"Your computer is infectef"

Stéphane GOMEZ -  
 crackultime -
Bonjour,

Hier soir, j'ai reçu ce message d'erreur : "Your Computer is infected" en bas à droite près de l'horloge avec une croix dans un rond rouge. J'ai fais plusieurs Scan avec avast et autres logiciels anti-spyware, mais cela n'arrange rien, et
fréquemment un gros message qui s'ouvre m'annonçant que je suis victime d'un spyware (boite de dialogue "xp center infected" + diverses pop-up.

Tous les logiciels ne trouvent aucuns spyware. Comment retirer ces messages
et remettre mon pc en ordre ?

merci d'avances
Configuration: Windows XP
Firefox 3.0.1

22 réponses

  • 1
  • 2
  1. sherred Messages postés 8605 Statut Membre 351
     
    bonjour
    on commence par le comencement
    télecharge ici https://www.clubic.com/telecharger-fiche17891-hijackthis.html

    Lancez HijackThis en double cliquant sur son icône puis cliquez sur le bouton Do a system scan only

    Le rapport est retranscrit aussitôt apres le scan dans une fenêtre de type Bloc-notes
    il suffit de realiser un copier/coller et de le poster dans le forum
    0
  2. sherred Messages postés 8605 Statut Membre 351
     
    pour ne pas perdre de temps
    quand tu aura posté le rapport
    Télécharge Smitfraudfix http://siri.urz.free.fr/Fix/SmitfraudFix.zip
    Décompresse l'archive
    Exécute le en double cliquant sur Smitfraudfix.cmd
    Appuye sur une touche pour continuer
    Arriver à l'invite de commande, saisir la lettre L afin de basculer le fix en langue française
    Au menu, choisir l’option 1 : Recherche
    Poste le rapport ainsi généré dans le forum
    0
  3. djmagicstef
     
    Bonjou,

    Merci de la rapidité de réponse.

    je suis actuellement au travail, je ferais donc le nécessaire ce soir et posterais les rapport ici.

    Stef
    0
  4. Stéphane GOMEZ
     
    je ne sais pas si c'est ça,

    j'ai lancé hijackthis et tout ce que j'ai pus prendre en copier coller c'est ça :

    * Trend Micro HijackThis v2.0.2 *

    See bottom for version history.

    The different sections of hijacking possibilities have been separated into the following groups.
    You can get more detailed information about an item by selecting it from the list of found items OR highlighting the relevant line below, and clicking 'Info on selected item'.

    R - Registry, StartPage/SearchPage changes
    R0 - Changed registry value
    R1 - Created registry value
    R2 - Created registry key
    R3 - Created extra registry value where only one should be
    F - IniFiles, autoloading entries
    F0 - Changed inifile value
    F1 - Created inifile value
    F2 - Changed inifile value, mapped to Registry
    F3 - Created inifile value, mapped to Registry
    N - Netscape/Mozilla StartPage/SearchPage changes
    N1 - Change in prefs.js of Netscape 4.x
    N2 - Change in prefs.js of Netscape 6
    N3 - Change in prefs.js of Netscape 7
    N4 - Change in prefs.js of Mozilla
    O - Other, several sections which represent:
    O1 - Hijack of auto.search.msn.com with Hosts file
    O2 - Enumeration of existing MSIE BHO's
    O3 - Enumeration of existing MSIE toolbars
    O4 - Enumeration of suspicious autoloading Registry entries
    O5 - Blocking of loading Internet Options in Control Panel
    O6 - Disabling of 'Internet Options' Main tab with Policies
    O7 - Disabling of Regedit with Policies
    O8 - Extra MSIE context menu items
    O9 - Extra 'Tools' menuitems and buttons
    O10 - Breaking of Internet access by New.Net or WebHancer
    O11 - Extra options in MSIE 'Advanced' settings tab
    O12 - MSIE plugins for file extensions or MIME types
    O13 - Hijack of default URL prefixes
    O14 - Changing of IERESET.INF
    O15 - Trusted Zone Autoadd
    O16 - Download Program Files item
    O17 - Domain hijack
    O18 - Enumeration of existing protocols and filters
    O19 - User stylesheet hijack
    O20 - AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys
    O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
    O22 - SharedTaskScheduler autorun Registry key
    O23 - Enumeration of NT Services
    O24 - Enumeration of ActiveX Desktop Components

    Command-line parameters:
    * /autolog - automatically scan the system, save a logfile and open it
    * /ihatewhitelists - ignore all internal whitelists
    * /uninstall - remove all HijackThis Registry entries, backups and quit
    * /silentautuolog - the same as /autolog, except with no required user intervention

    * Version history *

    [v2.00.0]
    * AnalyzeThis added for log file statistics
    * Recognizes Windows Vista and IE7
    * Fixed a few bugs in the O23 method
    * Fixed a bug in the O22 method (SharedTaskScheduler)
    * Did a few tweaks on the log format
    * Fixed and improved ADS Spy
    * Improved Itty Bitty Procman (processes are frozen before they are killed)
    * Added listing of O4 autoruns from other users
    * Added listing of the Policies Run items in O4 method, used by SmitFraud trojan
    * Added /silentautolog parameter for system admins
    * Added /deleteonreboot [file] parameter for system admins
    * Added O24 - ActiveX Desktop Components enumeration
    * Added Enhanced Security Confirguration (ESC) Zones to O15 Trusted Sites check
    [v1.99.1]
    * Added Winlogon Notify keys to O20 listing
    * Fixed crashing bug on certain Win2000 and WinXP systems at O23 listing
    * Fixed lots and lots of 'unexpected error' bugs
    * Fixed lots of inproper functioning bugs (i.e. stuff that didn't work)
    * Added 'Delete NT Service' function in Misc Tools section
    * Added ProtocolDefaults to O15 listing
    * Fixed MD5 hashing not working
    * Fixed 'ISTSVC' autorun entries with garbage data not being fixed
    * Fixed HijackThis uninstall entry not being updated/created on new versions
    * Added Uninstall Manager in Misc Tools to manage 'Add/Remove Software' list
    * Added option to scan the system at startup, then show results or quit if nothing found
    [v1.99]
    * Added O23 (NT Services) in light of newer trojans
    * Integrated ADS Spy into Misc Tools section
    * Added 'Action taken' to info in 'More info on this item'
    [v1.98]
    * Definitive support for Japanese/Chinese/Korean systems
    * Added O20 (AppInit_DLLs) in light of newer trojans
    * Added O21 (ShellServiceObjectDelayLoad, SSODL) in light of newer trojans
    * Added O22 (SharedTaskScheduler) in light of newer trojans
    * Backups of fixed items are now saved in separate folder
    * HijackThis now checks if it was started from a temp folder
    * Added a small process manager (Misc Tools section)
    [v1.96]
    * Lots of bugfixes and small enhancements! Among others:
    * Fix for Japanese IE toolbars
    * Fix for searchwww.com fake CLSID trick in IE toolbars and BHO's
    * Attributes on Hosts file will now be restored when scanning/fixing/restoring it.
    * Added several files to the LSP whitelist
    * Fixed some issues with incorrectly re-encrypting data, making R0/R1 go undetected until a restart
    * All sites in the Trusted Zone are now shown, with the exception of those on the nonstandard but safe domain list
    [v1.95]
    * Added a new regval to check for from Whazit hijack (Start Page_bak).
    * Excluded IE logo change tweak from toolbar detection (BrandBitmap and SmBrandBitmap).
    * New in logfile: Running processes at time of scan.
    * Checkmarks for running StartupList with /full and /complete in HijackThis UI.
    * New O19 method to check for Datanotary hijack of user stylesheet.
    * Google.com IP added to whitelist for Hosts file check.
    [v1.94]
    * Fixed a bug in the Check for Updates function that could cause corrupt downloads on certain systems.
    * Fixed a bug in enumeration of toolbars (Lop toolbars are now listed!).
    * Added imon.dll, drwhook.dll and wspirda.dll to LSP safelist.
    * Fixed a bug where DPF could not be deleted.
    * Fixed a stupid bug in enumeration of autostarting shortcuts.
    * Fixed info on Netscape 6/7 and Mozilla saying '%shitbrowser%' (oops).
    * Fixed bug where logfile would not auto-open on systems that don't have .log filetype registered.
    * Added support for backing up F0 and F1 items (d'oh!).
    [v1.93]
    * Added mclsp.dll (McAfee), WPS.DLL (Sygate Firewall), zklspr.dll (Zero Knowledge) and mxavlsp.dll (OnTrack) to LSP safelist.
    * Fixed a bug in LSP routine for Win95.
    * Made taborder nicer.
    * Fixed a bug in backup/restore of IE plugins.
    * Added UltimateSearch hijack in O17 method (I think).
    * Fixed a bug with detecting/removing BHO's disabled by BHODemon.
    * Also fixed a bug in StartupList (now version 1.52.1).
    [v1.92]
    * Fixed two stupid bugs in backup restore function.
    * Added DiamondCS file to LSP files safelist.
    * Added a few more items to the protocol safelist.
    * Log is now opened immediately after saving.
    * Removed rd.yahoo.com from NSBSD list (spammers are starting to use this, no doubt spyware authors will follow).
    * Updated integrated StartupList to v1.52.
    * In light of SpywareNuker/BPS Spyware Remover, any strings relevant to reverse-engineers are now encrypted.
    * Rudimentary proxy support for the Check for Updates function.
    [v1.91]
    * Added rd.yahoo.com to the Nonstandard But Safe Domains list.
    * Added 8 new protocols to the protocol check safelist, as well as showing the file that handles the protocol in the log (O18).
    * Added listing of programs/links in Startup folders (O4).
    * Fixed 'Check for Update' not detecting new versions.
    [v1.9]
    * Added check for Lop.com 'Domain' hijack (O17).
    * Bugfix in URLSearchHook (R3) fix.
    * Improved O1 (Hosts file) check.
    * Rewrote code to delete BHO's, fixing a really nasty bug with orphaned BHO keys.
    * Added AutoConfigURL and proxyserver checks (R1).
    * IE Extensions (Button/Tools menuitem) in HKEY_CURRENT_USER are now also detected.
    * Added check for extra protocols (O18).
    [v1.81]
    * Added 'ignore non-standard but safe domains' option.
    * Improved Winsock LSP hijackers detection.
    * Integrated StartupList updated to v1.4.
    [v1.8]
    * Fixed a few bugs.
    * Adds detecting of free.aol.com in Trusted Zone.
    * Adds checking of URLSearchHooks key, which should have only one value.
    * Adds listing/deleting of Download Program Files.
    * Integrated StartupList into the new 'Misc Tools' section of the Config screen!
    [v1.71]
    * Improves detecting of O6.
    * Some internal changes/improvements.
    [v1.7]
    * Adds backup function! Yay!
    * Added check for default URL prefix
    * Added check for changing of IERESET.INF
    * Added check for changing of Netscape/Mozilla homepage and default search engine.
    [v1.61]
    * Fixes Runtime Error when Hosts file is empty.
    [v1.6]
    * Added enumerating of MSIE plugins
    * Added check for extra options in 'Advanced' tab of 'Internet Options'.
    [v1.5]
    * Adds 'Uninstall & Exit' and 'Check for update online' functions.
    * Expands enumeration of autoloading Registry entries (now also scans for .vbs, .js, .dll, rundll32 and service)
    [v1.4]
    * Adds repairing of broken Internet access (aka Winsock or LSP fix) by New.Net/WebHancer
    * A few bugfixes/enhancements
    [v1.3]
    * Adds detecting of extra MSIE context menu items
    * Added detecting of extra 'Tools' menu items and extra buttons
    * Added 'Confirm deleting/ignoring items' checkbox
    [v1.2]
    * Adds 'Ignorelist' and 'Info' functions
    [v1.1]
    * Supports BHO's, some default URL changes
    [v1.0]
    * Original release

    A good thing to do after version updates is clear your Ignore list and re-add them, as the format of detected items sometimes changes.

    Je fais la suite avec Smitfraudfix et je poste le rapport
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Stéphane GOMEZ
     
    help : dans le fichier Smitfraudfix, une fois décompressé, je n'ai pas de "Smitfraudfix.cmd"

    je dois faire comment ?
    0
  7. Stéphane GOMEZ
     
    C'est bon, j'ai le rapport

    SmitFraudFix v2.333

    Rapport fait à 19:49:36,57, 05/08/2008
    Executé à partir de D:\Program Files\Mozilla Thunderbird\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\Windows Defender\MsMpEng.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    c:\Program Files\CDBurnerXP\NMSAccessU.exe
    D:\WINDOWS\system32\IoctlSvc.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    D:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    D:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    D:\WINDOWS\system32\braviax.exe
    D:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\RocketDock\RocketDock.exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\Program Files\Skype\Phone\Skype.exe
    C:\program files\steam\steam.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    D:\Program Files\IdiomaX\Translation Assistant 4.0\TrasWord.exe
    D:\Program Files\Skype\Plugin Manager\skypePM.exe
    D:\Program Files\Mozilla Thunderbird\thunderbird.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\eMule\emule.exe
    D:\Program Files\Mozilla Thunderbird\SmitfraudFix\Policies.exe
    D:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    Fichier hosts corrompu !

    127.0.0.1 channels.lockergnome.com
    127.0.0.1 mobile.lockergnome.com
    127.0.0.1 microsoft.com.org
    127.0.0.1 legal-at-spybot.info
    127.0.0.1 www.legal-at-spybot.info

    »»»»»»»»»»»»»»»»»»»»»»»» D:\

    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\St‚phane GOMEZ

    »»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\St‚phane GOMEZ\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\STPHAN~1\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» D:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="D:\\WINDOWS\\system32\\userinit.exe,"
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Rustock

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 212.27.54.252
    DNS Server Search Order: 212.27.53.252

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{350E771A-A195-41D2-8F0D-1CC2D6641851}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{350E771A-A195-41D2-8F0D-1CC2D6641851}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{350E771A-A195-41D2-8F0D-1CC2D6641851}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    j'attends vos conseil pourl a suite

    et encore merci pour votre aide :-)
    0
  8. sherred Messages postés 8605 Statut Membre 351
     
    bonjour stéphane
    pour hijack c'est pas ce que jai demandé
    tu a du cliquer sur info
    donc je reprecise clique sur le bouton Do a system scan only
    le scan de hijack va s'afficher et une copie sous forme de fichier bloc note
    que tu peu encore retrouver sous le nom de hijackthis.log
    normalement ici C:\Program Files\Trend Micro\HijackThis\
    fait un clic droit dessus et fait " ouvrir avec" puis choisi le bloc note
    fait un copier collé
    et reposte le
    ensuite
    démarre en mode sans échec sans prise en charge du réseau"tapote la touche F8 au démarrage"

    Lance de nouveau SmitfraudFix et choisi l’option 2 en répondant OUI (o) à la question qui te sera posée

    0
  9. sherred Messages postés 8605 Statut Membre 351
     
    aprés tu refait un hijack merci

    0
  10. Stéphane GOMEZ
     
    Je pense que c'est ça :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 07:25:52, on 06/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20815)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\Windows Defender\MsMpEng.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    c:\Program Files\CDBurnerXP\NMSAccessU.exe
    D:\WINDOWS\system32\IoctlSvc.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Windows Defender\MSASCui.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    D:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    D:\WINDOWS\system32\braviax.exe
    D:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\RocketDock\RocketDock.exe
    D:\Program Files\Skype\Phone\Skype.exe
    C:\program files\steam\steam.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
    D:\Program Files\IdiomaX\Translation Assistant 4.0\TrasWord.exe
    D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    D:\Program Files\Skype\Plugin Manager\skypePM.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\WINDOWS\system32\wuauclt.exe
    C:\Dans ton Cul !!!\Telecharger d'internet\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O1 - Hosts: ::1 localhost
    O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - D:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O3 - Toolbar: (no name) - {8A11BBE3-E0B5-40FB-9D86-E08A52B51B47} - (no file)
    O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
    O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
    O4 - HKLM\..\Run: [Vistadrv] C:\Windows\system32\Vistadrive\vsdrv.exe
    O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
    O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Program Files\WebcamMax\wcmmon.exe" /a
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [H„„„„„„„„„„‚‚‚‚‚‚exe] H„„„„„„„„„„‚‚‚‚‚‚exe
    O4 - HKLM\..\Run: [ H„„„„„„„„„„‚‚‚‚‚‚exe] H„„„„„„„„„„‚‚‚‚‚‚exe
    O4 - HKLM\..\Run: [] øexe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [braviax] D:\WINDOWS\system32\braviax.exe
    O4 - HKLM\..\Run: [XP SecurityCenter] "D:\Program Files\XPSecurityCenter\XPSecurityCenter.exe" /hide
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [H„„„„„„„„„„‚‚‚‚‚‚exe] H„„„„„„„„„„‚‚‚‚‚‚exe
    O4 - HKCU\..\Run: [ H„„„„„„„„„„‚‚‚‚‚‚exe] H„„„„„„„„„„‚‚‚‚‚‚exe
    O4 - HKCU\..\Run: [] øexe
    O4 - HKCU\..\Run: [braviax] D:\WINDOWS\system32\braviax.exe
    O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
    O4 - Global Startup: Assistant de traduction IdiomaX.lnk = D:\Program Files\IdiomaX\Translation Assistant 4.0\TrasWord.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\office\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\office\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O15 - Trusted Zone: https://imageshack.com/
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O21 - SSODL: xokvrpwg - {AD0AA912-C771-479C-9D0A-8D681CA5AB9E} - D:\WINDOWS\xokvrpwg.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Boonty Games - BOONTY - D:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: NMSAccessU - Unknown owner - c:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - D:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - D:\Program Files\Viewpoint\Common\ViewpointService.exe
    0
  11. sherred Messages postés 8605 Statut Membre 351
     
    bon bah ya du boulot

    suit bien ceci

    Ouvre le bloc note et copie/colle dans ce bloc note ce qui suit.
    del D:\WINDOWS\system32\braviax.exe
    del D:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

    enregistre le sous le nom de delbrav.bat sur ton bureau

    en mode sans echec
    tu redemarre hijack
    tu coche
    O4 - HKLM\..\Run: [braviax] D:\WINDOWS\system32\braviax.exe
    O4 - HKCU\..\Run: [braviax] D:\WINDOWS\system32\braviax.exe
    O23 - Service: Boonty Games - BOONTY - D:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    D:\WINDOWS\system32\braviax.exe

    puis tu clic 2fois sur delbrav.bat

    tu redemarre en normale et tu me reposte un rapport hijack

    0
  12. Utilisateur anonyme
     
    bonjour a vous

    pour suivre tres interessant ce topic

    bon courage

    a+
    0
  13. sherred Messages postés 8605 Statut Membre 351
     
    ton aide est la bien venue

    je ne suis pas a l'abris d'erreur
    et je crois qu'il y a un beau bordel

    merci
    0
  14. Utilisateur anonyme
     
    je pense que xp est piraté et qu'il y a une infection msn
    0
    1. sherred Messages postés 8605 Statut Membre 351
       
      c'est quoi ces lignes ?
      O4 - HKLM\..\Run: [H„„„„„„„„„„������‚‚‚‚‚‚exe]         
      0
  15. Stéphane GOMEZ
     
    Je te fais ça ce soir en rentrant du boulot !

    Non, XP n'est pas piraté, il m'a été fourni lorsque j'ai acheté mon pc sur "rueducommerce".

    En ce qui concerne les lignes bizarres, c'est comme ça qu'elles étaient notées dans le rapport (bloc note)

    merci encore
    0
  16. Utilisateur anonyme
     
    ok

    mais j'ai vu cela

    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')

    c'est pour cela que j'ai poser la question c'est tout

    bon courage
    0
  17. Stéphane GOMEZ
     
    J'avoue que je ne comprends rien à tout ce qui est marqué dans les rapports et à quoi cela correspond donc excusez mon ignorance :-)

    stef
    0
  18. Stéphane GOMEZ
     
    Voici le rapport

    J'espère que ce n'est pas si désastreux et que l'on va enfin sortir de ce merdier !

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:03:11, on 06/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20815)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\Windows Defender\MsMpEng.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    c:\Program Files\CDBurnerXP\NMSAccessU.exe
    D:\WINDOWS\system32\IoctlSvc.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Windows Defender\MSASCui.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    D:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    D:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\RocketDock\RocketDock.exe
    D:\Program Files\Skype\Phone\Skype.exe
    C:\program files\steam\steam.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
    D:\Program Files\IdiomaX\Translation Assistant 4.0\TrasWord.exe
    D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    D:\Program Files\Skype\Plugin Manager\skypePM.exe
    D:\WINDOWS\system32\wuauclt.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O1 - Hosts: ::1 localhost
    O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - D:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O3 - Toolbar: (no name) - {8A11BBE3-E0B5-40FB-9D86-E08A52B51B47} - (no file)
    O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
    O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
    O4 - HKLM\..\Run: [Vistadrv] C:\Windows\system32\Vistadrive\vsdrv.exe
    O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
    O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Program Files\WebcamMax\wcmmon.exe" /a
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [] øexe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [XP SecurityCenter] "D:\Program Files\XPSecurityCenter\XPSecurityCenter.exe" /hide
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [H„„„„„„„„„„‚‚‚‚‚‚exe] H„„„„„„„„„„‚‚‚‚‚‚exe
    O4 - HKCU\..\Run: [ H„„„„„„„„„„‚‚‚‚‚‚exe] H„„„„„„„„„„‚‚‚‚‚‚exe
    O4 - HKCU\..\Run: [] øexe
    O4 - HKCU\..\Run: [braviax] D:\WINDOWS\system32\braviax.exe
    O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
    O4 - Global Startup: Assistant de traduction IdiomaX.lnk = D:\Program Files\IdiomaX\Translation Assistant 4.0\TrasWord.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\office\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\office\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O15 - Trusted Zone: https://imageshack.com/
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O21 - SSODL: xokvrpwg - {AD0AA912-C771-479C-9D0A-8D681CA5AB9E} - D:\WINDOWS\xokvrpwg.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: NMSAccessU - Unknown owner - c:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - D:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - D:\Program Files\Viewpoint\Common\ViewpointService.exe
    0
  19. sherred Messages postés 8605 Statut Membre 351
     
    bon c'est pas gagné
    1)................................................................................................
    Télécharge OTMoveIt2 sur ton bureau http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
    Double-clique sur OTMoveIt.exe pour lancer le programme,
    Copie la ligne ci-dessous et colle-la dans la fenêtre du programme "Paste Custom List of Files/Folders to Move"

    D:\WINDOWS\system32\braviax.exe

    Clique sur MoveIt! pour lancer la suppression,
    Le résultat appraraîtra dans le cadre Results.
    Clique sur Exit pour fermer le programme.
    2)................................................................................................
    Télécharge combofix.exe sur ton Bureau.

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Redémarre ton PC en mode sans échec.
    Double clique combofix.exe.
    Tape sur la touche 1 (Yes) pour démarrer le scan.
    Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
    3.......................................................................................................

    MalwareBytes' Anti-Malware

    Passe un coup de MalwareBytes' Anti-Malware : met-le à jour avant, puis effectue le scan en( mode sans échec) et nettoye tout ce qu'il trouve.
    http://site-naheulbeuk.com/
    Tuto : http://mickael.barroux.free.fr/securite/malwarebytes.php
    4............................................................................
    reposte un rapport Hijack
    0
  20. Stéphane GOMEZ
     
    Rapport combofix

    ComboFix 08-08-06.02 - Administrateur 2008-08-07 7:23:22.1 - NTFSx86 MINIMAL
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1763 [GMT 2:00]
    Endroit: C:\Dans ton Cul !!!\Telecharger d'internet\ComboFix.exe

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    [color=red]D:\WINDOWS\system32\dllcache\beep.sys[/color]
    [color=red]D:\WINDOWS\system32\drivers\beep.sys[/color]
    D:\Documents and Settings\All Users\Menu Démarrer\Programmes\XPSecurityCenter
    D:\Documents and Settings\All Users\Menu Démarrer\Programmes\XPSecurityCenter\Uninstall.lnk
    D:\Documents and Settings\All Users\Menu Démarrer\Programmes\XPSecurityCenter\XPSecurityCenter.lnk
    D:\Documents and Settings\Stéphane GOMEZ\Local Settings\Temporary Internet Files\iduramito.lib
    D:\Program Files\PCHealthCenter
    D:\Program Files\PCHealthCenter\[u]0[/u].exe
    D:\Program Files\PCHealthCenter\[u]0[/u].gif
    D:\Program Files\PCHealthCenter\1.exe
    D:\Program Files\PCHealthCenter\1.gif
    D:\Program Files\PCHealthCenter\2.exe
    D:\Program Files\PCHealthCenter\2.gif
    D:\Program Files\PCHealthCenter\3.exe
    D:\Program Files\PCHealthCenter\3.gif
    D:\Program Files\PCHealthCenter\4.exe
    D:\Program Files\PCHealthCenter\5.exe
    D:\Program Files\PCHealthCenter\7.exe
    D:\Program Files\PCHealthCenter\sex1.ico
    D:\Program Files\PCHealthCenter\sex2.ico
    D:\Program Files\VAV
    D:\Program Files\VAV\vav.cpl
    D:\Program Files\VAV\vav.ooo
    D:\Program Files\VAV\vav0.dat
    D:\Program Files\VAV\vav1.dat
    D:\Program Files\XPSecurityCenter
    D:\Program Files\XPSecurityCenter\data\daily.cvd
    D:\Program Files\XPSecurityCenter\htmlayout.dll
    D:\Program Files\XPSecurityCenter\install.exe
    D:\Program Files\XPSecurityCenter\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
    D:\Program Files\XPSecurityCenter\Microsoft.VC80.CRT\msvcm80.dll
    D:\Program Files\XPSecurityCenter\Microsoft.VC80.CRT\msvcp80.dll
    D:\Program Files\XPSecurityCenter\Microsoft.VC80.CRT\msvcr80.dll
    D:\Program Files\XPSecurityCenter\pthreadVC2.dll
    D:\Program Files\XPSecurityCenter\un.ico
    D:\Program Files\XPSecurityCenter\unzip32.dll
    D:\Program Files\XPSecurityCenter\wscui.cpl
    D:\Program Files\XPSecurityCenter\XP_SecurityCenter.cfg
    D:\Program Files\XPSecurityCenter\XPSecurityCenter.dll
    D:\WINDOWS\ebdx.exe
    D:\WINDOWS\system32\dllcache\figaro.sys
    D:\WINDOWS\system32\ljJDVnlK.dll
    D:\WINDOWS\system32\sex2.ico

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_TDSSSERV
    -------\Service_tdssserv

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-07 to 2008-08-07 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-07 07:29 . 2008-08-07 07:29 <REP> d-------- D:\WINDOWS\system32\xircom
    2008-08-07 07:29 . 2008-08-07 07:29 <REP> d-------- D:\WINDOWS\system32\oobe
    2008-08-07 07:29 . 2008-08-07 07:29 <REP> d-------- D:\Program Files\microsoft frontpage
    2008-08-05 19:50 . 2008-08-06 07:35 5,292 --a------ D:\WINDOWS\system32\tmp.reg
    2008-08-04 23:33 . 2007-01-18 14:00 3,968 --a------ D:\WINDOWS\system32\drivers\AvgArCln.sys
    2008-08-04 23:26 . 2008-08-04 23:26 19,591 --a------ D:\Documents and Settings\All Users\Application Data\ybeso.scr
    2008-08-04 21:01 . 2008-08-04 21:07 217 --a------ D:\WINDOWS\system32\tdssservers.da_
    2008-08-04 20:25 . 2008-08-04 21:07 32,768 --a------ D:\WINDOWS\system32\tdssadw.dl_
    2008-08-04 20:25 . 2008-08-04 21:07 10,240 --a------ D:\WINDOWS\system32\tdsslog.dl_
    2008-08-04 20:25 . 2008-08-04 21:07 9,216 --a------ D:\WINDOWS\system32\tdssmain.dl_
    2008-08-04 20:25 . 2008-08-04 23:35 7,652 --a------ D:\WINDOWS\system32\tdssinit.dl_
    2008-08-04 20:24 . 2008-08-04 21:07 32,768 --a------ D:\WINDOWS\system32\drivers\tdssserv.sy_
    2008-08-04 20:24 . 2008-08-04 21:07 14,848 --a------ D:\WINDOWS\system32\tdssl.dl_
    2008-08-04 20:23 . 2008-08-04 18:24 86,016 --a------ D:\WINDOWS\lnvegaow.exe
    2008-08-04 20:11 . 2008-08-04 20:11 244 --ah----- D:\sqmnoopt02.sqm
    2008-08-04 20:11 . 2008-08-04 20:11 232 --ah----- D:\sqmdata02.sqm
    2008-08-03 00:09 . 2008-08-03 00:09 <REP> d-------- D:\Program Files\Apple Software Update
    2008-08-03 00:09 . 2008-08-03 00:09 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Apple
    2008-07-31 22:29 . 2004-03-29 17:23 90,112 --a------ D:\WINDOWS\unvise32.exe
    2008-07-25 10:00 . 2008-07-25 10:00 <REP> d-------- D:\Documents and Settings\Choupette\Application Data\Nero
    2008-07-25 08:48 . 2008-06-20 12:44 360,960 --------- D:\WINDOWS\system32\dllcache\tcpip.sys
    2008-07-25 08:48 . 2008-06-20 19:37 247,808 --------- D:\WINDOWS\system32\dllcache\mswsock.dll
    2008-07-25 08:48 . 2008-06-20 11:32 225,920 --------- D:\WINDOWS\system32\dllcache\tcpip6.sys
    2008-07-25 08:48 . 2008-06-20 12:44 138,368 --------- D:\WINDOWS\system32\dllcache\afd.sys
    2008-07-25 08:48 . 2006-08-16 14:13 100,352 --------- D:\WINDOWS\system32\dllcache\6to4svc.dll
    2008-07-23 21:58 . 2008-08-06 00:16 69 --a------ D:\WINDOWS\NeroDigital.ini
    2008-07-23 21:44 . 2008-07-23 21:44 <REP> d-------- D:\Program Files\NeroInstall.bak
    2008-07-23 15:00 . 2008-07-31 21:00 54,156 --ah----- D:\WINDOWS\QTFont.qfn
    2008-07-23 15:00 . 2008-07-23 15:00 1,409 --a------ D:\WINDOWS\QTFont.for
    2008-07-22 20:55 . 2007-04-09 13:23 28,040 --a------ D:\WINDOWS\system32\mdimon.dll
    2008-07-22 20:53 . 2008-07-22 20:54 <REP> d-------- D:\WINDOWS\SHELLNEW
    2008-07-22 20:53 . 2008-07-22 20:53 <REP> d-------- D:\Program Files\Microsoft.NET
    2008-07-21 17:53 . 2008-07-21 17:53 <REP> d-------- D:\Documents and Settings\All Users\Application Data\MumboJumbo
    2008-07-21 16:08 . 2008-07-21 16:08 8,192 --a------ D:\WINDOWS\REGLOCS.OLD

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-07 05:04 --------- d-----w D:\Program Files\Mozilla Thunderbird
    2008-08-04 21:26 17,732 ----a-w D:\WINDOWS\miqyd.bat
    2008-08-04 21:26 16,956 ----a-w D:\WINDOWS\jogo.pif
    2008-08-04 21:26 16,910 ----a-w D:\WINDOWS\migem.vbs
    2008-08-04 21:26 12,056 ----a-w D:\WINDOWS\agexit.bin
    2008-08-04 21:26 10,787 ----a-w D:\WINDOWS\bekexo.vbs
    2008-08-04 18:49 --------- d-----w D:\Documents and Settings\Choupette\Application Data\Skype
    2008-08-04 18:22 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-08-04 16:35 --------- d-----w D:\Documents and Settings\Choupette\Application Data\skypePM
    2008-08-02 22:10 --------- d-----w D:\Program Files\QT Lite
    2008-07-31 14:54 --------- d-----w D:\Documents and Settings\All Users\Application Data\TrackMania
    2008-07-24 13:52 --------- d-----w D:\Program Files\Vimicro
    2008-07-23 19:42 --------- d-----w D:\Program Files\Fichiers communs\Nero
    2008-07-23 19:40 --------- d-----w D:\Documents and Settings\All Users\Application Data\Nero
    2008-07-22 18:53 --------- d-----w D:\Program Files\Windows Messaging
    2008-07-21 09:20 --------- d-----w D:\Program Files\Java
    2008-07-05 20:53 --------- d--h--w D:\Program Files\InstallShield Installation Information
    2008-07-05 19:17 --------- d-----w D:\Program Files\Fichiers communs\InstallShield
    2008-07-02 16:39 --------- d-----w D:\Program Files\Windows Live Safety Center
    2008-06-20 10:44 360,960 ----a-w D:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 10:44 138,368 ----a-w D:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 09:32 225,920 ----a-w D:\WINDOWS\system32\drivers\tcpip6.sys
    2008-06-19 18:33 --------- d-----w D:\Documents and Settings\Choupette\Application Data\Syntrillium
    2008-06-17 05:27 --------- d-----w D:\Program Files\Fichiers communs\IdiomaX Uninstall
    2008-06-17 05:27 --------- d-----w D:\Program Files\Fichiers communs\IdiomaX Shared
    2008-06-17 05:26 --------- d-----w D:\Program Files\IdiomaX
    2008-06-14 17:59 272,768 ------w D:\WINDOWS\system32\drivers\bthport.sys
    2008-06-07 19:22 --------- d-----w D:\Documents and Settings\All Users\Application Data\Codemasters
    2008-06-07 14:45 --------- d-----w D:\Program Files\OpenAL
    2008-04-07 21:24 15,397 -c--a-w D:\Program Files\settings.dat
    2008-02-03 21:38 32 ----a-w D:\Documents and Settings\All Users\Application Data\ezsid.dat
    2006-05-03 10:06 163,328 --sh--r D:\WINDOWS\system32\flvDX.dll
    2007-02-21 11:47 31,232 --sh--r D:\WINDOWS\system32\msfDX.dll
    2007-12-17 13:43 27,648 --sh--w D:\WINDOWS\system32\Smab0.dll
    2008-02-04 19:26 151,040 --sh--w D:\WINDOWS\system32\VistaUltm.dll
    .

    ------- Sigcheck -------

    2007-12-18 04:04 507904 fb66744d525ea5df9a719f1db9b2dff4 D:\WINDOWS\system32\winlogon.exe

    2007-12-18 04:04 182656 bc84c4f67d0e880b0c46dc0ce2b8cbaa D:\WINDOWS\system32\drivers\ndis.sys

    2007-12-18 04:04 2437632 61381c1b4c0374569fbbf20ff9be199c D:\WINDOWS\system32\ntkrnlpa.exe

    2007-12-18 04:04 2302976 eb0349334ecad45736daf747222b0f0d D:\WINDOWS\system32\ntoskrnl.exe

    2007-12-18 04:04 1789952 addc47dfd517f2143d71e9310e414b50 D:\WINDOWS\explorer.exe

    2007-12-18 04:04 25088 43836cffabac8d6779e8ee55e308df2c D:\WINDOWS\system32\ctfmon.exe
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "H„„„„„„„„„„‚‚‚‚‚‚exe"=" H„„„„„„„„„„‚‚‚‚‚‚exe" [X]
    " H„„„„„„„„„„‚‚‚‚‚‚exe"=" H„„„„„„„„„„‚‚‚‚‚‚exe" [X]
    "ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2007-12-18 04:04 25088]
    "RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-03-19 01:05 630784]
    "Skype"="D:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]
    "Steam"="c:\program files\steam\steam.exe" [2008-03-28 08:07 1271032]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
    "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 17:07 1828136]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
    "WebcamMaxMoniter"="C:\Program Files\WebcamMax\wcmmon.exe" [2007-09-16 07:15 450048]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
    "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]
    "NeroFilterCheck"="D:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
    "RTHDCPL"="RTHDCPL.EXE" [2007-06-13 15:49 16377344 D:\WINDOWS\RTHDCPL.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "nltide_2"="shell32" [X]
    "TSClientMSIUninstaller"="D:\WINDOWS\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-12-18 04:04 12451]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoUserNameInStartMenu"= 1 (0x1)
    "NoSMHelp"= 1 (0x1)
    "ForceClassicControlPanel"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoUserNameInStartMenu"= 1 (0x1)
    "NoSMHelp"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.I420"= i420vfw.dll
    "VIDC.ACDV"= ACDV.dll
    "VIDC.YV12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "D:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "D:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\TrackMania United\\TmUnited.exe"=
    "D:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\TmUnitedForever\\TmForever.exe"=
    "C:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
    "D:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe"=
    "C:\\Program Files\\Adobe\\Adobe After Effects CS3\\Support Files\\AfterFX.exe"=
    "D:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    R0 Si3124;Si3124;D:\WINDOWS\system32\drivers\Si3124.sys [2007-12-18 04:04]
    R0 Si3132r5;Si3132r5;D:\WINDOWS\system32\drivers\Si3132r5.sys [2007-12-18 04:04]
    R0 Si3531;Si3531;D:\WINDOWS\system32\drivers\Si3531.sys [2007-12-18 04:04]
    R1 aswSP;avast! Self Protection;D:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
    R2 aswFsBlk;aswFsBlk;D:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
    R2 NMSAccessU;NMSAccessU;c:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 09:34]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;D:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 23:38]
    R3 usbstor;Pilote de stockage de masse USB;D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 01:58]
    S2 CamthWDM;WebcamMax, WDM Video Capture;D:\WINDOWS\system32\DRIVERS\CamthWDM.sys [2007-10-06 10:38]
    S3 usbscan;Pilote de scanneur USB;D:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    S4 Boonty Games;Boonty Games;D:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2008-05-25 23:15]

    *Newly Created Service* - HELPSVC
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

    2008-08-06 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - D:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

    2008-08-07 D:\WINDOWS\Tasks\MP Scheduled Scan.job
    - D:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 20:20]
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-SaveLinksOrder - (no file)
    Toolbar-Locked - (no file)
    Toolbar-{8A11BBE3-E0B5-40FB-9D86-E08A52B51B47} - (no file)
    Toolbar-ITBarLayout - (no file)
    Toolbar-ITBarLayout - (no file)
    Toolbar-ITBar7Layout - (no file)
    Toolbar-ITBar7Position - (no file)
    HKCU-Run-| - (no file)
    HKLM-Run-Sidebar - C:\Program Files\Windows Sidebar\sidebar.exe
    HKLM-Run-UberIcon - C:\Program Files\UberIcon\UberIcon Manager.exe
    HKLM-Run-VisualTaskTips - C:\Windows\System32\VisualTaskTips.exe
    HKLM-Run-Vistadrv - C:\Windows\system32\Vistadrive\vsdrv.exe
    HKLM-Run-Styler - C:\Program Files\styler\Styler.exe
    HKLM-Run-XP SecurityCenter - D:\Program Files\XPSecurityCenter\XPSecurityCenter.exe
    HKLM-Run-| - (no file)

    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - D:\Documents and Settings\Stéphane GOMEZ\Application Data\Mozilla\Firefox\Profiles\p70frfya.default\

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-07 07:31:02
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: D:\WINDOWS\explorer.exe
    -> C:\Program Files\RocketDock\RocketDock.dll
    -> ?:\WINDOWS\System32\CSCDLL.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    D:\WINDOWS\system32\ati2evxx.exe
    D:\Program Files\Windows Defender\MsMpEng.exe
    D:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    D:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    D:\WINDOWS\system32\IoctlSvc.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    D:\Program Files\IdiomaX\Translation Assistant 4.0\TrasWord.exe
    D:\Program Files\Skype\Plugin Manager\skypePM.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-07 7:34:31 - machine was rebooted [St‚phane GOMEZ]
    ComboFix-quarantined-files.txt 2008-08-07 05:34:28

    Pre-Run: 2,694,410,240 octets libres
    Post-Run: 3,082,665,984 octets libres

    281 --- E O F --- 2008-08-07 01:54:35
    0
  21. Stéphane GOMEZ
     
    Rapport Hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 07:37, on 2008-08-07
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20815)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\Windows Defender\MsMpEng.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    c:\Program Files\CDBurnerXP\NMSAccessU.exe
    D:\WINDOWS\system32\IoctlSvc.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    D:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    D:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\RocketDock\RocketDock.exe
    D:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    D:\Program Files\IdiomaX\Translation Assistant 4.0\TrasWord.exe
    D:\Program Files\Skype\Plugin Manager\skypePM.exe
    D:\WINDOWS\explorer.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - D:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Program Files\WebcamMax\wcmmon.exe" /a
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [H„„„„„„„„„„‚‚‚‚‚‚exe] H„„„„„„„„„„‚‚‚‚‚‚exe
    O4 - HKCU\..\Run: [ H„„„„„„„„„„‚‚‚‚‚‚exe] H„„„„„„„„„„‚‚‚‚‚‚exe
    O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
    O4 - Global Startup: Assistant de traduction IdiomaX.lnk = D:\Program Files\IdiomaX\Translation Assistant 4.0\TrasWord.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\office\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\office\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O15 - Trusted Zone: https://imageshack.com/
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Indexing Service (CiSvc) - Unknown owner - D:\WINDOWS\system32\cisvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: NMSAccessU - Unknown owner - c:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - D:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - D:\Program Files\Viewpoint\Common\ViewpointService.exe
    0
    1. sherred Messages postés 8605 Statut Membre 351
       
      bon bah voila une chose qu'elle est bonne
      continue avec les conseils de shion-ares,
      tiens moi au courant de l'évolution
      0
  • 1
  • 2