Gros virus sur mon bureau (GIF)

Résolu
wizzone Messages postés 17 Date d'inscription   Statut Membre -  
 metin2 -
Bonjour,depuis quelques temps un virus a infecté mon ordi.Il c'est installé sur mon bureau en fond ecran et a pris la forme d'un gros GIF
qui change tous les jours.Sur ce GIF plein de petits "clik!" sont affichés (je n'ais pas cliqué dessu).Mais ce n'est pas tout!
les commandes pour changer mon fond ecran sont grisées et je ne peut pas y toucher.Je vais donc prendre une image quelconque et je fais "definir en tant que papier paint du bureau" mais rien n'y fait cet enorme GIF qui pompe un max de ram reste la.Je voudrais savoir si quelq'un a deja été confronté a se probleme et si il peut m'aider.
Configuration: Windows XP
Internet Explorer 7.0

29 réponses

  • 1
  • 2
  1. sKe69 Messages postés 21955 Statut Contributeur sécurité 463
     
    salut,
    Télécharges et instales le logiciel HijackThis :

    ftp://ftp.commentcamarche.com/download/HJTInstall.exe

    1-Cliker sur le setup pour lancer l'instale . Laisses toi guider et instales le à l'endroit par défaut ( C\: programme file \ ) .
    A la fin tu doit avoir un raccouci sur ton bureau et aussi un cheminement comme : "C:\ programme file\Trend Micro\HijackThis\HijackThis.exe " .

    Important :
    Renommer le prg HijackThis :
    Rends toi sur ton PC ici "C:\ programme file\Trend Micro\HijackThis\HijackThis.exe"<---clik droit sur ce dernier et choisis "renommer" : tapes monjack et valide .

    tuto pour l’utiliser
    regarde ici c'est parfaitement expliqué en images
    http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

    2-!!Déconnectes toi et fermes toute tes applications en cours !!

    Double clik sur le raccourci du bureau,
    Fais un scan monjack (ou HijackThis renommé) et postes le rapport générer pour analyse ...
    2
  2. sKe69 Messages postés 21955 Statut Contributeur sécurité 463
     
    Télécharges SmitfraudFix (de S!Ri, balltrap34 et moe31 ) :
    http://siri.urz.free.fr/Fix/SmitfraudFix.exe

    !!Déconnectes toi,fermes toute tes applications et désactives tes défences ( anti-virus ,anti-spyware,...) le temps de la manipe !!

    Installes le soft à la racine de C\ ( et pas ailleur! --->"C\:SmitfraudFix.exe" ) : double clique sur l'.exe pour le décompresser et lancer le fix.

    Utilisation ----> option 1 - Recherche :
    Double clique sur smitfraudfix.cmd Sélectionne 1 pour créer un rapport des fichiers responsables de l'infection.

    Postes le rapport ( rapport.txt qui se trouve sous C\: ) et attends la suite .

    (Attention : process.exe est détecté par certains antivirus comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité.)

    1
  3. sKe69 Messages postés 21955 Statut Contributeur sécurité 463
     
    Suite de la manipe ( nettoyage ), fait exactement ce qui suit :

    * Redémarrer l'ordinateur en mode sans échec .
    Comment aller en Mode sans échec
    1) Redémarre ton ordi
    2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
    3) Tu verras un écran avec options de démarrage apparaître
    4) Choisis la première option : Sans Échec, et valide avec "Entrée"
    5) Choisis ton compte habituel, et non Administrateur (si besoin ... )

    *Double click sur SmitfraudFix.exe

    * Sélectionner 2 et presser Entrée dans le menu pour supprimer les fichiers responsables de l'infection.

    * A la question: Voulez-vous nettoyer le registre ? répondre O (oui) et presser Entrée afin de débloquer
    le fond d'écran et supprimer les clés de registre de l'infection.

    * Le correctif déterminera si le fichier wininet.dll est infecté.

    * A la question: "Corriger le fichier infecté ?" répondre O (oui) et presser Entrée
    pour remplacer le fichier corrompu.

    * Un redemarrage sera peut être nécessaire pour terminer la procedure de nettoyage.

    Le rapport se trouve à la racine de C\:
    (dans le fichier rapport.txt)

    postes moi ce dernier rapport accompagné d'un nouveau rapport hijackthis dans ton prochain message et attends les instructions ...

    ps : n'oublis pas , en mode sans échec , pas de connexion ! Donc copies ou imprimes bien les info ci-dessus :)
    1
  4. wizzone Messages postés 17 Date d'inscription   Statut Membre
     
    Merci a toi d'avoir répondu aussi vite,voici mon rapport:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 09:52:25, on 31/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\WINDOWS\system32\hdsp32.exe
    C:\WINDOWS\system32\hdspmix.exe
    C:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe
    C:\WINDOWS\system32\fireface.exe
    C:\WINDOWS\system32\firefacemix.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Razer\Krait\razerhid.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Valve\Steam\Steam.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\program files\ncsoft\launcher\NCLauncher.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\Razer\Krait\razertra.exe
    C:\Program Files\Razer\Krait\razerofa.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Spyware Doctor\update.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\Monjack.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60076
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.0.3
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
    O2 - BHO: (no name) - {58579e04-8cef-4e26-9807-81cae5d9df88} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {9430CB26-6363-4C44-958D-CC788E00A04C} - C:\Program Files\Internet Explorer\povezC:\DOCUME~1\Tristan\LOCALS~1\Temp\mst455101.exe.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {C32FBD0A-B9EE-49E5-9C38-3BA75119069D} - C:\WINDOWS\system32\awtst.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [HDSPTray1] hdsp32.exe
    O4 - HKLM\..\Run: [HDSPTray2] hdspmix.exe
    O4 - HKLM\..\Run: [FIREBOX] C:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe
    O4 - HKLM\..\Run: [FirefaceTray] fireface.exe
    O4 - HKLM\..\Run: [FirefaceMixTray] firefacemix.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Krait] C:\Program Files\Razer\Krait\razerhid.exe
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [PlayNC Launcher] C:\program files\ncsoft\launcher\NCLauncher.exe /Minimized
    O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O14 - IERESET.INF: START_PAGE_URL=http://www.european.fr
    O15 - Trusted Zone: http://forum.telecharger.01net.com/forum/
    O15 - Trusted Zone: https://www.01net.com/
    O15 - Trusted Zone: https://www.adobe.com/
    O15 - Trusted Zone: https://www.amazon.fr/
    O15 - Trusted Zone: https://www.anarchy-online.com/
    O15 - Trusted Zone: http://support.ati.com
    O15 - Trusted Zone: https://www.avast.com/fr-fr/index
    O15 - Trusted Zone: http://dl1.avgate.net
    O15 - Trusted Zone: http://www.blacktears.fr.tp
    O15 - Trusted Zone: http://new-synapse.board.tc
    O15 - Trusted Zone: http://*.boodinet.fr
    O15 - Trusted Zone: http://*.chickentofight.com
    O15 - Trusted Zone: https://www.clubic.com/
    O15 - Trusted Zone: https://www.commentcamarche.net/
    O15 - Trusted Zone: http://www.dicodunet.com
    O15 - Trusted Zone: http://www.dungeonrunners.com
    O15 - Trusted Zone: http://www.fnac.fr
    O15 - Trusted Zone: http://freetopia.free.fr
    O15 - Trusted Zone: http://www.gamegoods.fr
    O15 - Trusted Zone: https://www.gameim.com/
    O15 - Trusted Zone: https://www.gamekult.com/
    O15 - Trusted Zone: https://www.generation-nt.com/
    O15 - Trusted Zone: http://www.goldsoon.com
    O15 - Trusted Zone: https://translate.google.fr/
    O15 - Trusted Zone: https://www.google.fr/?gws_rd=ssl
    O15 - Trusted Zone: http://katuzi.gotdns.com
    O15 - Trusted Zone: http://www.katuzi.gotdns.com
    O15 - Trusted Zone: https://www.guildwars.com/en/
    O15 - Trusted Zone: http://www.guildwars4gold.fr
    O15 - Trusted Zone: https://www.habbo.fr/
    O15 - Trusted Zone: http://www.hot-tv.com
    O15 - Trusted Zone: https://www.jeux.fr/
    O15 - Trusted Zone: https://www.jeuxvideo.com/
    O15 - Trusted Zone: http://www.jeuxvideo.fr/video/
    O15 - Trusted Zone: http://www.jeuxvideopc.com
    O15 - Trusted Zone: https://worldofwarcraft.judgehype.com/
    O15 - Trusted Zone: http://www.lagarde-guild.com
    O15 - Trusted Zone: https://www.adaware.com/fr
    O15 - Trusted Zone: https://www.luna-atra.fr
    O15 - Trusted Zone: https://www.ubisoft.com/fr-fr/game/might-and-magic/era-of-chaos
    O15 - Trusted Zone: http://*.millenium-serveur.fr
    O15 - Trusted Zone: http://www.narutoxtra.com
    O15 - Trusted Zone: http://worldofbattles.no-ip.biz
    O15 - Trusted Zone: http://synapse-wow.no-ip.org
    O15 - Trusted Zone: http://thetoxicworld.no-ip.org
    O15 - Trusted Zone: https://us.norton.com/
    O15 - Trusted Zone: http://monmatou.playmoa.com/
    O15 - Trusted Zone: http://eu.plaync.com
    O15 - Trusted Zone: http://fr.support.plaync.com
    O15 - Trusted Zone: http://www.rezurection.org
    O15 - Trusted Zone: http://www.selexium.fr
    O15 - Trusted Zone: http://lune-sanglante.servegame.com
    O15 - Trusted Zone: https://www.skyrock.com/
    O15 - Trusted Zone: https://store.steampowered.com/
    O15 - Trusted Zone: https://store.steampowered.com/
    O15 - Trusted Zone: http://ftp01net.telechargement.fr
    O15 - Trusted Zone: https://www.ubisoft.com/fr-fr/
    O15 - Trusted Zone: https://univers-oblivion.com/
    O15 - Trusted Zone: http://www.uzinagaz.com
    O15 - Trusted Zone: https://www.valvesoftware.com/en/
    O15 - Trusted Zone: http://*.w-w-w-dot-com.com
    O15 - Trusted Zone: https://world-of-the-night.webrpg.info/index.php
    O15 - Trusted Zone: https://www.microsoft.com/fr-fr
    O15 - Trusted Zone: https://worldofwarcraft.com/en-gb/
    O15 - Trusted Zone: https://worldofwarcraft.com/en-gb/
    O15 - Trusted Zone: https://the-new-wow.xooit.com/index.php
    O15 - Trusted Zone: http://hell.xooit.eu
    O15 - Trusted Zone: http://thetoxicworld.xooit.fr
    O15 - Trusted Zone: https://www.youtube.com/
    O15 - Trusted IP range: http://91.121.122.177
    O15 - Trusted IP range: http://91.121.114.161
    O15 - Trusted IP range: http://192.168.0.8
    O15 - Trusted IP range: http://209.85.135.104
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O20 - Winlogon Notify: ljjkife - ljjkife.dll (file missing)
    O20 - Winlogon Notify: szabczuh - szabczuh.dll (file missing)
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. wizzone Messages postés 17 Date d'inscription   Statut Membre
     
    Voila le 2eme rapport:

    SmitFraudFix v2.323

    Rapport fait à 10:39:08,95, 31/05/2008
    Executé à partir de C:\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\WINDOWS\system32\hdsp32.exe
    C:\WINDOWS\system32\hdspmix.exe
    C:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe
    C:\WINDOWS\system32\fireface.exe
    C:\WINDOWS\system32\firefacemix.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Razer\Krait\razerhid.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Valve\Steam\Steam.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\program files\ncsoft\launcher\NCLauncher.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\Razer\Krait\razertra.exe
    C:\Program Files\Razer\Krait\razerofa.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Spyware Doctor\update.exe
    C:\SmitfraudFix\Policies.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Tristan

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Tristan\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Tristan\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Rustock

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 80.10.246.1
    DNS Server Search Order: 81.253.149.2

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{7471D53E-E26B-4869-894F-191233751FBA}: DhcpNameServer=80.10.246.1 81.253.149.2
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{7471D53E-E26B-4869-894F-191233751FBA}: DhcpNameServer=80.10.246.1 81.253.149.2
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{7471D53E-E26B-4869-894F-191233751FBA}: DhcpNameServer=80.10.246.1 81.253.149.2
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=80.10.246.1 81.253.149.2
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=80.10.246.1 81.253.149.2
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=80.10.246.1 81.253.149.2

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  7. wizzone Messages postés 17 Date d'inscription   Statut Membre
     
    Merci beaucoup ca fait plaisir ma je n'arriver toujours pas a changer mon fond ecran je ne peut changer que la couleur est-ce normal?

    Sinon voici les 2 rapports:

    N°1(smitfraud)

    SmitFraudFix v2.323

    Rapport fait à 10:55:53,67, 31/05/2008
    Executé à partir de C:\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{7471D53E-E26B-4869-894F-191233751FBA}: DhcpNameServer=80.10.246.1 81.253.149.2
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{7471D53E-E26B-4869-894F-191233751FBA}: DhcpNameServer=80.10.246.1 81.253.149.2
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{7471D53E-E26B-4869-894F-191233751FBA}: DhcpNameServer=80.10.246.1 81.253.149.2
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=80.10.246.1 81.253.149.2
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=80.10.246.1 81.253.149.2
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=80.10.246.1 81.253.149.2

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    N°2(Hjacksthis)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:05:38, on 31/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\WINDOWS\system32\hdsp32.exe
    C:\WINDOWS\system32\hdspmix.exe
    C:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe
    C:\WINDOWS\system32\fireface.exe
    C:\WINDOWS\system32\firefacemix.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Razer\Krait\razerhid.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Valve\Steam\Steam.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\program files\ncsoft\launcher\NCLauncher.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\Razer\Krait\razertra.exe
    C:\Program Files\Razer\Krait\razerofa.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\Monjack.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.0.3
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
    O2 - BHO: (no name) - {58579e04-8cef-4e26-9807-81cae5d9df88} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {9430CB26-6363-4C44-958D-CC788E00A04C} - C:\Program Files\Internet Explorer\povezC:\DOCUME~1\Tristan\LOCALS~1\Temp\mst455101.exe.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {C32FBD0A-B9EE-49E5-9C38-3BA75119069D} - C:\WINDOWS\system32\awtst.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [HDSPTray1] hdsp32.exe
    O4 - HKLM\..\Run: [HDSPTray2] hdspmix.exe
    O4 - HKLM\..\Run: [FIREBOX] C:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe
    O4 - HKLM\..\Run: [FirefaceTray] fireface.exe
    O4 - HKLM\..\Run: [FirefaceMixTray] firefacemix.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Krait] C:\Program Files\Razer\Krait\razerhid.exe
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [PlayNC Launcher] C:\program files\ncsoft\launcher\NCLauncher.exe /Minimized
    O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O14 - IERESET.INF: START_PAGE_URL=http://www.european.fr
    O15 - Trusted Zone: http://forum.telecharger.01net.com/forum/
    O15 - Trusted Zone: https://www.01net.com/
    O15 - Trusted Zone: https://www.adobe.com/
    O15 - Trusted Zone: https://www.amazon.fr/
    O15 - Trusted Zone: https://www.anarchy-online.com/
    O15 - Trusted Zone: http://support.ati.com
    O15 - Trusted Zone: https://www.avast.com/fr-fr/index
    O15 - Trusted Zone: http://dl1.avgate.net
    O15 - Trusted Zone: http://www.blacktears.fr.tp
    O15 - Trusted Zone: http://new-synapse.board.tc
    O15 - Trusted Zone: http://*.boodinet.fr
    O15 - Trusted Zone: http://*.chickentofight.com
    O15 - Trusted Zone: https://www.clubic.com/
    O15 - Trusted Zone: https://www.commentcamarche.net/
    O15 - Trusted Zone: http://www.dicodunet.com
    O15 - Trusted Zone: http://www.dungeonrunners.com
    O15 - Trusted Zone: http://www.fnac.fr
    O15 - Trusted Zone: http://freetopia.free.fr
    O15 - Trusted Zone: http://www.gamegoods.fr
    O15 - Trusted Zone: https://www.gameim.com/
    O15 - Trusted Zone: https://www.gamekult.com/
    O15 - Trusted Zone: https://www.generation-nt.com/
    O15 - Trusted Zone: http://www.goldsoon.com
    O15 - Trusted Zone: https://translate.google.fr/
    O15 - Trusted Zone: https://www.google.fr/?gws_rd=ssl
    O15 - Trusted Zone: http://katuzi.gotdns.com
    O15 - Trusted Zone: http://www.katuzi.gotdns.com
    O15 - Trusted Zone: https://www.guildwars.com/en/
    O15 - Trusted Zone: http://www.guildwars4gold.fr
    O15 - Trusted Zone: https://www.habbo.fr/
    O15 - Trusted Zone: http://www.hot-tv.com
    O15 - Trusted Zone: https://www.jeux.fr/
    O15 - Trusted Zone: https://www.jeuxvideo.com/
    O15 - Trusted Zone: http://www.jeuxvideo.fr/video/
    O15 - Trusted Zone: http://www.jeuxvideopc.com
    O15 - Trusted Zone: https://worldofwarcraft.judgehype.com/
    O15 - Trusted Zone: http://www.lagarde-guild.com
    O15 - Trusted Zone: https://www.adaware.com/fr
    O15 - Trusted Zone: https://www.luna-atra.fr
    O15 - Trusted Zone: https://www.ubisoft.com/fr-fr/game/might-and-magic/era-of-chaos
    O15 - Trusted Zone: http://*.millenium-serveur.fr
    O15 - Trusted Zone: http://www.narutoxtra.com
    O15 - Trusted Zone: http://worldofbattles.no-ip.biz
    O15 - Trusted Zone: http://synapse-wow.no-ip.org
    O15 - Trusted Zone: http://thetoxicworld.no-ip.org
    O15 - Trusted Zone: https://us.norton.com/
    O15 - Trusted Zone: http://monmatou.playmoa.com/
    O15 - Trusted Zone: http://eu.plaync.com
    O15 - Trusted Zone: http://fr.support.plaync.com
    O15 - Trusted Zone: http://www.rezurection.org
    O15 - Trusted Zone: http://www.selexium.fr
    O15 - Trusted Zone: http://lune-sanglante.servegame.com
    O15 - Trusted Zone: https://www.skyrock.com/
    O15 - Trusted Zone: https://store.steampowered.com/
    O15 - Trusted Zone: https://store.steampowered.com/
    O15 - Trusted Zone: http://ftp01net.telechargement.fr
    O15 - Trusted Zone: https://www.ubisoft.com/fr-fr/
    O15 - Trusted Zone: https://univers-oblivion.com/
    O15 - Trusted Zone: http://www.uzinagaz.com
    O15 - Trusted Zone: https://www.valvesoftware.com/en/
    O15 - Trusted Zone: http://*.w-w-w-dot-com.com
    O15 - Trusted Zone: https://world-of-the-night.webrpg.info/index.php
    O15 - Trusted Zone: https://www.microsoft.com/fr-fr
    O15 - Trusted Zone: https://worldofwarcraft.com/en-gb/
    O15 - Trusted Zone: https://worldofwarcraft.com/en-gb/
    O15 - Trusted Zone: https://the-new-wow.xooit.com/index.php
    O15 - Trusted Zone: http://hell.xooit.eu
    O15 - Trusted Zone: http://thetoxicworld.xooit.fr
    O15 - Trusted Zone: https://www.youtube.com/
    O15 - Trusted IP range: http://91.121.122.177
    O15 - Trusted IP range: http://91.121.114.161
    O15 - Trusted IP range: http://192.168.0.8
    O15 - Trusted IP range: http://209.85.135.104
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O20 - Winlogon Notify: ljjkife - ljjkife.dll (file missing)
    O20 - Winlogon Notify: szabczuh - szabczuh.dll (file missing)
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
    0
  8. wizzone Messages postés 17 Date d'inscription   Statut Membre
     
    J'ai oublié le + important ca a marché ^^
    0
  9. sKe69 Messages postés 21955 Statut Contributeur sécurité 463
     
    avant de poursuivre : tu as 2 antivirus et c'est 1 de trop !!!
    ---> ralentissement du système,plantages et grosse faille de sécurité ...

    Désinstales correctement avast avec ce-ci :
    https://www.avast.com/fr-fr/uninstall-utility
    Deconnectes toi .
    ---> tu désactives la protection résidente d'avast ,et tu lances le petit prg de désinstale .

    prévient moi une foi cela fait ...
    0
  10. wizzone Messages postés 17 Date d'inscription   Statut Membre
     
    Voili avast est desinstaller peut m'aider afin que je puisse a nouveaux mettre des fonds d'ecran et que le menu ne soit plus grisé?
    0
  11. sKe69 Messages postés 21955 Statut Contributeur sécurité 463
     
    ... la forme d'un gros GIF il a disparu ?
    0
  12. wizzone Messages postés 17 Date d'inscription   Statut Membre
     
    Oui mais je ne peut toujour pas mettre de fond ecran
    0
  13. sKe69 Messages postés 21955 Statut Contributeur sécurité 463
     
    tu es peut-être encore infecté ...

    Fais ce-ci :
    souligne>Télécharges MalwareByte's </souligne>:
    ftp://ftp.commentcamarche.com/download/mbam-setup.exe

    un tuto sympa : https://forum.pcastuces.com/sujet.asp?f=31&s=3

    Instales le ( choisis bien "francais" ; ne modifies pas les parramètres d'instale ) et mets le à jour .

    Puis redémarres en mode sans échec :
    Comment aller en Mode sans échec
    1) Redémarres ton ordi
    2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
    3) Tu verras un écran avec options de démarrage apparaître
    4) Choisis la première option : Sans Échec, et valide avec "Entrée"
    5) Choisis ton compte habituel, et non Administrateur (si besoin ... )
    (attention : pas de connexion possible en mode sans échec , donc copies ou imprimes bien la manipe pour éviter les erreur ...)

    Lances Malwarebyte's .

    Fais un scan dit "complet" ( sélectionnes bien tout tes disks avant le scan ) et supprimes tout ce qu'il peut trouver :
    --->une fois le scan terminé , click sur "résultat" : puis vérifies que tous les ojbets infectés soient validés, puis click sur " supression " .

    Redémarres ton PC ( mode normal ).

    Postes le rapport sauvegardé après la supression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes) accompagné d'un nouvel hijackthis ( fait en mode normal celui-ci ) ...
    0
  14. wizzone Messages postés 17 Date d'inscription   Statut Membre
     
    OKI je fais ca tout de suite encore merci
    0
  15. wizzone Messages postés 17 Date d'inscription   Statut Membre
     
    J'ai été un peut long mais voici les 2 rapports malwarebytes m'a trouvé 72 fichiers infectés que j'ai detrui.

    Rapport n°1:malwarebytes:

    Malwarebytes' Anti-Malware 1.14
    Version de la base de données: 807

    13:13:34 31/05/2008
    mbam-log-5-31-2008 (13-13-34).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 89857
    Temps écoulé: 21 minute(s), 14 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 26
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 10
    Fichier(s) infecté(s): 35

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\xInsIDE (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\xInsiDERexe (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Deskbar.exe (Adware.SoftMate) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dbar (Adware.SoftMate) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winvi (Adware.SoftMate) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\winvi (Adware.SoftMate) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\DBReg (Adware.SoftMate) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\kernelexe (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\ugac (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\ucookw (Rogue.Errclean) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Insider (Adware.DnsInsider) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.starsdoor.com (Backdoor.Bot) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\dbar (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Program Files\dbar\Cache (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Program Files\winvi (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Program Files\winvi\dsktp (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Program Files\winvi\icons (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Program Files\winvi\temp (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Program Files\xInsIDE (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tristan\Application Data\Deskbar_{344879FB-19A6-4efa-9FE3-3FE4BB7728BB} (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tristan\Application Data\Deskbar_{344879FB-19A6-4efa-9FE3-3FE4BB7728BB}\Cache (Adware.SoftMate) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Program Files\Temporary\rapport.txt (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\dbar\basis.xml (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Program Files\dbar\channel.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Program Files\dbar\content.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Program Files\dbar\date.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Program Files\dbar\dbaruninst.exe (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Program Files\dbar\deskbar.crc (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Program Files\dbar\deskbar.inf (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Program Files\dbar\edit_rss.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Program Files\dbar\local.xml (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Program Files\dbar\nav1.bmp (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Program Files\dbar\nav2.bmp (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Program Files\dbar\new_alert.tmpl (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Program Files\dbar\Thumbs.db (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Program Files\dbar\version.ini (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Program Files\dbar\version.txt (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Program Files\winvi\Uninst.exe (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Program Files\winvi\version.ini (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Program Files\winvi\dsktp\AC_RunActiveContent.js (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Program Files\winvi\dsktp\internetDetection.swf (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Program Files\winvi\dsktp\settings.sol (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Program Files\winvi\icons\bufferthis.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Program Files\winvi\icons\flashfunpages.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Program Files\winvi\icons\funnies.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Program Files\winvi\icons\funnyfunpages.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Program Files\winvi\icons\goodcleanvideos.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Program Files\winvi\icons\newfunpages.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Program Files\winvi\icons\positivethoughts.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Program Files\winvi\icons\removespyware.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Program Files\winvi\icons\thissiterocks.ico (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Program Files\winvi\temp\version.ini (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tristan\Application Data\Deskbar_{344879FB-19A6-4efa-9FE3-3FE4BB7728BB}\local.xml (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tristan\Application Data\Deskbar_{344879FB-19A6-4efa-9FE3-3FE4BB7728BB}\log.txt (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Tristan\Application Data\Deskbar_{344879FB-19A6-4efa-9FE3-3FE4BB7728BB}\version.ini (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.

    Rapport n°2:hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:17:50, on 31/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\WINDOWS\system32\hdsp32.exe
    C:\WINDOWS\system32\hdspmix.exe
    C:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe
    C:\WINDOWS\system32\fireface.exe
    C:\WINDOWS\system32\firefacemix.exe
    C:\Program Files\Razer\Krait\razerhid.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Valve\Steam\Steam.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\program files\ncsoft\launcher\NCLauncher.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\Razer\Krait\razertra.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\Program Files\Razer\Krait\razerofa.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Trend Micro\HijackThis\Monjack.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wuauclt.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.0.3
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
    O2 - BHO: (no name) - {58579e04-8cef-4e26-9807-81cae5d9df88} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {9430CB26-6363-4C44-958D-CC788E00A04C} - C:\Program Files\Internet Explorer\povezC:\DOCUME~1\Tristan\LOCALS~1\Temp\mst455101.exe.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {C32FBD0A-B9EE-49E5-9C38-3BA75119069D} - C:\WINDOWS\system32\awtst.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [HDSPTray1] hdsp32.exe
    O4 - HKLM\..\Run: [HDSPTray2] hdspmix.exe
    O4 - HKLM\..\Run: [FIREBOX] C:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe
    O4 - HKLM\..\Run: [FirefaceTray] fireface.exe
    O4 - HKLM\..\Run: [FirefaceMixTray] firefacemix.exe
    O4 - HKLM\..\Run: [Krait] C:\Program Files\Razer\Krait\razerhid.exe
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [PlayNC Launcher] C:\program files\ncsoft\launcher\NCLauncher.exe /Minimized
    O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O14 - IERESET.INF: START_PAGE_URL=http://www.european.fr
    O15 - Trusted Zone: http://forum.telecharger.01net.com/forum/
    O15 - Trusted Zone: https://www.01net.com/
    O15 - Trusted Zone: https://www.adobe.com/
    O15 - Trusted Zone: https://www.amazon.fr/
    O15 - Trusted Zone: https://www.anarchy-online.com/
    O15 - Trusted Zone: http://support.ati.com
    O15 - Trusted Zone: https://www.avast.com/fr-fr/index
    O15 - Trusted Zone: http://dl1.avgate.net
    O15 - Trusted Zone: http://www.blacktears.fr.tp
    O15 - Trusted Zone: http://new-synapse.board.tc
    O15 - Trusted Zone: http://*.boodinet.fr
    O15 - Trusted Zone: http://*.chickentofight.com
    O15 - Trusted Zone: https://www.clubic.com/
    O15 - Trusted Zone: https://www.commentcamarche.net/
    O15 - Trusted Zone: http://www.dicodunet.com
    O15 - Trusted Zone: http://www.dungeonrunners.com
    O15 - Trusted Zone: http://www.fnac.fr
    O15 - Trusted Zone: http://freetopia.free.fr
    O15 - Trusted Zone: http://www.gamegoods.fr
    O15 - Trusted Zone: https://www.gameim.com/
    O15 - Trusted Zone: https://www.gamekult.com/
    O15 - Trusted Zone: https://www.generation-nt.com/
    O15 - Trusted Zone: http://www.goldsoon.com
    O15 - Trusted Zone: https://translate.google.fr/
    O15 - Trusted Zone: https://www.google.fr/?gws_rd=ssl
    O15 - Trusted Zone: http://katuzi.gotdns.com
    O15 - Trusted Zone: http://www.katuzi.gotdns.com
    O15 - Trusted Zone: https://www.guildwars.com/en/
    O15 - Trusted Zone: http://www.guildwars4gold.fr
    O15 - Trusted Zone: https://www.habbo.fr/
    O15 - Trusted Zone: http://www.hot-tv.com
    O15 - Trusted Zone: https://www.jeux.fr/
    O15 - Trusted Zone: https://www.jeuxvideo.com/
    O15 - Trusted Zone: http://www.jeuxvideo.fr/video/
    O15 - Trusted Zone: http://www.jeuxvideopc.com
    O15 - Trusted Zone: https://worldofwarcraft.judgehype.com/
    O15 - Trusted Zone: http://www.lagarde-guild.com
    O15 - Trusted Zone: https://www.adaware.com/fr
    O15 - Trusted Zone: https://www.luna-atra.fr
    O15 - Trusted Zone: https://www.ubisoft.com/fr-fr/game/might-and-magic/era-of-chaos
    O15 - Trusted Zone: http://*.millenium-serveur.fr
    O15 - Trusted Zone: http://www.narutoxtra.com
    O15 - Trusted Zone: http://worldofbattles.no-ip.biz
    O15 - Trusted Zone: http://synapse-wow.no-ip.org
    O15 - Trusted Zone: http://thetoxicworld.no-ip.org
    O15 - Trusted Zone: https://us.norton.com/
    O15 - Trusted Zone: http://monmatou.playmoa.com/
    O15 - Trusted Zone: http://eu.plaync.com
    O15 - Trusted Zone: http://fr.support.plaync.com
    O15 - Trusted Zone: http://www.rezurection.org
    O15 - Trusted Zone: http://www.selexium.fr
    O15 - Trusted Zone: http://lune-sanglante.servegame.com
    O15 - Trusted Zone: https://www.skyrock.com/
    O15 - Trusted Zone: https://store.steampowered.com/
    O15 - Trusted Zone: https://store.steampowered.com/
    O15 - Trusted Zone: http://ftp01net.telechargement.fr
    O15 - Trusted Zone: https://www.ubisoft.com/fr-fr/
    O15 - Trusted Zone: https://univers-oblivion.com/
    O15 - Trusted Zone: http://www.uzinagaz.com
    O15 - Trusted Zone: https://www.valvesoftware.com/en/
    O15 - Trusted Zone: http://*.w-w-w-dot-com.com
    O15 - Trusted Zone: https://world-of-the-night.webrpg.info/index.php
    O15 - Trusted Zone: https://www.microsoft.com/fr-fr
    O15 - Trusted Zone: https://worldofwarcraft.com/en-gb/
    O15 - Trusted Zone: https://worldofwarcraft.com/en-gb/
    O15 - Trusted Zone: https://the-new-wow.xooit.com/index.php
    O15 - Trusted Zone: http://hell.xooit.eu
    O15 - Trusted Zone: http://thetoxicworld.xooit.fr
    O15 - Trusted Zone: https://www.youtube.com/
    O15 - Trusted IP range: http://91.121.122.177
    O15 - Trusted IP range: http://91.121.114.161
    O15 - Trusted IP range: http://192.168.0.8
    O15 - Trusted IP range: http://209.85.135.104
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O20 - Winlogon Notify: ljjkife - ljjkife.dll (file missing)
    O20 - Winlogon Notify: szabczuh - szabczuh.dll (file missing)
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
    0
  16. sKe69 Messages postés 21955 Statut Contributeur sécurité 463
     
    bien Malwarebytes a fais un bon nettoyage ^^

    on continue :
    Téléchargez ceci (de gchris) : http://gchrisftp.free.fr/divers/Ad-Fix/Ad-Fix.zip

    Dézippez-le sur votre bureau (clic droit -> extraire tout).

    Important : vérifiez que vous êtes bien connecté à internet.

    Dans le dossier créé, double-cliquez sur le fichier "Ad-Fix.bat" ou "Ad-fix"
    Choisissez l'option 1.

    Si vous avez un message de votre pare-feu qui vous demande si vous voulez autoriser le fichier URL2FILE.EXE à
    se connecter à Internet ---> autorisez, c'est nécessaire à ad-fix pour vérifier la version.

    Quand c'est finit (cela peut prendre plusieurs minutes), un rapport s'ouvre avec le bloc-notes.
    Merci de faire un copier/coller ici du contenu du rapport (Ad-Fix.txt) .
    0
  17. wizzone Messages postés 17 Date d'inscription   Statut Membre
     
    Voila le rapport:

    Ad-Fix v0.101e
    by gchris

    OPTION 1 (Scan) :

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Démarré à :

    19:30:06,89 31/05/2008

    Executé depuis :

    C:\Documents and Settings\Tristan\Bureau\Ad-Fix\Ad-Fix

    Os :

    Microsoft Windows XP [version 5.1.2600]

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Recherche de fichier manquant

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Recherche de fichiers cachés (pas forcément mauvais)

    Fichiers cachés à la racine du disque système :

    BOOT.BAK
    boot.ini
    Bootfont.bin
    IO.SYS
    MSDOS.SYS
    NTDETECT.COM
    ntldr
    pagefile.sys
    sqmdata00.sqm
    sqmdata01.sqm
    sqmdata02.sqm
    sqmdata03.sqm
    sqmdata04.sqm
    sqmdata05.sqm
    sqmdata06.sqm
    sqmdata07.sqm
    sqmdata08.sqm
    sqmdata09.sqm
    sqmdata10.sqm
    sqmdata11.sqm
    sqmdata12.sqm
    sqmdata13.sqm
    sqmdata14.sqm
    sqmdata15.sqm
    sqmdata16.sqm
    sqmdata17.sqm
    sqmdata18.sqm
    sqmdata19.sqm
    sqmnoopt00.sqm
    sqmnoopt01.sqm
    sqmnoopt02.sqm
    sqmnoopt03.sqm
    sqmnoopt04.sqm
    sqmnoopt05.sqm
    sqmnoopt06.sqm
    sqmnoopt07.sqm
    sqmnoopt08.sqm
    sqmnoopt09.sqm
    sqmnoopt10.sqm
    sqmnoopt11.sqm
    sqmnoopt12.sqm
    sqmnoopt13.sqm
    sqmnoopt14.sqm
    sqmnoopt15.sqm
    sqmnoopt16.sqm
    sqmnoopt17.sqm
    sqmnoopt18.sqm
    sqmnoopt19.sqm

    Fichiers cachés dans le répertoire Windows :

    WindowsShell.Manifest
    winnt.bmp
    winnt256.bmp

    Fichiers cachés dans le répertoire System32 :

    cdplayer.exe.manifest
    cirwsple.ini
    dxvdugqj.ini
    gnibqhqe.ini
    guajthst.ini
    ikfywofi.ini
    jalngbvo.ini
    jatxfwso.ini
    jmckenyx.ini
    ldasclsm.ini
    logonui.exe.manifest
    mjbjqent.ini
    ncpa.cpl.manifest
    nwc.cpl.manifest
    qilkyosl.ini
    rkmpqton.ini
    rrhnhssx.ini
    sapi.cpl.manifest
    szabczuh.dllbox
    tmnlomjj.ini
    tstwa.ini
    tstwa.ini2
    uejlxuqj.ini
    ujxbnojp.ini
    WindowsLogon.manifest
    wuaucpl.cpl.manifest
    xbadd.ini
    xbadd.ini2
    yoqnyqng.ini

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Analyse du registre

    ---------- USER AGENT -- POST PLATFORM

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    "SIMBAR={F00708E4-5D14-4454-84EB-85C6975A0E08}"=""

    ----------

    ---------- AppInit_DLLs

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""

    ----------

    Complete!

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Recherche de fichiers et dossiers

    C:\WINDOWS\Downloaded Program Files\CONFLICT.? Détecté !
    C:\WINDOWS\Downloaded Program Files\CONFLICT.?? Détecté !
    C:\WINDOWS\unvise32qt.exe Détecté !

    C:\Progra~1\WinPcap Détecté !

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    0
  18. sKe69 Messages postés 21955 Statut Contributeur sécurité 463
     
    la suite :

    Nettoyage Ad-fix :
    Démarrer en mode sans échec :
    Comment aller en Mode sans échec
    1) Redémarres ton ordi
    2) Tapotes la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
    3) Tu verras un écran avec options de démarrage apparaître
    4) Choisis la première option : Sans Échec, et valide avec "Entrée"
    5) Choisis ton compte habituel, et non Administrateur (si besoin ... )
    (attention : pas de connexion possible en mode sans échec , donc copies ou imprimes bien la manipe pour éviter les erreur ...)

    --->Lancez de nouveau Ad-fix

    Choisissez l'option 2
    (Le bureau ou les icônes vont disparaître, c'est normal.)
    Quand c'est terminé, pressez la touche "entrée" pour redémarrer l'ordinateur.

    Copiez collez ici, le contenu du nouveau rapport générer (le sauvegarder de façon à le retrouver), accompagné d'un nouveau rapport hijackthis ( celui-ci fais en mode normal ) pour analyse ...
    0
  19. wizzone Messages postés 17 Date d'inscription   Statut Membre
     
    Voila les deux rapports

    Ad-Fix v0.101e
    by gchris

    OPTION 2 (Fix) :

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Démarré à :

    11:07:44,35 01/06/2008
    en mode sans échec

    Executé depuis :

    C:\Documents and Settings\Tristan\Bureau\Ad-Fix\Ad-Fix

    Os :

    Microsoft Windows XP [version 5.1.2600]

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Recherche de fichier manquant

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Nettoyage du registre

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Suppression des fichiers

    C:\WINDOWS\unvise32qt.exe Supprimé !
    C:\Progra~1\WinPcap Supprimé !
    Echec suppression : C:\WINDOWS\Downloaded Program Files\CONFLICT.?
    Echec suppression : C:\WINDOWS\Downloaded Program Files\CONFLICT.??

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    Terminé à 11:15:16,50

    Redémarrage effectué

    C:\WINDOWS\Downloaded Program Files\CONFLICT.? Suppression au démarrage echouée !
    C:\WINDOWS\Downloaded Program Files\CONFLICT.?? Suppression au démarrage echouée !

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:25:25, on 01/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    C:\WINDOWS\system32\hdsp32.exe
    C:\WINDOWS\system32\hdspmix.exe
    C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe
    C:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe
    C:\WINDOWS\system32\fireface.exe
    C:\WINDOWS\system32\firefacemix.exe
    C:\Program Files\Razer\Krait\razerhid.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Valve\Steam\Steam.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\program files\ncsoft\launcher\NCLauncher.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Razer\Krait\razertra.exe
    C:\Program Files\Razer\Krait\razerofa.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\Monjack.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.0.3
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
    O2 - BHO: (no name) - {58579e04-8cef-4e26-9807-81cae5d9df88} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {9430CB26-6363-4C44-958D-CC788E00A04C} - C:\Program Files\Internet Explorer\povezC:\DOCUME~1\Tristan\LOCALS~1\Temp\mst455101.exe.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {C32FBD0A-B9EE-49E5-9C38-3BA75119069D} - C:\WINDOWS\system32\awtst.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
    O4 - HKLM\..\Run: [HDSPTray1] hdsp32.exe
    O4 - HKLM\..\Run: [HDSPTray2] hdspmix.exe
    O4 - HKLM\..\Run: [FIREBOX] C:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe
    O4 - HKLM\..\Run: [FirefaceTray] fireface.exe
    O4 - HKLM\..\Run: [FirefaceMixTray] firefacemix.exe
    O4 - HKLM\..\Run: [Krait] C:\Program Files\Razer\Krait\razerhid.exe
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [PlayNC Launcher] C:\program files\ncsoft\launcher\NCLauncher.exe /Minimized
    O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O14 - IERESET.INF: START_PAGE_URL=http://www.european.fr
    O15 - Trusted Zone: http://forum.telecharger.01net.com/forum/
    O15 - Trusted Zone: https://www.01net.com/
    O15 - Trusted Zone: https://www.adobe.com/
    O15 - Trusted Zone: https://www.amazon.fr/
    O15 - Trusted Zone: https://www.anarchy-online.com/
    O15 - Trusted Zone: http://support.ati.com
    O15 - Trusted Zone: https://www.avast.com/fr-fr/index
    O15 - Trusted Zone: http://dl1.avgate.net
    O15 - Trusted Zone: http://www.blacktears.fr.tp
    O15 - Trusted Zone: http://new-synapse.board.tc
    O15 - Trusted Zone: http://*.boodinet.fr
    O15 - Trusted Zone: http://*.chickentofight.com
    O15 - Trusted Zone: https://www.clubic.com/
    O15 - Trusted Zone: https://www.commentcamarche.net/
    O15 - Trusted Zone: http://www.dicodunet.com
    O15 - Trusted Zone: http://www.dungeonrunners.com
    O15 - Trusted Zone: https://www.ebay.fr/n/all-categories/?_rdc=1
    O15 - Trusted Zone: http://jeux-video.fnac.com
    O15 - Trusted Zone: http://www.fnac.fr
    O15 - Trusted Zone: http://freetopia.free.fr
    O15 - Trusted Zone: http://www.gamegoods.fr
    O15 - Trusted Zone: https://www.gameim.com/
    O15 - Trusted Zone: https://www.gamekult.com/
    O15 - Trusted Zone: https://www.generation-nt.com/
    O15 - Trusted Zone: http://www.goldsoon.com
    O15 - Trusted Zone: https://translate.google.fr/
    O15 - Trusted Zone: https://www.google.fr/?gws_rd=ssl
    O15 - Trusted Zone: http://katuzi.gotdns.com
    O15 - Trusted Zone: http://www.katuzi.gotdns.com
    O15 - Trusted Zone: https://www.guildwars.com/en/
    O15 - Trusted Zone: http://www.guildwars4gold.fr
    O15 - Trusted Zone: https://www.habbo.fr/
    O15 - Trusted Zone: http://www.hot-tv.com
    O15 - Trusted Zone: https://www.jeux.fr/
    O15 - Trusted Zone: https://www.jeuxvideo.com/
    O15 - Trusted Zone: http://www.jeuxvideo.fr
    O15 - Trusted Zone: http://www.jeuxvideo.fr/video/
    O15 - Trusted Zone: http://www.jeuxvideopc.com
    O15 - Trusted Zone: https://worldofwarcraft.judgehype.com/
    O15 - Trusted Zone: http://www.lagarde-guild.com
    O15 - Trusted Zone: https://www.adaware.com/fr
    O15 - Trusted Zone: https://www.luna-atra.fr
    O15 - Trusted Zone: https://www.ubisoft.com/fr-fr/game/might-and-magic/era-of-chaos
    O15 - Trusted Zone: http://*.millenium-serveur.fr
    O15 - Trusted Zone: http://www.narutoxtra.com
    O15 - Trusted Zone: http://worldofbattles.no-ip.biz
    O15 - Trusted Zone: http://synapse-wow.no-ip.org
    O15 - Trusted Zone: http://thetoxicworld.no-ip.org
    O15 - Trusted Zone: https://us.norton.com/
    O15 - Trusted Zone: http://monmatou.playmoa.com/
    O15 - Trusted Zone: http://eu.plaync.com
    O15 - Trusted Zone: http://fr.support.plaync.com
    O15 - Trusted Zone: http://www.rezurection.org
    O15 - Trusted Zone: http://www.selexium.fr
    O15 - Trusted Zone: http://lune-sanglante.servegame.com
    O15 - Trusted Zone: https://www.skyrock.com/
    O15 - Trusted Zone: https://store.steampowered.com/
    O15 - Trusted Zone: https://store.steampowered.com/
    O15 - Trusted Zone: http://ftp01net.telechargement.fr
    O15 - Trusted Zone: https://www.ubisoft.com/fr-fr/
    O15 - Trusted Zone: https://univers-oblivion.com/
    O15 - Trusted Zone: http://www.uzinagaz.com
    O15 - Trusted Zone: https://www.valvesoftware.com/en/
    O15 - Trusted Zone: http://*.w-w-w-dot-com.com
    O15 - Trusted Zone: https://world-of-the-night.webrpg.info/index.php
    O15 - Trusted Zone: https://www.microsoft.com/fr-fr
    O15 - Trusted Zone: https://worldofwarcraft.com/en-gb/
    O15 - Trusted Zone: https://worldofwarcraft.com/en-gb/
    O15 - Trusted Zone: https://the-new-wow.xooit.com/index.php
    O15 - Trusted Zone: http://hell.xooit.eu
    O15 - Trusted Zone: http://thetoxicworld.xooit.fr
    O15 - Trusted Zone: https://www.youtube.com/
    O15 - Trusted IP range: http://91.121.122.177
    O15 - Trusted IP range: http://91.121.114.161
    O15 - Trusted IP range: http://192.168.0.8
    O15 - Trusted IP range: http://209.85.135.104
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O20 - Winlogon Notify: ljjkife - ljjkife.dll (file missing)
    O20 - Winlogon Notify: szabczuh - szabczuh.dll (file missing)
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
    0
  20. sKe69 Messages postés 21955 Statut Contributeur sécurité 463
     
    salut,

    fais ce-ci :
    Télécharges SDFix sur ton bureau :
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe.

    --->Double clique sur SDFix.exe et choisis "Install" .

    Puis une fois l'instale faite ,redémarre en mode sans échec .
    Comment aller en Mode sans échec :
    1) Redémarre ton ordi
    2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
    3) Tu verras un écran avec options de démarrage apparaître
    4) Choisis la première option : Sans Échec, et valide avec "Entrée"
    5) Choisis ton compte habituel, et non Administrateur (si besoin ... )

    Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd pour lancer le script.
    --->Tape Y pour lancer le script.
    Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire , donc :
    presses une touche pour redémarrer quand il te le sera demandé .

    Le PC va mettre du temps avant de démarrer ( c'est normale ), après le chargement du Bureau presses une touche lorsque "Finished" s'affiche .

    Le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier C:\SDFix sous le nom "Report.txt".
    Postes ce dernier dans ta prochaine réponse accompagné d'un nouveau rapport Hijakcthis pour analyse ...
    0
    1. un passant mdr
       
      j'ai eu le meme pb et jme suis pas fait ch**r a chercher, j'ai reformaté mon ordi mdr

      le logiciel: tu l'as dl sur le site officiel du créateur ou par un distributeur bizarre que personne ne connait? (comme moi X) )




      (ps:quand tu poste des rapports comme ceux la, pense a retirer les adresses web des sites pornos XÐ)
      0
  21. wizzone Messages postés 17 Date d'inscription   Statut Membre
     
    Voila les 2 rapports,merci a toi je peut de nouveau mettre un fond ecran je te remmercie beaucoup d'avoir pris tant de temps a m'aider merci vraiment c fait plaisir

    [b]SDFix: Version 1.187 [/b]
    Run by Tristan on 01/06/2008 at 11:48

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\SDFix

    [b]Checking Services [/b]:

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting

    [b]Checking Files [/b]:

    No Trojan Files Found

    Folder C:\Documents and Settings\All Users\Application Data\SalesMon - Removed
    Folder C:\Program Files\drmupgds - Removed
    Folder C:\VirusEffaceur - Removed

    Removing Temp Files

    [b]ADS Check [/b]:

    [b]Final Check [/b]:

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-01 12:01:34
    Windows 5.1.2600 Service Pack 2 NTFS

    detected NTDLL code modification:
    ZwClose

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    [b]Remaining Services [/b]:

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"="C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe:*:Enabled:GunzLauncher"
    "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
    "C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\World of Warcraft\\WoW-2.3.0-frFR-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.3.0-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"="C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe:*:Enabled:Exteel"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"="C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe:*:Enabled:Exteel"

    [b]Remaining Files [/b]:

    [b]Files with Hidden Attributes [/b]:

    Wed 26 Oct 2005 212 A.SHR --- "C:\BOOT.BAK"
    Thu 14 Feb 2008 20,670 ..SH. --- "C:\WINDOWS\system32\szabczuh.dllbox"
    Fri 25 Jun 2004 12,431,945 A..H. --- "C:\Program Files\Bodom-Child - RaBBi\RGSS\Standard\Graphics.exe"
    Mon 24 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0926b9470c9af53c207eadf0bf3934da\BIT58.tmp"
    Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT11.tmp"
    Mon 24 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\674feb019fefe92af9d3a2ceaaca6a30\BIT6C.tmp"
    Mon 24 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b6b8211a5dc0636ae3d15bf626ce10d3\BIT3E.tmp"
    Mon 24 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e2ee6701f2679c24dd339050a068b193\BIT60.tmp"
    Mon 24 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7bd07c1089c2af7712a37e4bc06b52c1\download\BIT9F.tmp"
    Mon 24 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d58f7a46215418e5cd2283eb289472c2\download\BIT98.tmp"
    Sat 17 May 2008 214,016 A..H. --- "C:\Deckard\System Scanner\20080530201524\backup\DOCUME~1\Tristan\LOCALS~1\Temp\~12.tmp"
    Mon 21 Apr 2008 211,968 A..H. --- "C:\Deckard\System Scanner\20080530201524\backup\DOCUME~1\Tristan\LOCALS~1\Temp\~13.tmp"
    Wed 28 May 2008 214,016 A..H. --- "C:\Deckard\System Scanner\20080530201524\backup\DOCUME~1\Tristan\LOCALS~1\Temp\~14.tmp"
    Wed 7 May 2008 214,016 A..H. --- "C:\Deckard\System Scanner\20080530201524\backup\DOCUME~1\Tristan\LOCALS~1\Temp\~16.tmp"
    Fri 9 May 2008 214,016 A..H. --- "C:\Deckard\System Scanner\20080530201524\backup\DOCUME~1\Tristan\LOCALS~1\Temp\~1C.tmp"
    Mon 26 May 2008 214,016 A..H. --- "C:\Deckard\System Scanner\20080530201524\backup\DOCUME~1\Tristan\LOCALS~1\Temp\~1E.tmp"
    Wed 28 May 2008 214,016 A..H. --- "C:\Deckard\System Scanner\20080530201524\backup\DOCUME~1\Tristan\LOCALS~1\Temp\~1F.tmp"
    Fri 30 May 2008 214,016 A..H. --- "C:\Deckard\System Scanner\20080530201524\backup\DOCUME~1\Tristan\LOCALS~1\Temp\~20F.tmp"
    Wed 14 May 2008 214,016 A..H. --- "C:\Deckard\System Scanner\20080530201524\backup\DOCUME~1\Tristan\LOCALS~1\Temp\~F.tmp"

    [b]Finished![/b]

    [b]SDFix: Version 1.187 [/b]
    Run by Tristan on 01/06/2008 at 11:48

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\SDFix

    [b]Checking Services [/b]:

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting

    [b]Checking Files [/b]:

    No Trojan Files Found

    Folder C:\Documents and Settings\All Users\Application Data\SalesMon - Removed
    Folder C:\Program Files\drmupgds - Removed
    Folder C:\VirusEffaceur - Removed

    Removing Temp Files

    [b]ADS Check [/b]:

    [b]Final Check [/b]:

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-06-01 12:01:34
    Windows 5.1.2600 Service Pack 2 NTFS

    detected NTDLL code modification:
    ZwClose

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    [b]Remaining Services [/b]:

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"="C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe:*:Enabled:GunzLauncher"
    "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
    "C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\World of Warcraft\\WoW-2.3.0-frFR-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.3.0-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"="C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe:*:Enabled:Exteel"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"="C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe:*:Enabled:Exteel"

    [b]Remaining Files [/b]:

    [b]Files with Hidden Attributes [/b]:

    Wed 26 Oct 2005 212 A.SHR --- "C:\BOOT.BAK"
    Thu 14 Feb 2008 20,670 ..SH. --- "C:\WINDOWS\system32\szabczuh.dllbox"
    Fri 25 Jun 2004 12,431,945 A..H. --- "C:\Program Files\Bodom-Child - RaBBi\RGSS\Standard\Graphics.exe"
    Mon 24 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0926b9470c9af53c207eadf0bf3934da\BIT58.tmp"
    Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT11.tmp"
    Mon 24 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\674feb019fefe92af9d3a2ceaaca6a30\BIT6C.tmp"
    Mon 24 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b6b8211a5dc0636ae3d15bf626ce10d3\BIT3E.tmp"
    Mon 24 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e2ee6701f2679c24dd339050a068b193\BIT60.tmp"
    Mon 24 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7bd07c1089c2af7712a37e4bc06b52c1\download\BIT9F.tmp"
    Mon 24 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d58f7a46215418e5cd2283eb289472c2\download\BIT98.tmp"
    Sat 17 May 2008 214,016 A..H. --- "C:\Deckard\System Scanner\20080530201524\backup\DOCUME~1\Tristan\LOCALS~1\Temp\~12.tmp"
    Mon 21 Apr 2008 211,968 A..H. --- "C:\Deckard\System Scanner\20080530201524\backup\DOCUME~1\Tristan\LOCALS~1\Temp\~13.tmp"
    Wed 28 May 2008 214,016 A..H. --- "C:\Deckard\System Scanner\20080530201524\backup\DOCUME~1\Tristan\LOCALS~1\Temp\~14.tmp"
    Wed 7 May 2008 214,016 A..H. --- "C:\Deckard\System Scanner\20080530201524\backup\DOCUME~1\Tristan\LOCALS~1\Temp\~16.tmp"
    Fri 9 May 2008 214,016 A..H. --- "C:\Deckard\System Scanner\20080530201524\backup\DOCUME~1\Tristan\LOCALS~1\Temp\~1C.tmp"
    Mon 26 May 2008 214,016 A..H. --- "C:\Deckard\System Scanner\20080530201524\backup\DOCUME~1\Tristan\LOCALS~1\Temp\~1E.tmp"
    Wed 28 May 2008 214,016 A..H. --- "C:\Deckard\System Scanner\20080530201524\backup\DOCUME~1\Tristan\LOCALS~1\Temp\~1F.tmp"
    Fri 30 May 2008 214,016 A..H. --- "C:\Deckard\System Scanner\20080530201524\backup\DOCUME~1\Tristan\LOCALS~1\Temp\~20F.tmp"
    Wed 14 May 2008 214,016 A..H. --- "C:\Deckard\System Scanner\20080530201524\backup\DOCUME~1\Tristan\LOCALS~1\Temp\~F.tmp"

    [b]Finished![/b]
    0
  • 1
  • 2