Bonjour,
J'ai depuis vendredi un gros problème j'ai été infecté par un virus : Ie antivirus ... Jamais eu de tels problème d'habitude je surfe un peu et je répare moi même mais la j'ai besoin de votre aide .
Mon antivirus n'était plus valable je suppose que c'est pour ça que c'est passé ( mon antivirus : Avg ) alors j'ai installer bit defender 9 pour réparer ce virus , rien n'y fait pour finir je fait pareil avec le bit defender 10 , pareil ...
J'ai regarder des tonnes de sites dont celui ci :
https://fr.pcthreat.com/parasitebyid-6824fr.html
qui fournit un programme pour supprimer ie antivirus mais pourtant 2 analyse et toujours mon problème ...
J'ai regarder pour supprimer manuellement mais Bon ... Big problème aucun des dossier , fichier ou dll ne sont trouvable . Je ne m'y connait pas enormement mais ej sais me debrouiller et la ben rien ..
Voici ce que j'ai essayer :
Bit defender 9 et 10 ( test complet de mon disque unique :c )
Spybot
Adaware
spyware doctor
CC cleaner
Spyhunter
malewrebytes
Voici mon rapport Hijack this :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:22:54, on 7/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE
C:\WINDOWS\etMon.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\JPA\Madotate 3D\madotate.exe
C:\Program Files\Iconoid\iconoid.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Administrateur\Bureau\ .exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {014AABE3-1ECB-4951-8837-7D3D6AEF8877} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11635C4A-ECC7-4ED7-A172-FA5D54D3E3EE} - (no file)
O2 - BHO: (no name) - {11CA0CF2-0B53-4EDA-9DDB-3153915F5ED6} - (no file)
O2 - BHO: (no name) - {1A1E41DD-620C-4D07-A2C0-2702D641553A} - (no file)
O2 - BHO: (no name) - {1F709A2F-0BD1-4CDA-9EC4-7BB1D399ABE6} - (no file)
O2 - BHO: (no name) - {2C1C4DB9-B123-45E2-A7BA-D70DC0E21210} - (no file)
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: (no name) - {316CEF1D-0197-4456-83B0-10C566454FA9} - (no file)
O2 - BHO: (no name) - {33DDFBB1-E46C-4A62-B7EC-358F11F3E265} - (no file)
O2 - BHO: (no name) - {37B00F19-FF57-490F-8E32-093060710C85} - (no file)
O2 - BHO: (no name) - {3FBE9CB3-E5D6-4EE2-B8B5-CEBEA1E9E302} - (no file)
O2 - BHO: (no name) - {4B3244C2-9660-41B5-A998-9FAA46A14FF5} - (no file)
O2 - BHO: (no name) - {50FE0B41-C3CE-4955-9663-8803A147D93C} - (no file)
O2 - BHO: (no name) - {5F497AF3-DCA1-4AC0-9F8C-6E289899FBE5} - C:\WINDOWS\system32\qoMgfGxY.dll
O2 - BHO: (no name) - {5F4AD909-7B76-4BC1-8CD1-057EF001A6F5} - (no file)
O2 - BHO: (no name) - {5FAADC24-66D8-495E-8B10-F4E154BB6FF0} - (no file)
O2 - BHO: (no name) - {62A24A17-45E6-4652-89C4-A4BB62076DAD} - (no file)
O2 - BHO: (no name) - {6E62C171-A1DB-4230-A276-0CBC6D894492} - (no file)
O2 - BHO: (no name) - {73F4AFB5-21F9-4A50-87CB-EE94A8C647F6} - C:\WINDOWS\system32\fccDvwVN.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8521A10B-01FE-4738-8AD6-337244427EFC} - (no file)
O2 - BHO: (no name) - {8E3FBBA3-47CD-4F1C-847B-CCDD4A060318} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {931F3319-73A2-4436-982F-CC22C9C24019} - (no file)
O2 - BHO: (no name) - {99026169-0A08-458F-AF8D-912C89D27F78} - (no file)
O2 - BHO: (no name) - {A38C9AD4-473F-452E-AB32-38E48C80B7B4} - (no file)
O2 - BHO: (no name) - {A74A90F7-F5B5-4163-A5C4-CADE9F1662DB} - (no file)
O2 - BHO: (no name) - {ACBEEE44-ECA8-4CB7-8CD1-B117A3005745} - C:\WINDOWS\system32\vtUnKEXq.dll
O2 - BHO: (no name) - {ACE84C4D-6CAB-494B-A7EB-F5954C3DA09D} - (no file)
O2 - BHO: (no name) - {AECE55E9-116A-4C57-8C84-20FE7EED583C} - (no file)
O2 - BHO: (no name) - {AEF62F8C-C18C-45F4-A894-7FFEC057B874} - (no file)
O2 - BHO: (no name) - {BCBAB338-0B1A-472F-9F27-240A04AD30C2} - (no file)
O2 - BHO: (no name) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - (no file)
O2 - BHO: (no name) - {CEEBB12F-7E9B-48C4-95B9-E26A202C3198} - (no file)
O2 - BHO: (no name) - {D583D98F-D6E6-4F37-8925-54710BA8DF1F} - (no file)
O2 - BHO: XTTBPos00 - {E014A78F-34DC-4BE5-83BB-58CA12E384B6} - C:\WINDOWS\system32\snop_bho.dll
O2 - BHO: (no name) - {E1440B89-52D9-46EA-B0C0-FC98184F32D9} - (no file)
O2 - BHO: (no name) - {E5D03891-1A23-4C71-A471-47E6628E7A0B} - (no file)
O2 - BHO: (no name) - {E7FB5E7C-096A-475E-82CD-527812F9C5ED} - (no file)
O2 - BHO: (no name) - {F12830A5-7AF2-4E5B-B272-02DBC6A79799} - (no file)
O2 - BHO: (no name) - {F156768E-81EF-470C-9057-481BA8380DBA} - (no file)
O2 - BHO: (no name) - {F96DC37C-E3FC-40C0-8797-40D8651B0878} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\E_S9F.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [etMonitor] C:\WINDOWS\etMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [antispy] C:\Program Files\IEAntiVirus\ANTIVIR.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Iconoid (2).lnk = C:\Program Files\Iconoid\iconoid.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: Thoosje Sidebar.lnk = C:\Program Files\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe
O4 - Startup: Thoosje Vista Sidebar.lnk = C:\Program Files\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Global Startup: Madotate 3D.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -
http://www.gamespy.com
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) -
https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.4.cab
O20 - Winlogon Notify: qoMgfGxY - C:\WINDOWS\SYSTEM32\qoMgfGxY.dll
O20 - Winlogon Notify: rqRKAqqP - rqRKAqqP.dll (file missing)
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VNC Server (winvnc) - Constantin Kaplinsky - C:\Program Files\TightVNC\WinVNC.exe
Afficher la suite