TR/DLDR.Fraudloa.NC probleme

Résolu
BoBby_SpOKe -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour, j'ai eu le virus antivirus xp 2008 hier soir, et j'ai du utiliser un autre ordinateur pour télécharger malwarebytes , que j'ai transféré par clé usb sur mon pc infecté (chaque recherche internet était redirigée vers un site bidon). je n'ai plus l'antivirus xp 2008 après utilisation de malwarebytes, mais a la place, mon antivirus (avira antivir) détecte TR/DLDR.Fraudloa.NC a chaque démarrage de page internet. J'ai lancé hijackthis, mais je voudrais savoir quoi faire. Merci d'avance

PS: voici le rapport Hijackthis après avoir fait un system scan + log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:24:55, on 30/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe­
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 222.111.150.111 gwgt1.joymax.com
O1 - Hosts: 121.128.133.26 gwgt1.joymax.com
O1 - Hosts: 121.128.133.27 gwgt1.joymax.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4907BCC3-32A2-43AC-A032-41CC221339FE}: NameServer = 192.168.1.1
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
Configuration: Windows XP
Firefox 3.0.1

28 réponses

  • 1
  • 2
  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    vire ce qui est en quarantaine dans antivir

    ______________

    Télécharge RavAntivirus d'Evosla :
    http://ww25.evosla.com/compteur.php?soft=rav_antivirus

    # Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX
    # Fais un clic droit sur le fichier .ZIP > Extraire sur > le Bureau
    # Doucle-clique sur >> RAV.exe << afin de lancer l'outil.
    # Une fois RAV ANTIVIRUS lancé, laisse-le réagir , il scanne automatiquement tout les lecteurs (disques fixes et amovibles)
    # Si infection > un log s'établira, sinon le soft affichera (très rapide) ==>Votre Ordinateur est sain .
    # Retire tes disques amovibles et redémarrez votre ordinateur.
    # Poste le rapport, si infection!

    ________________

    MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
    1
  2. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt effectivement tu es détourné

    # télécharger Hoster :
    http://www.funkytoad.com/download/HostsXpert.zip

    # Dézipper le dossier sur le bureau.
    # Lancer Hoster et cliquer sur Restore Microsoft's Hosts File

    recolles ensuite un hijackthis et un rapport antivir
    0
  3. BoBby_SpOKe
     
    Maintenant je peux naviguer sur le net sans probleme, y'a plus de detournement d'adresse. Mais le virus ne se fait détecter que lorsque je lance firefox, pas IE. Donc qu'est ce que je fais? Je fais quand meme ce que tu me dis?
    0
  4. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    oui tu fais
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. afideg Messages postés 10466 Date d'inscription   Statut Contributeur sécurité Dernière intervention   602
     
    Salut jlpjlp

    Ah, les coquins ==> jamais décidés à faire ce qu'on leur recommande !

    Al.
    0
    1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
       
      slt, Al.
      0
  7. BoBby_SpOKe
     
    voila hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:26:36, on 30/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\Nico\Mes documents\GBA\VisualBoyAdvance.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4907BCC3-32A2-43AC-A032-41CC221339FE}: NameServer = 192.168.1.1
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    0
  8. BoBby_SpOKe
     
    j'ai oublié de copier coller: le voici

    Avira AntiVir Personal
    Report file date: samedi 30 août 2008 16:27

    Scanning for 1582788 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: NICO-D34E090861

    Version information:
    BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
    AVSCAN.EXE : 8.1.4.7 315649 Bytes 22/07/2008 17:50:18
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 22/07/2008 17:50:18
    LUKE.DLL : 8.1.4.5 164097 Bytes 22/07/2008 17:50:19
    LUKERES.DLL : 8.1.4.0 12033 Bytes 22/07/2008 17:50:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:39:03
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 10:35:11
    ANTIVIR2.VDF : 7.0.6.60 2802176 Bytes 24/08/2008 15:19:43
    ANTIVIR3.VDF : 7.0.6.92 195584 Bytes 29/08/2008 19:50:01
    Engineversion : 8.1.1.23
    AEVDF.DLL : 8.1.0.5 102772 Bytes 19/04/2008 12:45:57
    AESCRIPT.DLL : 8.1.0.68 315770 Bytes 20/08/2008 11:18:14
    AESCN.DLL : 8.1.0.23 119156 Bytes 15/07/2008 16:17:10
    AERDL.DLL : 8.1.0.20 418165 Bytes 25/04/2008 11:44:47
    AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 16:17:09
    AEOFFICE.DLL : 8.1.0.22 192890 Bytes 20/08/2008 11:18:13
    AEHEUR.DLL : 8.1.0.50 1388918 Bytes 20/08/2008 11:18:12
    AEHELP.DLL : 8.1.0.15 115063 Bytes 30/05/2008 15:19:25
    AEGEN.DLL : 8.1.0.36 315764 Bytes 20/08/2008 11:18:07
    AEEMU.DLL : 8.1.0.7 430452 Bytes 08/08/2008 20:56:16
    AECORE.DLL : 8.1.1.8 172406 Bytes 08/08/2008 20:56:14
    AEBB.DLL : 8.1.0.1 53617 Bytes 22/07/2008 17:50:23
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 22/07/2008 17:50:18
    AVPREF.DLL : 8.0.2.0 38657 Bytes 22/07/2008 17:50:18
    AVREP.DLL : 8.0.0.2 98344 Bytes 08/08/2008 20:56:12
    AVREG.DLL : 8.0.0.1 33537 Bytes 22/07/2008 17:50:18
    AVARKT.DLL : 1.0.0.23 307457 Bytes 19/04/2008 12:45:52
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 22/07/2008 17:50:18
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 19/04/2008 12:45:55
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 22/07/2008 17:50:21
    NETNT.DLL : 8.0.0.1 7937 Bytes 19/04/2008 12:45:54
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 22/07/2008 17:48:58
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 22/07/2008 17:48:58

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: quarantine
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
    Macro heuristic..................: on
    File heuristic...................: high
    Deviating risk categories........: +GAME,+JOKE,+PCK,+SPR,

    Start of the scan: samedi 30 août 2008 16:27

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'notepad.exe' - '1' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
    Scan process 'HijackThis.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'VisualBoyAdvance.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'iPodService.exe' - '1' Module(s) have been scanned
    Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'StarWindServiceAE.exe' - '1' Module(s) have been scanned
    Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'soundman.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'InCDsrv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    39 processes with 39 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '51' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\Nico\Local Settings\Temp\.tt2.tmp.vbs
    [DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
    [NOTE] The file was moved to '492d5bbb.qua'!
    C:\Documents and Settings\Nico\Local Settings\Temp\.tt4.tmp.vbs
    [DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
    [NOTE] The file was moved to '48ad253c.qua'!
    C:\Program Files\DotA Gaming Network\dprotect.dc
    [DETECTION] Contains recognition pattern of the WORM/SdBot.BMAC worm
    [NOTE] The file was moved to '492b7ae8.qua'!
    C:\Program Files\DotA Gaming Network\plug-ins\abypass.dsp
    [DETECTION] This file has been compressed using unusual runtime compression (PCK/UltraProt). Please verify the origin of this file.
    [NOTE] The file was moved to '49327adb.qua'!
    C:\System Volume Information\_restore{4630D8C2-3217-4A63-8FA5-DAA373357367}\RP0\A0000010.dll
    [DETECTION] Contains HEUR/Crypted suspicious code
    [NOTE] The detection was classified as suspicious.
    [NOTE] The file was moved to '48e97ea1.qua'!
    C:\System Volume Information\_restore{4630D8C2-3217-4A63-8FA5-DAA373357367}\RP0\A0000011.sys
    [DETECTION] Is the TR/Peed.A.732 Trojan
    [NOTE] The file was moved to '48e97ea2.qua'!
    C:\WINDOWS\system32\12.tmp
    [DETECTION] Is the TR/Dldr.FraudLoa.NC Trojan
    [NOTE] The file was moved to '48e78069.qua'!
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!

    End of the scan: samedi 30 août 2008 19:18
    Used time: 2:51:21 Hour(s)

    The scan has been done completely.

    6655 Scanning directories
    206366 Files were scanned
    6 viruses and/or unwanted programs were found
    1 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    7 files were moved to quarantine
    0 files were renamed
    3 Files cannot be scanned
    206356 Files not concerned
    2391 Archives were scanned
    3 Warnings
    7 Notes
    0
  9. afideg Messages postés 10466 Date d'inscription   Statut Contributeur sécurité Dernière intervention   602
     
    Salut jlpjlp,

    Dans ANTIVIR, je lis ceci: Search for rootkits..............: off
    L'internaute devait activer la recherche de ROOTKITS.

    Bien fait de suivre avec l'anti-rootkits.

    Al.
    0
  10. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    EXACT tu as toujours l'oeil aussi affuté!!!

    pour activer l'antirootkit : aller dans CONFIGURATION puis EXPERT MODE puis SCAN et cocher la case SEARCH FOR ROOTKIT...
    0
  11. BoBby_SpOKe
     
    J'ai téléchargé service pack 3 entre temps, et ravantivirus m'a indiqué depuis le début: "votre ordinateur est sain". je l'ai coupé au bout de 2 minutes pour lancé antivir avec recherche de rootkits activée.
    j'ai viré les fichiers en quarantaine dans antivir. Voila, j'attends la fin du scan antivir et je ferai un scan malwarebytes et je vous donnes les logs. merci d'avance
    0
  12. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok
    0
  13. BoBby_SpOKe
     
    j'ai donc fini le scan antivir avec rootkits activé.

    voici le log :

    Avira AntiVir Personal
    Report file date: dimanche 31 août 2008 10:34

    Scanning for 1582788 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 3) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: NICO-D34E090861

    Version information:
    BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
    AVSCAN.EXE : 8.1.4.7 315649 Bytes 22/07/2008 17:50:18
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 22/07/2008 17:50:18
    LUKE.DLL : 8.1.4.5 164097 Bytes 22/07/2008 17:50:19
    LUKERES.DLL : 8.1.4.0 12033 Bytes 22/07/2008 17:50:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:39:03
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 10:35:11
    ANTIVIR2.VDF : 7.0.6.60 2802176 Bytes 24/08/2008 15:19:43
    ANTIVIR3.VDF : 7.0.6.92 195584 Bytes 29/08/2008 19:50:01
    Engineversion : 8.1.1.23
    AEVDF.DLL : 8.1.0.5 102772 Bytes 19/04/2008 12:45:57
    AESCRIPT.DLL : 8.1.0.68 315770 Bytes 20/08/2008 11:18:14
    AESCN.DLL : 8.1.0.23 119156 Bytes 15/07/2008 16:17:10
    AERDL.DLL : 8.1.0.20 418165 Bytes 25/04/2008 11:44:47
    AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 16:17:09
    AEOFFICE.DLL : 8.1.0.22 192890 Bytes 20/08/2008 11:18:13
    AEHEUR.DLL : 8.1.0.50 1388918 Bytes 20/08/2008 11:18:12
    AEHELP.DLL : 8.1.0.15 115063 Bytes 30/05/2008 15:19:25
    AEGEN.DLL : 8.1.0.36 315764 Bytes 20/08/2008 11:18:07
    AEEMU.DLL : 8.1.0.7 430452 Bytes 08/08/2008 20:56:16
    AECORE.DLL : 8.1.1.8 172406 Bytes 08/08/2008 20:56:14
    AEBB.DLL : 8.1.0.1 53617 Bytes 22/07/2008 17:50:23
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 22/07/2008 17:50:18
    AVPREF.DLL : 8.0.2.0 38657 Bytes 22/07/2008 17:50:18
    AVREP.DLL : 8.0.0.2 98344 Bytes 08/08/2008 20:56:12
    AVREG.DLL : 8.0.0.1 33537 Bytes 22/07/2008 17:50:18
    AVARKT.DLL : 1.0.0.23 307457 Bytes 19/04/2008 12:45:52
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 22/07/2008 17:50:18
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 19/04/2008 12:45:55
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 22/07/2008 17:50:21
    NETNT.DLL : 8.0.0.1 7937 Bytes 19/04/2008 12:45:54
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 22/07/2008 17:48:58
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 22/07/2008 17:48:58

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: quarantine
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: on
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
    Macro heuristic..................: on
    File heuristic...................: high
    Deviating risk categories........: +GAME,+JOKE,+PCK,+SPR,

    Start of the scan: dimanche 31 août 2008 10:34

    Starting search for hidden objects.
    '53779' objects were checked, '0' hidden objects were found.

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'iPodService.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'soundman.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'StarWindServiceAE.exe' - '1' Module(s) have been scanned
    Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'InCDsrv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    35 processes with 35 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '52' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!

    End of the scan: dimanche 31 août 2008 11:44
    Used time: 1:10:04 Hour(s)

    The scan has been done completely.

    6762 Scanning directories
    233964 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    3 Files cannot be scanned
    233961 Files not concerned
    2542 Archives were scanned
    3 Warnings
    0 Notes
    53779 Objects were scanned with rootkit scan
    0 Hidden objects were found

    puis un scan malwarebytes:
    Malwarebytes' Anti-Malware 1.25
    Version de la base de données: 1097
    Windows 5.1.2600 Service Pack 3

    13:34:53 31/08/2008
    mbam-log-08-31-2008 (13-34-53).txt

    Type de recherche: Examen complet (C:\|G:\|)
    Eléments examinés: 102983
    Temps écoulé: 1 hour(s), 45 minute(s), 3 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Voila j'attends de nouvelles directives :)
    (malwarebytes n'a rien détecté mais j'ai eu une alerte d'antivir contre un virus et j'ai fait deny access)
    0
  14. BoBby_SpOKe
     
    j'ai aussi fait un nettoyage c-cleaner + fixé les erreurs du registre. J'ai comme virus détecté maintenant: RD.Dldr.small.acod, auquel je fais access deny.
    0
  15. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Télécharge Combofix de sUBs : . aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !

    Aide à l’utilisation de combofix ici: http://bibou0007.forumpro.fr/tutos-f45/tutorial-combofix-t12­1.htm

    Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
    0
  16. BoBby_SpOKe
     
    voila le rapport combofix, par contre, y'a pas eu de question de combofix, ca m'a dit qu'il n'arrivait pas a ouvrir un fichier ( et il s'est quand meme lancé. je suppose que ca vient du fait que je l'ai pas bien renommé)

    ComboFix 08-08-30.03 - Nico 2008-08-31 14:59:54.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.91 [GMT 2:00]
    Endroit: C:\Documents and Settings\Nico\Bureau\conbautphykse.exe
    * Création d'un nouveau point de restauration
    * Resident AV is active

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\DOCUME~1\Nico\LOCALS~1\Temp\tmp2.tmp
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
    C:\Documents and Settings\Nico\Application Data\macromedia\Flash Player\#SharedObjects\NPJFSW5Q\bin.clearspring.com
    C:\Documents and Settings\Nico\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
    C:\WINDOWS\system32\a.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_TDSSSERV
    -------\Service_TDSSserv

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-28 to 2008-08-31 ))))))))))))))))))))))))))))))))))))
    .

    2008-08-31 10:29 . 2008-08-31 10:29 173 --a------ C:\curr_ver.tmp
    2008-08-31 01:49 . 2008-08-31 01:49 <REP> d-------- C:\WINDOWS\system32\fr
    2008-08-31 01:49 . 2008-08-31 01:49 <REP> d-------- C:\WINDOWS\system32\bits
    2008-08-31 01:49 . 2008-08-31 01:49 <REP> d-------- C:\WINDOWS\l2schemas
    2008-08-31 01:44 . 2008-08-31 01:49 <REP> d-------- C:\WINDOWS\ServicePackFiles
    2008-08-31 01:29 . 2008-08-31 01:29 <REP> d-------- C:\WINDOWS\EHome
    2008-08-30 20:27 . 2004-08-03 22:41 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys
    2008-08-30 20:25 . 2004-08-04 00:38 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
    2008-08-30 15:22 . 2008-08-30 15:22 <REP> d-------- C:\Program Files\Trend Micro
    2008-08-30 11:45 . 2008-08-30 12:23 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-08-30 11:45 . 2008-08-30 11:45 <REP> d-------- C:\Documents and Settings\Nico\Application Data\Malwarebytes
    2008-08-30 11:45 . 2008-08-30 11:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-08-30 11:45 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-08-30 11:45 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-08-27 17:16 . 2008-08-27 17:16 <REP> d-------- C:\WINDOWS\system32\LogFiles
    2008-07-31 12:45 . 2008-07-31 12:46 <REP> d-------- C:\Program Files\Orange
    2008-07-31 12:44 . 2008-07-31 12:44 <REP> d-------- C:\Program Files\Fichiers communs\France Telecom
    2008-07-31 12:38 . 2008-07-31 12:38 <REP> d-------- C:\Program Files\SAGEM
    2008-07-29 18:57 . 2008-07-29 18:59 <REP> d-------- C:\WINDOWS\oioi1
    2008-07-29 18:57 . 2008-07-29 18:57 152,576 --a------ C:\WINDOWS\system32\cncs32.dll
    2008-07-29 18:57 . 2008-07-29 18:57 18 --a------ C:\WINDOWS\cnc.ini
    2008-07-27 18:31 . 2008-07-27 18:33 <REP> d-------- C:\UnrealTournament
    2008-07-24 20:36 . 2008-07-24 20:36 <REP> d-------- C:\Program Files\Intel
    2008-07-24 20:36 . 2008-05-01 16:35 53,248 --a------ C:\WINDOWS\system32\CSVer.dll
    2008-07-24 20:35 . 2008-07-24 20:35 <REP> d-------- C:\Intel
    2008-07-24 20:33 . 2008-07-24 20:33 <REP> d-------- C:\WINDOWS\OPTIONS
    2008-07-24 20:33 . 2008-07-24 20:33 <REP> d-------- C:\Program Files\Realtek
    2008-07-24 20:33 . 2008-02-25 20:54 105,088 --a------ C:\WINDOWS\system32\drivers\Rtnicxp.sys
    2008-07-24 20:09 . 2006-08-01 15:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
    2008-07-24 20:08 . 2008-01-24 16:36 4,127,488 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys
    2008-07-24 20:07 . 2008-07-24 20:08 <REP> d-------- C:\Program Files\Realtek AC97
    2008-07-24 20:07 . 2006-11-17 05:40 18,804,736 --a------ C:\WINDOWS\system32\alsndmgr.cpl
    2008-07-24 20:07 . 2006-12-08 15:20 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
    2008-07-24 20:07 . 2007-04-16 15:28 577,536 --a------ C:\WINDOWS\soundman.exe
    2008-07-24 20:07 . 2006-07-31 11:19 315,392 --a------ C:\WINDOWS\alcupd.exe
    2008-07-24 20:07 . 2006-07-31 11:27 217,088 --a------ C:\WINDOWS\Alcrmv.exe
    2008-07-24 20:07 . 2006-10-18 02:53 147,456 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
    2008-07-24 20:07 . 2002-02-05 13:54 141,016 --a------ C:\WINDOWS\system32\alsndmgr.wav
    2008-07-24 20:01 . 2008-07-24 20:01 92 --a------ C:\WINDOWS\CMISETUP.INI
    2008-07-24 20:01 . 2008-07-24 20:01 26 --a------ C:\WINDOWS\CMCDPLAY.INI
    2008-07-24 20:01 . 2008-07-24 20:01 0 --a------ C:\WINDOWS\Wininit.ini
    2008-07-24 20:00 . 2008-07-24 20:00 <REP> d-------- C:\Program Files\C-Media 3D Audio
    2008-07-24 20:00 . 2003-08-05 14:23 266,240 --a------ C:\WINDOWS\CMIUninstall.exe
    2008-07-24 20:00 . 2003-07-22 11:15 225,280 --a------ C:\WINDOWS\CmiRmRedundDir.exe
    2008-07-24 20:00 . 2002-10-18 15:56 28,672 --a------ C:\WINDOWS\CMIRmDriver.dll
    2008-07-22 20:39 . 2008-07-22 20:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
    2008-07-22 20:35 . 2008-08-31 15:11 89,134 --a------ C:\WINDOWS\system32\nvapps.xml
    2008-07-22 20:34 . 2008-07-22 20:37 <REP> d-------- C:\WINDOWS\nview
    2008-07-22 20:34 . 2006-11-17 17:29 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
    2008-07-22 20:34 . 2006-11-17 17:29 17,056 --a------ C:\WINDOWS\system32\nvdisp.nvu
    2008-07-22 20:33 . 2006-11-17 19:21 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
    2008-07-22 20:32 . 2008-07-22 20:32 <REP> d-------- C:\NVIDIA
    2008-07-22 20:20 . 2008-07-22 20:20 <REP> d-------- C:\Program Files\ma-config.com
    2008-07-22 20:20 . 2008-07-24 20:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ma-config.com
    2008-07-11 15:15 . 2008-08-31 15:11 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-07-11 15:15 . 2008-07-11 15:15 1,409 --a------ C:\WINDOWS\QTFont.for

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-31 10:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
    2008-08-30 16:51 --------- d-----w C:\Program Files\DotA Gaming Network
    2008-08-29 22:21 --------- d-----w C:\Program Files\Windows Live
    2008-08-29 22:09 --------- d-----w C:\Program Files\Google
    2008-08-29 21:56 --------- d-----w C:\Program Files\Warcraft III
    2008-08-29 20:20 --------- d-----w C:\Program Files\mIRC
    2008-08-29 19:48 --------- d-----w C:\Documents and Settings\Nico\Application Data\teamspeak2
    2008-08-22 18:50 --------- d-----w C:\Documents and Settings\Nico\Application Data\Skype
    2008-07-31 10:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-07-30 13:51 --------- d-----w C:\Documents and Settings\Nico\Application Data\dvdcss
    2008-07-30 09:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-07-29 11:01 --------- d-----w C:\Program Files\Apple Software Update
    2007-01-08 20:56 17,144 -c--a-w C:\Documents and Settings\Nico\Application Data\GDIPFONTCACHEV1.DAT
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 22:20 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-22 19:50 266497]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 04:23 75520]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 17:40 155648]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-11-17 17:29 7700480]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-11-17 17:29 86016]
    "nwiz"="nwiz.exe" [2006-11-17 17:29 1622016 C:\WINDOWS\system32\nwiz.exe]
    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:33 15360]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk
    backup=C:\WINDOWS\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
    backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
    backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk
    backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    --a--c--- 2007-04-04 00:29 165784 C:\Program Files\DAEMON Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    --a--c--- 2004-09-13 16:49 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
    -----c--- 2005-07-25 12:01 1397760 C:\Program Files\Ahead\InCD\InCD.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe"=

    R0 sfdrv01;StarForce Protection Environment Driver (version 1.x);C:\WINDOWS\system32\drivers\sfdrv01.sys [2005-08-10 14:44]
    R0 sfhlp02;StarForce Protection Helper Driver (version 2.x);C:\WINDOWS\system32\drivers\sfhlp02.sys [2005-05-16 15:20]
    R0 sfvfs02;StarForce Protection VFS Driver (version 2.x);C:\WINDOWS\system32\drivers\sfvfs02.sys [2005-11-03 16:40]
    R1 avipbb;avipbb;C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-07-22 19:50]
    R2 Apple Mobile Device;Apple Mobile Device;C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-10-31 15:09]
    R2 irda;Protocole IrDA;C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 20:54]
    R2 Irmon;Moniteur infrarouge;C:\WINDOWS\system32\svchost.exe [2008-04-14 04:34]
    R2 NVSvc;NVIDIA Display Driver Service;C:\WINDOWS\system32\nvsvc32.exe [2006-11-17 17:29]
    R2 StarWindServiceAE;StarWind AE Service;C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 18:57]
    R3 cmuda;C-Media WDM Audio Interface;C:\WINDOWS\system32\drivers\cmuda.sys [2006-06-26 12:15]
    R3 irsir;Pilote série infrarouge Microsoft;C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 23:51]
    R3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2004-10-21 14:31]
    R3 LMouKE;Logitech SetPoint Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2004-10-21 14:30]
    R3 Rasirda;Miniport réseau étendu (IrDA);C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 23:51]
    R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver;C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-02-25 20:54]
    S3 driverhardwarev2;driverhardwarev2;C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2008-06-26 09:16]
    S3 ldiskl;ldiskl;C:\DOCUME~1\Nico\LOCALS~1\Temp\ldiskl.sys []
    S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-06-26 09:13]
    S3 NdisIP;Connection TV/vidéo Microsoft;C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 20:46]
    S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 19:31]
    S3 SLIP;Détrameur décalage BDA;C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 20:46]
    S3 ssmdrv;ssmdrv;C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-04-19 17:35]
    S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2007-10-31 15:09]
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-Cmaudio - cmicnfg.cpl
    Notify-WgaLogon - (no file)

    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\Nico\Application Data\Mozilla\Firefox\Profiles\gkmlb2ht.default\
    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF -: plugin - C:\Program Files\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll
    FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
    FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJava11.dll
    FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJava12.dll
    FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJava13.dll
    FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJava14.dll
    FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJava32.dll
    FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJPI150_11.dll
    FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPOJI610.dll
    FF -: plugin - C:\Program Files\ma-config.com\nphardwaredetection.dll
    FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-31 15:07:15
    Windows 5.1.2600 Service Pack 3 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-08-31 15:16:55 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-08-31 13:16:43

    Pre-Run: 25,716,310,016 octets libres
    Post-Run: 25,842,061,312 octets libres

    220 --- E O F --- 2008-02-13 11:45:39
    0
  17. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    parfait recolles un rapport hijackhjtis et dis tes soucis
    0
  18. BoBby_SpOKe
     
    voila le log hijackthis. avant le combofix, j'avais eu des alertes étranges, comme de tr.dldr.small.acod. je ne sais pas si je l'ai encore. et la(après combofix) j'ai eu l'impression que l'ordi a mis du temps a se mettre opérationnel après démarrage.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:39:50, on 31/08/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4907BCC3-32A2-43AC-A032-41CC221339FE}: NameServer = 192.168.1.1
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    0
  19. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installit
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    _________________________

    Mettre a jour java:
    https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/

    mettre à jour adobe reader
    https://acrobat.adobe.com/fr/fr/acrobat/pdf-reader.html

    ________________________
    vire combofix de ton ordi ( il a viré antivirus XP 2008 responsable de tes plantages!)

    _________________________

    si plus de souci c'est bon!!!

    pour protéger gratos ton ordi

    http://www.commentcamarche.net/telecharger/logiciel 4 securite

    mettre un antivirus

    ANTIVIR (en anglais mais très efficace)
    https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
    -------------
    des anti-espions :
    MalwareByte's Anti-Malware + SPYBOT

    +
    SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

    --------
    un pare feu :
    celui de (Windows) ou mieux Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

    http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall

    https://forum.pcastuces.com/sujet.asp?f=25&s=35606
    https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
    https://manuelsdaide.com/contact/
    http://www.open-files.com/forum/index.php?showtopic=29277
    http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm

    -----------
    CCLEANER pour effacer les traces de surf
    ---------
    naviguer avec firefox ou safari ou opera et non internet explorer plus touché par les virus
    http://www.mozilla-europe.org/fr/products/firefox/
    0
  20. BoBby_SpOKe
     
    Ah , et bien merci beaucoup. j'ai quelques questions
    Les lignes que j'ai fixé avec hijackthis correspondait a quoi? C'était quoi en gros la merde sur mon ordinateur? et pourquoi je dois pas supprimer combofix de l'ordinateur? c'est mauvais?
    J'ai installé flash player 11, mais il me proposait norton scan a installé: j'ai refusé==> est ce que j'ai bien fait?
    j'installe adobe reader 9 maintenant.

    j'avais aussi un problème: quand je quitte le jeu warcraft 3 frozen throne, mon ordinateur redémarrait irrémédiablement, comme si j'appuyais sur reset juste après avoir cliquer sur "quitter le jeu". est ce que tu saurais d'où viens ce problème? J'ai pas réessayé depuis le nettoyage du pc, mais j'ai pas envie de tenter , et ensuite d'avoir a tout retaper ce message :).
    Donc je vais tester et je préviens si c'est devenu normal niveau warcraft3.
    0
  • 1
  • 2