Utilisation ----> option 1 - Recherche :
Double clique sur smitfraudfix.cmd Sélectionne 1 pour créer un rapport des fichiers responsables de l'infection.

Postes le rapport ( rapport.txt qui se trouve sous C\: ) et attends la suite .

(Attention : process.exe est détecté par certains antivirus comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité.)

1
Réponse 3 / 29
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
Suite de la manipe ( nettoyage ), fait exactement ce qui suit :

* Redémarrer l'ordinateur en mode sans échec .
Comment aller en Mode sans échec
1) Redémarre ton ordi
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisis la première option : Sans Échec, et valide avec "Entrée"
5) Choisis ton compte habituel, et non Administrateur (si besoin ... )

*Double click sur SmitfraudFix.exe

* Sélectionner 2 et presser Entrée dans le menu pour supprimer les fichiers responsables de l'infection.

* A la question: Voulez-vous nettoyer le registre ? répondre O (oui) et presser Entrée afin de débloquer
le fond d'écran et supprimer les clés de registre de l'infection.

* Le correctif déterminera si le fichier wininet.dll est infecté.

* A la question: "Corriger le fichier infecté ?" répondre O (oui) et presser Entrée
pour remplacer le fichier corrompu.

* Un redemarrage sera peut être nécessaire pour terminer la procedure de nettoyage.

Le rapport se trouve à la racine de C\:
(dans le fichier rapport.txt)

postes moi ce dernier rapport accompagné d'un nouveau rapport hijackthis dans ton prochain message et attends les instructions ...

ps : n'oublis pas , en mode sans échec , pas de connexion ! Donc copies ou imprimes bien les info ci-dessus :)
1
Réponse 4 / 29
wizzone Messages postés 17 Statut Membre
 
Merci a toi d'avoir répondu aussi vite,voici mon rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:52:25, on 31/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\system32\hdsp32.exe
C:\WINDOWS\system32\hdspmix.exe
C:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe
C:\WINDOWS\system32\fireface.exe
C:\WINDOWS\system32\firefacemix.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Razer\Krait\razerhid.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\program files\ncsoft\launcher\NCLauncher.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Razer\Krait\razertra.exe
C:\Program Files\Razer\Krait\razerofa.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\update.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\Monjack.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.0.3
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: (no name) - {58579e04-8cef-4e26-9807-81cae5d9df88} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9430CB26-6363-4C44-958D-CC788E00A04C} - C:\Program Files\Internet Explorer\povezC:\DOCUME~1\Tristan\LOCALS~1\Temp\mst455101.exe.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {C32FBD0A-B9EE-49E5-9C38-3BA75119069D} - C:\WINDOWS\system32\awtst.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [HDSPTray1] hdsp32.exe
O4 - HKLM\..\Run: [HDSPTray2] hdspmix.exe
O4 - HKLM\..\Run: [FIREBOX] C:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe
O4 - HKLM\..\Run: [FirefaceTray] fireface.exe
O4 - HKLM\..\Run: [FirefaceMixTray] firefacemix.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Krait] C:\Program Files\Razer\Krait\razerhid.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PlayNC Launcher] C:\program files\ncsoft\launcher\NCLauncher.exe /Minimized
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.european.fr
O15 - Trusted Zone: http://forum.telecharger.01net.com/forum/
O15 - Trusted Zone: https://www.01net.com/
O15 - Trusted Zone: https://www.adobe.com/
O15 - Trusted Zone: https://www.amazon.fr/
O15 - Trusted Zone: https://www.anarchy-online.com/
O15 - Trusted Zone: http://support.ati.com
O15 - Trusted Zone: https://www.avast.com/fr-fr/index
O15 - Trusted Zone: http://dl1.avgate.net
O15 - Trusted Zone: http://www.blacktears.fr.tp
O15 - Trusted Zone: http://new-synapse.board.tc
O15 - Trusted Zone: http://*.boodinet.fr
O15 - Trusted Zone: http://*.chickentofight.com
O15 - Trusted Zone: https://www.clubic.com/
O15 - Trusted Zone: https://www.commentcamarche.net/
O15 - Trusted Zone: http://www.dicodunet.com
O15 - Trusted Zone: http://www.dungeonrunners.com
O15 - Trusted Zone: http://www.fnac.fr
O15 - Trusted Zone: http://freetopia.free.fr
O15 - Trusted Zone: http://www.gamegoods.fr
O15 - Trusted Zone: https://www.gameim.com/
O15 - Trusted Zone: https://www.gamekult.com/
O15 - Trusted Zone: https://www.generation-nt.com/
O15 - Trusted Zone: http://www.goldsoon.com
O15 - Trusted Zone: https://translate.google.fr/
O15 - Trusted Zone: https://www.google.fr/?gws_rd=ssl
O15 - Trusted Zone: http://katuzi.gotdns.com
O15 - Trusted Zone: http://www.katuzi.gotdns.com
O15 - Trusted Zone: https://www.guildwars.com/en/
O15 - Trusted Zone: http://www.guildwars4gold.fr
O15 - Trusted Zone: https://www.habbo.fr/
O15 - Trusted Zone: http://www.hot-tv.com
O15 - Trusted Zone: https://www.jeux.fr/
O15 - Trusted Zone: https://www.jeuxvideo.com/
O15 - Trusted Zone: http://www.jeuxvideo.fr/video/
O15 - Trusted Zone: http://www.jeuxvideopc.com
O15 - Trusted Zone: https://worldofwarcraft.judgehype.com/
O15 - Trusted Zone: http://www.lagarde-guild.com
O15 - Trusted Zone: https://www.adaware.com/fr
O15 - Trusted Zone: https://www.luna-atra.fr
O15 - Trusted Zone: https://www.ubisoft.com/fr-fr/game/might-and-magic/era-of-chaos
O15 - Trusted Zone: http://*.millenium-serveur.fr
O15 - Trusted Zone: http://www.narutoxtra.com
O15 - Trusted Zone: http://worldofbattles.no-ip.biz
O15 - Trusted Zone: http://synapse-wow.no-ip.org
O15 - Trusted Zone: http://thetoxicworld.no-ip.org
O15 - Trusted Zone: https://us.norton.com/
O15 - Trusted Zone: http://monmatou.playmoa.com/
O15 - Trusted Zone: http://eu.plaync.com
O15 - Trusted Zone: http://fr.support.plaync.com
O15 - Trusted Zone: http://www.rezurection.org
O15 - Trusted Zone: http://www.selexium.fr
O15 - Trusted Zone: http://lune-sanglante.servegame.com
O15 - Trusted Zone: https://www.skyrock.com/
O15 - Trusted Zone: https://store.steampowered.com/
O15 - Trusted Zone: https://store.steampowered.com/
O15 - Trusted Zone: http://ftp01net.telechargement.fr
O15 - Trusted Zone: https://www.ubisoft.com/fr-fr/
O15 - Trusted Zone: https://univers-oblivion.com/
O15 - Trusted Zone: http://www.uzinagaz.com
O15 - Trusted Zone: https://www.valvesoftware.com/en/
O15 - Trusted Zone: http://*.w-w-w-dot-com.com
O15 - Trusted Zone: https://world-of-the-night.webrpg.info/index.php
O15 - Trusted Zone: https://www.microsoft.com/fr-fr
O15 - Trusted Zone: https://worldofwarcraft.com/en-gb/
O15 - Trusted Zone: https://worldofwarcraft.com/en-gb/
O15 - Trusted Zone: https://the-new-wow.xooit.com/index.php
O15 - Trusted Zone: http://hell.xooit.eu
O15 - Trusted Zone: http://thetoxicworld.xooit.fr
O15 - Trusted Zone: https://www.youtube.com/
O15 - Trusted IP range: http://91.121.122.177
O15 - Trusted IP range: http://91.121.114.161
O15 - Trusted IP range: http://192.168.0.8
O15 - Trusted IP range: http://209.85.135.104
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: ljjkife - ljjkife.dll (file missing)
O20 - Winlogon Notify: szabczuh - szabczuh.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 29
wizzone Messages postés 17 Statut Membre
 
Voila le 2eme rapport:


SmitFraudFix v2.323

Rapport fait à 10:39:08,95, 31/05/2008
Executé à partir de C:\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\system32\hdsp32.exe
C:\WINDOWS\system32\hdspmix.exe
C:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe
C:\WINDOWS\system32\fireface.exe
C:\WINDOWS\system32\firefacemix.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Razer\Krait\razerhid.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\program files\ncsoft\launcher\NCLauncher.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Razer\Krait\razertra.exe
C:\Program Files\Razer\Krait\razerofa.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\update.exe
C:\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Tristan


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Tristan\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Tristan\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 80.10.246.1
DNS Server Search Order: 81.253.149.2

HKLM\SYSTEM\CCS\Services\Tcpip\..\{7471D53E-E26B-4869-894F-191233751FBA}: DhcpNameServer=80.10.246.1 81.253.149.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7471D53E-E26B-4869-894F-191233751FBA}: DhcpNameServer=80.10.246.1 81.253.149.2
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7471D53E-E26B-4869-894F-191233751FBA}: DhcpNameServer=80.10.246.1 81.253.149.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=80.10.246.1 81.253.149.2
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=80.10.246.1 81.253.149.2
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=80.10.246.1 81.253.149.2


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 6 / 29
wizzone Messages postés 17 Statut Membre
 
Merci beaucoup ca fait plaisir ma je n'arriver toujours pas a changer mon fond ecran je ne peut changer que la couleur est-ce normal?


Sinon voici les 2 rapports:

N°1(smitfraud)


SmitFraudFix v2.323

Rapport fait à 10:55:53,67, 31/05/2008
Executé à partir de C:\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{7471D53E-E26B-4869-894F-191233751FBA}: DhcpNameServer=80.10.246.1 81.253.149.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7471D53E-E26B-4869-894F-191233751FBA}: DhcpNameServer=80.10.246.1 81.253.149.2
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7471D53E-E26B-4869-894F-191233751FBA}: DhcpNameServer=80.10.246.1 81.253.149.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=80.10.246.1 81.253.149.2
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=80.10.246.1 81.253.149.2
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=80.10.246.1 81.253.149.2


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

N°2(Hjacksthis)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:38, on 31/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\system32\hdsp32.exe
C:\WINDOWS\system32\hdspmix.exe
C:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe
C:\WINDOWS\system32\fireface.exe
C:\WINDOWS\system32\firefacemix.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Razer\Krait\razerhid.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\program files\ncsoft\launcher\NCLauncher.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Razer\Krait\razertra.exe
C:\Program Files\Razer\Krait\razerofa.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\Monjack.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.0.3
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: (no name) - {58579e04-8cef-4e26-9807-81cae5d9df88} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9430CB26-6363-4C44-958D-CC788E00A04C} - C:\Program Files\Internet Explorer\povezC:\DOCUME~1\Tristan\LOCALS~1\Temp\mst455101.exe.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {C32FBD0A-B9EE-49E5-9C38-3BA75119069D} - C:\WINDOWS\system32\awtst.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [HDSPTray1] hdsp32.exe
O4 - HKLM\..\Run: [HDSPTray2] hdspmix.exe
O4 - HKLM\..\Run: [FIREBOX] C:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe
O4 - HKLM\..\Run: [FirefaceTray] fireface.exe
O4 - HKLM\..\Run: [FirefaceMixTray] firefacemix.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Krait] C:\Program Files\Razer\Krait\razerhid.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PlayNC Launcher] C:\program files\ncsoft\launcher\NCLauncher.exe /Minimized
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.european.fr
O15 - Trusted Zone: http://forum.telecharger.01net.com/forum/
O15 - Trusted Zone: https://www.01net.com/
O15 - Trusted Zone: https://www.adobe.com/
O15 - Trusted Zone: https://www.amazon.fr/
O15 - Trusted Zone: https://www.anarchy-online.com/
O15 - Trusted Zone: http://support.ati.com
O15 - Trusted Zone: https://www.avast.com/fr-fr/index
O15 - Trusted Zone: http://dl1.avgate.net
O15 - Trusted Zone: http://www.blacktears.fr.tp
O15 - Trusted Zone: http://new-synapse.board.tc
O15 - Trusted Zone: http://*.boodinet.fr
O15 - Trusted Zone: http://*.chickentofight.com
O15 - Trusted Zone: https://www.clubic.com/
O15 - Trusted Zone: https://www.commentcamarche.net/
O15 - Trusted Zone: http://www.dicodunet.com
O15 - Trusted Zone: http://www.dungeonrunners.com
O15 - Trusted Zone: http://www.fnac.fr
O15 - Trusted Zone: http://freetopia.free.fr
O15 - Trusted Zone: http://www.gamegoods.fr
O15 - Trusted Zone: https://www.gameim.com/
O15 - Trusted Zone: https://www.gamekult.com/
O15 - Trusted Zone: https://www.generation-nt.com/
O15 - Trusted Zone: http://www.goldsoon.com
O15 - Trusted Zone: https://translate.google.fr/
O15 - Trusted Zone: https://www.google.fr/?gws_rd=ssl
O15 - Trusted Zone: http://katuzi.gotdns.com
O15 - Trusted Zone: http://www.katuzi.gotdns.com
O15 - Trusted Zone: https://www.guildwars.com/en/
O15 - Trusted Zone: http://www.guildwars4gold.fr
O15 - Trusted Zone: https://www.habbo.fr/
O15 - Trusted Zone: http://www.hot-tv.com
O15 - Trusted Zone: https://www.jeux.fr/
O15 - Trusted Zone: https://www.jeuxvideo.com/
O15 - Trusted Zone: http://www.jeuxvideo.fr/video/
O15 - Trusted Zone: http://www.jeuxvideopc.com
O15 - Trusted Zone: https://worldofwarcraft.judgehype.com/
O15 - Trusted Zone: http://www.lagarde-guild.com
O15 - Trusted Zone: https://www.adaware.com/fr
O15 - Trusted Zone: https://www.luna-atra.fr
O15 - Trusted Zone: https://www.ubisoft.com/fr-fr/game/might-and-magic/era-of-chaos
O15 - Trusted Zone: http://*.millenium-serveur.fr
O15 - Trusted Zone: http://www.narutoxtra.com
O15 - Trusted Zone: http://worldofbattles.no-ip.biz
O15 - Trusted Zone: http://synapse-wow.no-ip.org
O15 - Trusted Zone: http://thetoxicworld.no-ip.org
O15 - Trusted Zone: https://us.norton.com/
O15 - Trusted Zone: http://monmatou.playmoa.com/
O15 - Trusted Zone: http://eu.plaync.com
O15 - Trusted Zone: http://fr.support.plaync.com
O15 - Trusted Zone: http://www.rezurection.org
O15 - Trusted Zone: http://www.selexium.fr
O15 - Trusted Zone: http://lune-sanglante.servegame.com
O15 - Trusted Zone: https://www.skyrock.com/
O15 - Trusted Zone: https://store.steampowered.com/
O15 - Trusted Zone: https://store.steampowered.com/
O15 - Trusted Zone: http://ftp01net.telechargement.fr
O15 - Trusted Zone: https://www.ubisoft.com/fr-fr/
O15 - Trusted Zone: https://univers-oblivion.com/
O15 - Trusted Zone: http://www.uzinagaz.com
O15 - Trusted Zone: https://www.valvesoftware.com/en/
O15 - Trusted Zone: http://*.w-w-w-dot-com.com
O15 - Trusted Zone: https://world-of-the-night.webrpg.info/index.php
O15 - Trusted Zone: https://www.microsoft.com/fr-fr
O15 - Trusted Zone: https://worldofwarcraft.com/en-gb/
O15 - Trusted Zone: https://worldofwarcraft.com/en-gb/
O15 - Trusted Zone: https://the-new-wow.xooit.com/index.php
O15 - Trusted Zone: http://hell.xooit.eu
O15 - Trusted Zone: http://thetoxicworld.xooit.fr
O15 - Trusted Zone: https://www.youtube.com/
O15 - Trusted IP range: http://91.121.122.177
O15 - Trusted IP range: http://91.121.114.161
O15 - Trusted IP range: http://192.168.0.8
O15 - Trusted IP range: http://209.85.135.104
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: ljjkife - ljjkife.dll (file missing)
O20 - Winlogon Notify: szabczuh - szabczuh.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
0
Réponse 7 / 29
wizzone Messages postés 17 Statut Membre
 
J'ai oublié le + important ca a marché ^^
0
Réponse 8 / 29
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
avant de poursuivre : tu as 2 antivirus et c'est 1 de trop !!!
---> ralentissement du système,plantages et grosse faille de sécurité ...

Désinstales correctement avast avec ce-ci :
https://www.avast.com/fr-fr/uninstall-utility
Deconnectes toi .
---> tu désactives la protection résidente d'avast ,et tu lances le petit prg de désinstale .

prévient moi une foi cela fait ...
0
Réponse 9 / 29
wizzone Messages postés 17 Statut Membre
 
Voili avast est desinstaller peut m'aider afin que je puisse a nouveaux mettre des fonds d'ecran et que le menu ne soit plus grisé?
0
Réponse 10 / 29
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
... la forme d'un gros GIF il a disparu ?
0
Réponse 11 / 29
wizzone Messages postés 17 Statut Membre
 
Oui mais je ne peut toujour pas mettre de fond ecran
0
Réponse 12 / 29
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
tu es peut-être encore infecté ...

Fais ce-ci :
souligne>Télécharges MalwareByte's </souligne>:
ftp://ftp.commentcamarche.com/download/mbam-setup.exe

un tuto sympa : https://forum.pcastuces.com/sujet.asp?f=31&s=3

Instales le ( choisis bien "francais" ; ne modifies pas les parramètres d'instale ) et mets le à jour .

Puis redémarres en mode sans échec :
Comment aller en Mode sans échec
1) Redémarres ton ordi
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisis la première option : Sans Échec, et valide avec "Entrée"
5) Choisis ton compte habituel, et non Administrateur (si besoin ... )
(attention : pas de connexion possible en mode sans échec , donc copies ou imprimes bien la manipe pour éviter les erreur ...)

Lances Malwarebyte's .

Fais un scan dit "complet" ( sélectionnes bien tout tes disks avant le scan ) et supprimes tout ce qu'il peut trouver :
--->une fois le scan terminé , click sur "résultat" : puis vérifies que tous les ojbets infectés soient validés, puis click sur " supression " .

Redémarres ton PC ( mode normal ).

Postes le rapport sauvegardé après la supression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes) accompagné d'un nouvel hijackthis ( fait en mode normal celui-ci ) ...
0
Réponse 13 / 29
wizzone Messages postés 17 Statut Membre
 
OKI je fais ca tout de suite encore merci
0
Réponse 14 / 29
wizzone Messages postés 17 Statut Membre
 
J'ai été un peut long mais voici les 2 rapports malwarebytes m'a trouvé 72 fichiers infectés que j'ai detrui.

Rapport n°1:malwarebytes:

Malwarebytes' Anti-Malware 1.14
Version de la base de données: 807

13:13:34 31/05/2008
mbam-log-5-31-2008 (13-13-34).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 89857
Temps écoulé: 21 minute(s), 14 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 26
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 10
Fichier(s) infecté(s): 35

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\xInsIDE (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\xInsiDERexe (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Deskbar.exe (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dbar (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winvi (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\winvi (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\DBReg (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\kernelexe (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ugac (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ucookw (Rogue.Errclean) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Insider (Adware.DnsInsider) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.starsdoor.com (Backdoor.Bot) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\dbar (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\Cache (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\dsktp (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\temp (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\xInsIDE (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tristan\Application Data\Deskbar_{344879FB-19A6-4efa-9FE3-3FE4BB7728BB} (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tristan\Application Data\Deskbar_{344879FB-19A6-4efa-9FE3-3FE4BB7728BB}\Cache (Adware.SoftMate) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\Temporary\rapport.txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\dbar\basis.xml (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\channel.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\content.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\date.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\dbaruninst.exe (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\deskbar.crc (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\deskbar.inf (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\edit_rss.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\local.xml (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\nav1.bmp (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\nav2.bmp (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\new_alert.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\Thumbs.db (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\version.ini (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\dbar\version.txt (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\Uninst.exe (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\version.ini (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\dsktp\AC_RunActiveContent.js (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\dsktp\internetDetection.swf (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\dsktp\settings.sol (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons\bufferthis.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons\flashfunpages.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons\funnies.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons\funnyfunpages.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons\goodcleanvideos.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons\newfunpages.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons\positivethoughts.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons\removespyware.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\icons\thissiterocks.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Program Files\winvi\temp\version.ini (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tristan\Application Data\Deskbar_{344879FB-19A6-4efa-9FE3-3FE4BB7728BB}\local.xml (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tristan\Application Data\Deskbar_{344879FB-19A6-4efa-9FE3-3FE4BB7728BB}\log.txt (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tristan\Application Data\Deskbar_{344879FB-19A6-4efa-9FE3-3FE4BB7728BB}\version.ini (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.

Rapport n°2:hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:17:50, on 31/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\system32\hdsp32.exe
C:\WINDOWS\system32\hdspmix.exe
C:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe
C:\WINDOWS\system32\fireface.exe
C:\WINDOWS\system32\firefacemix.exe
C:\Program Files\Razer\Krait\razerhid.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\program files\ncsoft\launcher\NCLauncher.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Razer\Krait\razertra.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Razer\Krait\razerofa.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\Monjack.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.0.3
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: (no name) - {58579e04-8cef-4e26-9807-81cae5d9df88} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9430CB26-6363-4C44-958D-CC788E00A04C} - C:\Program Files\Internet Explorer\povezC:\DOCUME~1\Tristan\LOCALS~1\Temp\mst455101.exe.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {C32FBD0A-B9EE-49E5-9C38-3BA75119069D} - C:\WINDOWS\system32\awtst.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [HDSPTray1] hdsp32.exe
O4 - HKLM\..\Run: [HDSPTray2] hdspmix.exe
O4 - HKLM\..\Run: [FIREBOX] C:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe
O4 - HKLM\..\Run: [FirefaceTray] fireface.exe
O4 - HKLM\..\Run: [FirefaceMixTray] firefacemix.exe
O4 - HKLM\..\Run: [Krait] C:\Program Files\Razer\Krait\razerhid.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PlayNC Launcher] C:\program files\ncsoft\launcher\NCLauncher.exe /Minimized
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.european.fr
O15 - Trusted Zone: http://forum.telecharger.01net.com/forum/
O15 - Trusted Zone: https://www.01net.com/
O15 - Trusted Zone: https://www.adobe.com/
O15 - Trusted Zone: https://www.amazon.fr/
O15 - Trusted Zone: https://www.anarchy-online.com/
O15 - Trusted Zone: http://support.ati.com
O15 - Trusted Zone: https://www.avast.com/fr-fr/index
O15 - Trusted Zone: http://dl1.avgate.net
O15 - Trusted Zone: http://www.blacktears.fr.tp
O15 - Trusted Zone: http://new-synapse.board.tc
O15 - Trusted Zone: http://*.boodinet.fr
O15 - Trusted Zone: http://*.chickentofight.com
O15 - Trusted Zone: https://www.clubic.com/
O15 - Trusted Zone: https://www.commentcamarche.net/
O15 - Trusted Zone: http://www.dicodunet.com
O15 - Trusted Zone: http://www.dungeonrunners.com
O15 - Trusted Zone: http://www.fnac.fr
O15 - Trusted Zone: http://freetopia.free.fr
O15 - Trusted Zone: http://www.gamegoods.fr
O15 - Trusted Zone: https://www.gameim.com/
O15 - Trusted Zone: https://www.gamekult.com/
O15 - Trusted Zone: https://www.generation-nt.com/
O15 - Trusted Zone: http://www.goldsoon.com
O15 - Trusted Zone: https://translate.google.fr/
O15 - Trusted Zone: https://www.google.fr/?gws_rd=ssl
O15 - Trusted Zone: http://katuzi.gotdns.com
O15 - Trusted Zone: http://www.katuzi.gotdns.com
O15 - Trusted Zone: https://www.guildwars.com/en/
O15 - Trusted Zone: http://www.guildwars4gold.fr
O15 - Trusted Zone: https://www.habbo.fr/
O15 - Trusted Zone: http://www.hot-tv.com
O15 - Trusted Zone: https://www.jeux.fr/
O15 - Trusted Zone: https://www.jeuxvideo.com/
O15 - Trusted Zone: http://www.jeuxvideo.fr/video/
O15 - Trusted Zone: http://www.jeuxvideopc.com
O15 - Trusted Zone: https://worldofwarcraft.judgehype.com/
O15 - Trusted Zone: http://www.lagarde-guild.com
O15 - Trusted Zone: https://www.adaware.com/fr
O15 - Trusted Zone: https://www.luna-atra.fr
O15 - Trusted Zone: https://www.ubisoft.com/fr-fr/game/might-and-magic/era-of-chaos
O15 - Trusted Zone: http://*.millenium-serveur.fr
O15 - Trusted Zone: http://www.narutoxtra.com
O15 - Trusted Zone: http://worldofbattles.no-ip.biz
O15 - Trusted Zone: http://synapse-wow.no-ip.org
O15 - Trusted Zone: http://thetoxicworld.no-ip.org
O15 - Trusted Zone: https://us.norton.com/
O15 - Trusted Zone: http://monmatou.playmoa.com/
O15 - Trusted Zone: http://eu.plaync.com
O15 - Trusted Zone: http://fr.support.plaync.com
O15 - Trusted Zone: http://www.rezurection.org
O15 - Trusted Zone: http://www.selexium.fr
O15 - Trusted Zone: http://lune-sanglante.servegame.com
O15 - Trusted Zone: https://www.skyrock.com/
O15 - Trusted Zone: https://store.steampowered.com/
O15 - Trusted Zone: https://store.steampowered.com/
O15 - Trusted Zone: http://ftp01net.telechargement.fr
O15 - Trusted Zone: https://www.ubisoft.com/fr-fr/
O15 - Trusted Zone: https://univers-oblivion.com/
O15 - Trusted Zone: http://www.uzinagaz.com
O15 - Trusted Zone: https://www.valvesoftware.com/en/
O15 - Trusted Zone: http://*.w-w-w-dot-com.com
O15 - Trusted Zone: https://world-of-the-night.webrpg.info/index.php
O15 - Trusted Zone: https://www.microsoft.com/fr-fr
O15 - Trusted Zone: https://worldofwarcraft.com/en-gb/
O15 - Trusted Zone: https://worldofwarcraft.com/en-gb/
O15 - Trusted Zone: https://the-new-wow.xooit.com/index.php
O15 - Trusted Zone: http://hell.xooit.eu
O15 - Trusted Zone: http://thetoxicworld.xooit.fr
O15 - Trusted Zone: https://www.youtube.com/
O15 - Trusted IP range: http://91.121.122.177
O15 - Trusted IP range: http://91.121.114.161
O15 - Trusted IP range: http://192.168.0.8
O15 - Trusted IP range: http://209.85.135.104
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: ljjkife - ljjkife.dll (file missing)
O20 - Winlogon Notify: szabczuh - szabczuh.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
0
Réponse 15 / 29
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
bien Malwarebytes a fais un bon nettoyage ^^

on continue :
Téléchargez ceci (de gchris) : http://gchrisftp.free.fr/divers/Ad-Fix/Ad-Fix.zip

Dézippez-le sur votre bureau (clic droit -> extraire tout).

Important : vérifiez que vous êtes bien connecté à internet.

Dans le dossier créé, double-cliquez sur le fichier "Ad-Fix.bat" ou "Ad-fix"
Choisissez l'option 1.

Si vous avez un message de votre pare-feu qui vous demande si vous voulez autoriser le fichier URL2FILE.EXE à
se connecter à Internet ---> autorisez, c'est nécessaire à ad-fix pour vérifier la version.

Quand c'est finit (cela peut prendre plusieurs minutes), un rapport s'ouvre avec le bloc-notes.
Merci de faire un copier/coller ici du contenu du rapport (Ad-Fix.txt) .
0
Réponse 16 / 29
wizzone Messages postés 17 Statut Membre
 
Voila le rapport:



Ad-Fix v0.101e
by gchris


OPTION 1 (Scan) :

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Démarré à :

19:30:06,89 31/05/2008


Executé depuis :

C:\Documents and Settings\Tristan\Bureau\Ad-Fix\Ad-Fix


Os :

Microsoft Windows XP [version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Recherche de fichier manquant


»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Recherche de fichiers cachés (pas forcément mauvais)


Fichiers cachés à la racine du disque système :

BOOT.BAK
boot.ini
Bootfont.bin
IO.SYS
MSDOS.SYS
NTDETECT.COM
ntldr
pagefile.sys
sqmdata00.sqm
sqmdata01.sqm
sqmdata02.sqm
sqmdata03.sqm
sqmdata04.sqm
sqmdata05.sqm
sqmdata06.sqm
sqmdata07.sqm
sqmdata08.sqm
sqmdata09.sqm
sqmdata10.sqm
sqmdata11.sqm
sqmdata12.sqm
sqmdata13.sqm
sqmdata14.sqm
sqmdata15.sqm
sqmdata16.sqm
sqmdata17.sqm
sqmdata18.sqm
sqmdata19.sqm
sqmnoopt00.sqm
sqmnoopt01.sqm
sqmnoopt02.sqm
sqmnoopt03.sqm
sqmnoopt04.sqm
sqmnoopt05.sqm
sqmnoopt06.sqm
sqmnoopt07.sqm
sqmnoopt08.sqm
sqmnoopt09.sqm
sqmnoopt10.sqm
sqmnoopt11.sqm
sqmnoopt12.sqm
sqmnoopt13.sqm
sqmnoopt14.sqm
sqmnoopt15.sqm
sqmnoopt16.sqm
sqmnoopt17.sqm
sqmnoopt18.sqm
sqmnoopt19.sqm

Fichiers cachés dans le répertoire Windows :

WindowsShell.Manifest
winnt.bmp
winnt256.bmp

Fichiers cachés dans le répertoire System32 :

cdplayer.exe.manifest
cirwsple.ini
dxvdugqj.ini
gnibqhqe.ini
guajthst.ini
ikfywofi.ini
jalngbvo.ini
jatxfwso.ini
jmckenyx.ini
ldasclsm.ini
logonui.exe.manifest
mjbjqent.ini
ncpa.cpl.manifest
nwc.cpl.manifest
qilkyosl.ini
rkmpqton.ini
rrhnhssx.ini
sapi.cpl.manifest
szabczuh.dllbox
tmnlomjj.ini
tstwa.ini
tstwa.ini2
uejlxuqj.ini
ujxbnojp.ini
WindowsLogon.manifest
wuaucpl.cpl.manifest
xbadd.ini
xbadd.ini2
yoqnyqng.ini

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Analyse du registre


---------- USER AGENT -- POST PLATFORM

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SIMBAR={F00708E4-5D14-4454-84EB-85C6975A0E08}"=""

----------

---------- AppInit_DLLs

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

----------


Complete!

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Recherche de fichiers et dossiers


C:\WINDOWS\Downloaded Program Files\CONFLICT.? Détecté !
C:\WINDOWS\Downloaded Program Files\CONFLICT.?? Détecté !
C:\WINDOWS\unvise32qt.exe Détecté !

C:\Progra~1\WinPcap Détecté !



»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
0
Réponse 17 / 29
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
la suite :

Nettoyage Ad-fix :
Démarrer en mode sans échec :
Comment aller en Mode sans échec
1) Redémarres ton ordi
2) Tapotes la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisis la première option : Sans Échec, et valide avec "Entrée"
5) Choisis ton compte habituel, et non Administrateur (si besoin ... )
(attention : pas de connexion possible en mode sans échec , donc copies ou imprimes bien la manipe pour éviter les erreur ...)

--->Lancez de nouveau Ad-fix

Choisissez l'option 2
(Le bureau ou les icônes vont disparaître, c'est normal.)
Quand c'est terminé, pressez la touche "entrée" pour redémarrer l'ordinateur.

Copiez collez ici, le contenu du nouveau rapport générer (le sauvegarder de façon à le retrouver), accompagné d'un nouveau rapport hijackthis ( celui-ci fais en mode normal ) pour analyse ...
0
Réponse 18 / 29
wizzone Messages postés 17 Statut Membre
 
Voila les deux rapports



Ad-Fix v0.101e
by gchris


OPTION 2 (Fix) :

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Démarré à :

11:07:44,35 01/06/2008
en mode sans échec


Executé depuis :

C:\Documents and Settings\Tristan\Bureau\Ad-Fix\Ad-Fix


Os :

Microsoft Windows XP [version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Recherche de fichier manquant


»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Nettoyage du registre



»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Suppression des fichiers

C:\WINDOWS\unvise32qt.exe Supprimé !
C:\Progra~1\WinPcap Supprimé !
Echec suppression : C:\WINDOWS\Downloaded Program Files\CONFLICT.?
Echec suppression : C:\WINDOWS\Downloaded Program Files\CONFLICT.??

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Terminé à 11:15:16,50


Redémarrage effectué

C:\WINDOWS\Downloaded Program Files\CONFLICT.? Suppression au démarrage echouée !
C:\WINDOWS\Downloaded Program Files\CONFLICT.?? Suppression au démarrage echouée !



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:25, on 01/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\system32\hdsp32.exe
C:\WINDOWS\system32\hdspmix.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe
C:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe
C:\WINDOWS\system32\fireface.exe
C:\WINDOWS\system32\firefacemix.exe
C:\Program Files\Razer\Krait\razerhid.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\program files\ncsoft\launcher\NCLauncher.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Razer\Krait\razertra.exe
C:\Program Files\Razer\Krait\razerofa.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\Monjack.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.0.3
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: (no name) - {58579e04-8cef-4e26-9807-81cae5d9df88} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9430CB26-6363-4C44-958D-CC788E00A04C} - C:\Program Files\Internet Explorer\povezC:\DOCUME~1\Tristan\LOCALS~1\Temp\mst455101.exe.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {C32FBD0A-B9EE-49E5-9C38-3BA75119069D} - C:\WINDOWS\system32\awtst.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [HDSPTray1] hdsp32.exe
O4 - HKLM\..\Run: [HDSPTray2] hdspmix.exe
O4 - HKLM\..\Run: [FIREBOX] C:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe
O4 - HKLM\..\Run: [FirefaceTray] fireface.exe
O4 - HKLM\..\Run: [FirefaceMixTray] firefacemix.exe
O4 - HKLM\..\Run: [Krait] C:\Program Files\Razer\Krait\razerhid.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PlayNC Launcher] C:\program files\ncsoft\launcher\NCLauncher.exe /Minimized
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.european.fr
O15 - Trusted Zone: http://forum.telecharger.01net.com/forum/
O15 - Trusted Zone: https://www.01net.com/
O15 - Trusted Zone: https://www.adobe.com/
O15 - Trusted Zone: https://www.amazon.fr/
O15 - Trusted Zone: https://www.anarchy-online.com/
O15 - Trusted Zone: http://support.ati.com
O15 - Trusted Zone: https://www.avast.com/fr-fr/index
O15 - Trusted Zone: http://dl1.avgate.net
O15 - Trusted Zone: http://www.blacktears.fr.tp
O15 - Trusted Zone: http://new-synapse.board.tc
O15 - Trusted Zone: http://*.boodinet.fr
O15 - Trusted Zone: http://*.chickentofight.com
O15 - Trusted Zone: https://www.clubic.com/
O15 - Trusted Zone: https://www.commentcamarche.net/
O15 - Trusted Zone: http://www.dicodunet.com
O15 - Trusted Zone: http://www.dungeonrunners.com
O15 - Trusted Zone: https://www.ebay.fr/n/all-categories/?_rdc=1
O15 - Trusted Zone: http://jeux-video.fnac.com
O15 - Trusted Zone: http://www.fnac.fr
O15 - Trusted Zone: http://freetopia.free.fr
O15 - Trusted Zone: http://www.gamegoods.fr
O15 - Trusted Zone: https://www.gameim.com/
O15 - Trusted Zone: https://www.gamekult.com/
O15 - Trusted Zone: https://www.generation-nt.com/
O15 - Trusted Zone: http://www.goldsoon.com
O15 - Trusted Zone: https://translate.google.fr/
O15 - Trusted Zone: https://www.google.fr/?gws_rd=ssl
O15 - Trusted Zone: http://katuzi.gotdns.com
O15 - Trusted Zone: http://www.katuzi.gotdns.com
O15 - Trusted Zone: https://www.guildwars.com/en/
O15 - Trusted Zone: http://www.guildwars4gold.fr
O15 - Trusted Zone: https://www.habbo.fr/
O15 - Trusted Zone: http://www.hot-tv.com
O15 - Trusted Zone: https://www.jeux.fr/
O15 - Trusted Zone: https://www.jeuxvideo.com/
O15 - Trusted Zone: http://www.jeuxvideo.fr
O15 - Trusted Zone: http://www.jeuxvideo.fr/video/
O15 - Trusted Zone: http://www.jeuxvideopc.com
O15 - Trusted Zone: https://worldofwarcraft.judgehype.com/
O15 - Trusted Zone: http://www.lagarde-guild.com
O15 - Trusted Zone: https://www.adaware.com/fr
O15 - Trusted Zone: https://www.luna-atra.fr
O15 - Trusted Zone: https://www.ubisoft.com/fr-fr/game/might-and-magic/era-of-chaos
O15 - Trusted Zone: http://*.millenium-serveur.fr
O15 - Trusted Zone: http://www.narutoxtra.com
O15 - Trusted Zone: http://worldofbattles.no-ip.biz
O15 - Trusted Zone: http://synapse-wow.no-ip.org
O15 - Trusted Zone: http://thetoxicworld.no-ip.org
O15 - Trusted Zone: https://us.norton.com/
O15 - Trusted Zone: http://monmatou.playmoa.com/
O15 - Trusted Zone: http://eu.plaync.com
O15 - Trusted Zone: http://fr.support.plaync.com
O15 - Trusted Zone: http://www.rezurection.org
O15 - Trusted Zone: http://www.selexium.fr
O15 - Trusted Zone: http://lune-sanglante.servegame.com
O15 - Trusted Zone: https://www.skyrock.com/
O15 - Trusted Zone: https://store.steampowered.com/
O15 - Trusted Zone: https://store.steampowered.com/
O15 - Trusted Zone: http://ftp01net.telechargement.fr
O15 - Trusted Zone: https://www.ubisoft.com/fr-fr/
O15 - Trusted Zone: https://univers-oblivion.com/
O15 - Trusted Zone: http://www.uzinagaz.com
O15 - Trusted Zone: https://www.valvesoftware.com/en/
O15 - Trusted Zone: http://*.w-w-w-dot-com.com
O15 - Trusted Zone: https://world-of-the-night.webrpg.info/index.php
O15 - Trusted Zone: https://www.microsoft.com/fr-fr
O15 - Trusted Zone: https://worldofwarcraft.com/en-gb/
O15 - Trusted Zone: https://worldofwarcraft.com/en-gb/
O15 - Trusted Zone: https://the-new-wow.xooit.com/index.php
O15 - Trusted Zone: http://hell.xooit.eu
O15 - Trusted Zone: http://thetoxicworld.xooit.fr
O15 - Trusted Zone: https://www.youtube.com/
O15 - Trusted IP range: http://91.121.122.177
O15 - Trusted IP range: http://91.121.114.161
O15 - Trusted IP range: http://192.168.0.8
O15 - Trusted IP range: http://209.85.135.104
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: ljjkife - ljjkife.dll (file missing)
O20 - Winlogon Notify: szabczuh - szabczuh.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
0
Réponse 19 / 29
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
salut,

fais ce-ci :
Télécharges SDFix sur ton bureau :
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe.

--->Double clique sur SDFix.exe et choisis "Install" .

Puis une fois l'instale faite ,redémarre en mode sans échec .
Comment aller en Mode sans échec :
1) Redémarre ton ordi
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisis la première option : Sans Échec, et valide avec "Entrée"
5) Choisis ton compte habituel, et non Administrateur (si besoin ... )

Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd pour lancer le script.
--->Tape Y pour lancer le script.
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire , donc :
presses une touche pour redémarrer quand il te le sera demandé .

Le PC va mettre du temps avant de démarrer ( c'est normale ), après le chargement du Bureau presses une touche lorsque "Finished" s'affiche .

Le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier C:\SDFix sous le nom "Report.txt".
Postes ce dernier dans ta prochaine réponse accompagné d'un nouveau rapport Hijakcthis pour analyse ...
0
un passant mdr
 
j'ai eu le meme pb et jme suis pas fait ch**r a chercher, j'ai reformaté mon ordi mdr

le logiciel: tu l'as dl sur le site officiel du créateur ou par un distributeur bizarre que personne ne connait? (comme moi X) )




(ps:quand tu poste des rapports comme ceux la, pense a retirer les adresses web des sites pornos XÐ)
0
Réponse 20 / 29
wizzone Messages postés 17 Statut Membre
 
Voila les 2 rapports,merci a toi je peut de nouveau mettre un fond ecran je te remmercie beaucoup d'avoir pris tant de temps a m'aider merci vraiment c fait plaisir


[b]SDFix: Version 1.187 [/b]
Run by Tristan on 01/06/2008 at 11:48

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found




Folder C:\Documents and Settings\All Users\Application Data\SalesMon - Removed
Folder C:\Program Files\drmupgds - Removed
Folder C:\VirusEffaceur - Removed


Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-01 12:01:34
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"="C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe:*:Enabled:GunzLauncher"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\World of Warcraft\\WoW-2.3.0-frFR-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.3.0-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"="C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe:*:Enabled:Exteel"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"="C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe:*:Enabled:Exteel"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:

Wed 26 Oct 2005 212 A.SHR --- "C:\BOOT.BAK"
Thu 14 Feb 2008 20,670 ..SH. --- "C:\WINDOWS\system32\szabczuh.dllbox"
Fri 25 Jun 2004 12,431,945 A..H. --- "C:\Program Files\Bodom-Child - RaBBi\RGSS\Standard\Graphics.exe"
Mon 24 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0926b9470c9af53c207eadf0bf3934da\BIT58.tmp"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT11.tmp"
Mon 24 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\674feb019fefe92af9d3a2ceaaca6a30\BIT6C.tmp"
Mon 24 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b6b8211a5dc0636ae3d15bf626ce10d3\BIT3E.tmp"
Mon 24 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e2ee6701f2679c24dd339050a068b193\BIT60.tmp"
Mon 24 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7bd07c1089c2af7712a37e4bc06b52c1\download\BIT9F.tmp"
Mon 24 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d58f7a46215418e5cd2283eb289472c2\download\BIT98.tmp"
Sat 17 May 2008 214,016 A..H. --- "C:\Deckard\System Scanner\20080530201524\backup\DOCUME~1\Tristan\LOCALS~1\Temp\~12.tmp"
Mon 21 Apr 2008 211,968 A..H. --- "C:\Deckard\System Scanner\20080530201524\backup\DOCUME~1\Tristan\LOCALS~1\Temp\~13.tmp"
Wed 28 May 2008 214,016 A..H. --- "C:\Deckard\System Scanner\20080530201524\backup\DOCUME~1\Tristan\LOCALS~1\Temp\~14.tmp"
Wed 7 May 2008 214,016 A..H. --- "C:\Deckard\System Scanner\20080530201524\backup\DOCUME~1\Tristan\LOCALS~1\Temp\~16.tmp"
Fri 9 May 2008 214,016 A..H. --- "C:\Deckard\System Scanner\20080530201524\backup\DOCUME~1\Tristan\LOCALS~1\Temp\~1C.tmp"
Mon 26 May 2008 214,016 A..H. --- "C:\Deckard\System Scanner\20080530201524\backup\DOCUME~1\Tristan\LOCALS~1\Temp\~1E.tmp"
Wed 28 May 2008 214,016 A..H. --- "C:\Deckard\System Scanner\20080530201524\backup\DOCUME~1\Tristan\LOCALS~1\Temp\~1F.tmp"
Fri 30 May 2008 214,016 A..H. --- "C:\Deckard\System Scanner\20080530201524\backup\DOCUME~1\Tristan\LOCALS~1\Temp\~20F.tmp"
Wed 14 May 2008 214,016 A..H. --- "C:\Deckard\System Scanner\20080530201524\backup\DOCUME~1\Tristan\LOCALS~1\Temp\~F.tmp"

[b]Finished![/b]



[b]SDFix: Version 1.187 [/b]
Run by Tristan on 01/06/2008 at 11:48

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found




Folder C:\Documents and Settings\All Users\Application Data\SalesMon - Removed
Folder C:\Program Files\drmupgds - Removed
Folder C:\VirusEffaceur - Removed


Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-01 12:01:34
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"="C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe:*:Enabled:GunzLauncher"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\World of Warcraft\\WoW-2.3.0-frFR-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.3.0-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"="C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe:*:Enabled:Exteel"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"="C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe:*:Enabled:Exteel"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:

Wed 26 Oct 2005 212 A.SHR --- "C:\BOOT.BAK"
Thu 14 Feb 2008 20,670 ..SH. --- "C:\WINDOWS\system32\szabczuh.dllbox"
Fri 25 Jun 2004 12,431,945 A..H. --- "C:\Program Files\Bodom-Child - RaBBi\RGSS\Standard\Graphics.exe"
Mon 24 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0926b9470c9af53c207eadf0bf3934da\BIT58.tmp"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT11.tmp"
Mon 24 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\674feb019fefe92af9d3a2ceaaca6a30\BIT6C.tmp"
Mon 24 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b6b8211a5dc0636ae3d15bf626ce10d3\BIT3E.tmp"
Mon 24 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e2ee6701f2679c24dd339050a068b193\BIT60.tmp"
Mon 24 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7bd07c1089c2af7712a37e4bc06b52c1\download\BIT9F.tmp"
Mon 24 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d58f7a46215418e5cd2283eb289472c2\download\BIT98.tmp"
Sat 17 May 2008 214,016 A..H. --- "C:\Deckard\System Scanner\20080530201524\backup\DOCUME~1\Tristan\LOCALS~1\Temp\~12.tmp"
Mon 21 Apr 2008 211,968 A..H. --- "C:\Deckard\System Scanner\20080530201524\backup\DOCUME~1\Tristan\LOCALS~1\Temp\~13.tmp"
Wed 28 May 2008 214,016 A..H. --- "C:\Deckard\System Scanner\20080530201524\backup\DOCUME~1\Tristan\LOCALS~1\Temp\~14.tmp"
Wed 7 May 2008 214,016 A..H. --- "C:\Deckard\System Scanner\20080530201524\backup\DOCUME~1\Tristan\LOCALS~1\Temp\~16.tmp"
Fri 9 May 2008 214,016 A..H. --- "C:\Deckard\System Scanner\20080530201524\backup\DOCUME~1\Tristan\LOCALS~1\Temp\~1C.tmp"
Mon 26 May 2008 214,016 A..H. --- "C:\Deckard\System Scanner\20080530201524\backup\DOCUME~1\Tristan\LOCALS~1\Temp\~1E.tmp"
Wed 28 May 2008 214,016 A..H. --- "C:\Deckard\System Scanner\20080530201524\backup\DOCUME~1\Tristan\LOCALS~1\Temp\~1F.tmp"
Fri 30 May 2008 214,016 A..H. --- "C:\Deckard\System Scanner\20080530201524\backup\DOCUME~1\Tristan\LOCALS~1\Temp\~20F.tmp"
Wed 14 May 2008 214,016 A..H. --- "C:\Deckard\System Scanner\20080530201524\backup\DOCUME~1\Tristan\LOCALS~1\Temp\~F.tmp"

[b]Finished![/b]
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Gif Instagram ne marche pas par messages
OceaneBD64 -
madmyke -

1 réponse
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Gif Instagram qui ne s'envoie pas
LemurienSincere18 -
jeannets -

1 réponse