Erreur processing...
zouav
-
geoffrey5 Messages postés 14008 Statut Contributeur sécurité -
geoffrey5 Messages postés 14008 Statut Contributeur sécurité -
Bonjour,
voila j'ai un petit soucis quand j'essaie de lancer spybot,
celui si s'arrete presque aussitot avec le message suivant
windows pas de disque
exception processing message c0000013 Parameters 75afbf7c 4 75afbf7c 75afbf7c
voivi mon rapport hi jack si quelqu'un peut m'aider .
par avance merci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:47:54, on 10/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Windows Defender\MsMpEng.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\ZoneLabs\vsmon.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
I:\Program Files\Alwil Software\Avast4\ashServ.exe
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\System32\FTRTSVC.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
I:\WINDOWS\system32\RunDll32.exe
I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
I:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
I:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
I:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
I:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
I:\Program Files\Windows Live\Messenger\usnsvc.exe
I:\PROGRA~1\Wanadoo\Toaster.exe
I:\PROGRA~1\Wanadoo\Inactivity.exe
I:\PROGRA~1\Wanadoo\PollingModule.exe
I:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
I:\Program Files\Wanadoo\GestionnaireInternet.exe
I:\Program Files\Wanadoo\ComComp.exe
I:\Program Files\Wanadoo\Watch.exe
I:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
I:\Documents and Settings\nico\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - I:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ZoneAlarm Spy B
voila j'ai un petit soucis quand j'essaie de lancer spybot,
celui si s'arrete presque aussitot avec le message suivant
windows pas de disque
exception processing message c0000013 Parameters 75afbf7c 4 75afbf7c 75afbf7c
voivi mon rapport hi jack si quelqu'un peut m'aider .
par avance merci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:47:54, on 10/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Windows Defender\MsMpEng.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\ZoneLabs\vsmon.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
I:\Program Files\Alwil Software\Avast4\ashServ.exe
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\System32\FTRTSVC.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
I:\WINDOWS\system32\RunDll32.exe
I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
I:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
I:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
I:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
I:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
I:\Program Files\Windows Live\Messenger\usnsvc.exe
I:\PROGRA~1\Wanadoo\Toaster.exe
I:\PROGRA~1\Wanadoo\Inactivity.exe
I:\PROGRA~1\Wanadoo\PollingModule.exe
I:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
I:\Program Files\Wanadoo\GestionnaireInternet.exe
I:\Program Files\Wanadoo\ComComp.exe
I:\Program Files\Wanadoo\Watch.exe
I:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
I:\Documents and Settings\nico\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - I:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ZoneAlarm Spy B
Configuration: Windows XP Firefox 3.0.1
20 réponses
-
Salut !!
ton rapport hijackthis est incomplet :s -
Comment copier/coller le rapport :
Quand tu as le rapport à l écran, tu fais ctrl A pour "sélectionner tout" puis ctrl C pour "copier".
ensuite tu viens sur le forum pour me répondre et tu fais ctrl V pour "coller" le rapport.
Une explication des raccourcis clavier sont illustrés à cette adresse :
https://www.androidworld.fr/ -
ok désolé
voilli
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:47:54, on 10/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Windows Defender\MsMpEng.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\ZoneLabs\vsmon.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
I:\Program Files\Alwil Software\Avast4\ashServ.exe
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\System32\FTRTSVC.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
I:\WINDOWS\system32\RunDll32.exe
I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
I:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
I:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
I:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
I:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
I:\Program Files\Windows Live\Messenger\usnsvc.exe
I:\PROGRA~1\Wanadoo\Toaster.exe
I:\PROGRA~1\Wanadoo\Inactivity.exe
I:\PROGRA~1\Wanadoo\PollingModule.exe
I:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
I:\Program Files\Wanadoo\GestionnaireInternet.exe
I:\Program Files\Wanadoo\ComComp.exe
I:\Program Files\Wanadoo\Watch.exe
I:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
I:\Documents and Settings\nico\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - I:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - I:\Program Files\ZoneAlarmSB\bar\2.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - I:\Program Files\ZoneAlarmSB\bar\2.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [avast!] I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WOOWATCH] I:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ZoneAlarm Client] "I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] I:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [SpybotSD TeaTimer] I:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Phase24FireWireService] "I:\Program Files\Fichiers communs\TerraTec\PhaseFW\driver\PhaseFWService.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - I:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - I:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - I:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - I:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - I:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - I:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
-
je ne vois pas d infections dans ton rapport mais fais quand meme ceci stp :
Télécharger sur le bureau malwarebytes à cette adresse :
https://www.androidworld.fr/
Voici un tuto pour bien l installer et bien l utiliser :
https://www.androidworld.fr/
aide toi bien du tuto pour supprimer correctement ce qu il aura trouvé
Après l analyse, redémarrer le pc et poste le rapport !!
as tu essayer de le désinstaller et le réinstaller ?? -
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question -
re
alors l'examen rapide n'a rien decelé
sinon j'ai juste essayé de reinstaller spybot sans le désinstaller avant je vais donc essayer -
fais quand meme une analyse complete stp
-
-
-
-
-
tu as refais une analyse complete avec malwarebytes ??
-
re
desolé pour hier j'ai du m'absenter
ceci dit j'avais bien fait une analyse complete avec malware...rien à signaler,je vais donc desinstaler puis réinstaler spybot -
j'ai donc désinstaller puis reinstalé msn fix et spybot pas de changement,toujours le meme message erreur...
-
Salut !!
télécharge combofix (par sUBs) à cette adresse :
(c est le numéro 5 en bas de la page) : https://www.androidworld.fr/
et enregistre le sur le Bureau.
désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware)
Voici un tuto pour bien l'installer et savoir l utiliser : https://www.androidworld.fr/
ensuite envois le rapport et refais un nouveau rapport hijackthis stp -
ok voila le rapport!!!???hum
ComboFix 08-09-10.04 - nico 2008-09-11 12:51:48.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.653 [GMT 2:00]
Endroit: I:\Documents and Settings\nico\Bureau\ComboFix2.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-08-11 to 2008-09-11 ))))))))))))))))))))))))))))))))))))
.
2008-09-11 11:27 . 2008-09-11 11:29 <REP> d-------- I:\Program Files\Spybot - Search & Destroy
2008-09-11 11:27 . 2008-09-11 11:27 <REP> d-------- I:\Program Files\MSNFix
2008-09-10 15:16 . 2008-09-10 15:17 <REP> d-------- I:\Program Files\Malwarebytes' Anti-Malware
2008-09-10 15:16 . 2008-09-10 15:16 <REP> d-------- I:\Documents and Settings\nico\Application Data\Malwarebytes
2008-09-10 15:16 . 2008-09-10 15:16 <REP> d-------- I:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-10 15:16 . 2008-09-10 00:04 38,528 --a------ I:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-10 15:16 . 2008-09-10 00:03 17,200 --a------ I:\WINDOWS\system32\drivers\mbam.sys
2008-09-09 04:49 . 2008-09-09 04:49 <REP> d-------- I:\Documents and Settings\nico\Application Data\TuneUp Software
2008-09-09 04:49 . 2008-09-09 04:49 355,584 --a------ I:\WINDOWS\system32\TuneUpDefragService.exe
2008-09-09 04:49 . 2008-05-29 09:28 28,416 --a------ I:\WINDOWS\system32\uxtuneup.dll
2008-09-09 04:48 . 2008-09-09 04:49 <REP> d-------- I:\Program Files\TuneUp Utilities 2008
2008-09-09 04:48 . 2008-09-09 04:48 <REP> d-------- I:\Program Files\Fichiers communs\Wise Installation Wizard
2008-09-09 04:48 . 2008-09-09 04:48 <REP> d-------- I:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-09-08 11:50 . 2008-09-08 11:50 <REP> d-------- I:\Program Files\Microsoft Silverlight
2008-09-03 00:52 . 2008-09-03 00:52 <REP> d-------- I:\Program Files\Securitoo
2008-09-03 00:52 . 2008-09-03 00:52 <REP> d-------- I:\Program Files\CCleaner
2008-09-03 00:52 . 2008-09-03 00:52 <REP> d-------- I:\Documents and Settings\All Users\Application Data\MailFrontier
2008-09-03 00:51 . 2008-09-03 00:51 <REP> d-------- I:\Program Files\Podmailing
2008-09-01 00:18 . 2008-09-03 00:52 <REP> d-------- I:\Program Files\Zattoo
2008-08-30 15:48 . 2008-07-07 22:28 253,952 -----c--- I:\WINDOWS\system32\dllcache\es.dll
2008-08-30 15:48 . 2008-06-24 18:44 74,240 -----c--- I:\WINDOWS\system32\dllcache\mscms.dll
2008-08-30 15:47 . 2008-06-26 10:13 1,499,648 -----c--- I:\WINDOWS\system32\dllcache\shdocvw.dll
2008-08-30 15:47 . 2008-04-11 21:05 691,712 -----c--- I:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-30 15:47 . 2008-06-26 10:13 620,544 -----c--- I:\WINDOWS\system32\dllcache\urlmon.dll
2008-08-30 13:53 . 2008-09-03 00:58 <REP> d-------- I:\Program Files\Windows Defender
2008-08-26 14:17 . 2008-09-03 00:51 <REP> d-------- I:\Program Files\Podmailing(2)
2008-08-25 21:05 . 2008-09-03 00:51 <REP> d-------- I:\Program Files\Phun
2008-08-18 17:11 . 2008-08-18 17:11 <REP> d-------- I:\Documents and Settings\nico\Application Data\Template
2008-08-18 17:11 . 2008-08-18 17:12 106 --a------ I:\Documents and Settings\nico\Application Data\wklnhst.dat
2008-08-18 17:05 . 2008-08-30 15:41 <REP> d-------- I:\Program Files\Microsoft Works
2008-08-16 16:38 . 2008-08-16 16:38 <REP> d-------- I:\WINDOWS\system32\LogFiles
2008-08-14 04:09 . 2008-09-11 12:53 5,017,632 --ahs---- I:\WINDOWS\system32\drivers\fidbox.dat
2008-08-14 04:09 . 2008-09-11 11:22 60,008 --ahs---- I:\WINDOWS\system32\drivers\fidbox.idx
2008-08-14 04:07 . 2008-08-14 04:07 <REP> d-------- I:\Program Files\ZoneAlarmSB
2008-08-14 04:05 . 2008-09-03 00:52 <REP> d-------- I:\WINDOWS\system32\ZoneLabs
2008-08-14 04:05 . 2008-08-14 04:05 <REP> d-------- I:\Program Files\Zone Labs
2008-08-14 04:05 . 2008-09-11 11:23 352,920 --a------ I:\WINDOWS\system32\vsconfig.xml
2008-08-14 04:05 . 2008-08-30 17:12 4,212 ---h----- I:\WINDOWS\system32\zllictbl.dat
2008-08-14 04:04 . 2008-09-11 12:46 <REP> d-------- I:\WINDOWS\Internet Logs
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-11 10:51 --------- d-----w I:\Program Files\Wanadoo
2008-09-11 09:29 --------- d-----w I:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-10 22:21 --------- d-----w I:\Documents and Settings\nico\Application Data\foobar2000
2008-09-02 22:51 --------- d-----w I:\Program Files\GUILD WARS(2)
2008-09-02 22:51 --------- d-----w I:\Program Files\Fichiers communs\PCSuite
2008-09-02 21:43 1,094,474 ----a-w I:\WINDOWS\Internet Logs\tvDebug.zip
2008-08-29 12:12 --------- d-----w I:\Program Files\Java
2008-08-28 02:49 --------- d-----w I:\Documents and Settings\nico\Application Data\Podmailing
2008-08-27 20:31 --------- d-----w I:\Documents and Settings\nico\Application Data\DivX
2008-08-06 14:46 --------- d-----w I:\Documents and Settings\nico\Application Data\Nokia Multimedia Player
2008-08-05 15:58 --------- d-----w I:\Program Files\Nokia
2008-08-05 15:57 --------- d-----w I:\Documents and Settings\All Users\Application Data\Installations
2008-08-03 22:18 --------- d--h--w I:\Program Files\InstallShield Installation Information
2008-08-03 22:18 --------- d-----w I:\Program Files\Eidos
2008-07-29 15:07 --------- d-----w I:\Program Files\Qnext
2008-07-21 16:04 --------- d-----w I:\Program Files\GameSpy Arcade
2008-07-21 15:39 --------- d-----w I:\Program Files\Codemasters
2008-07-18 20:10 94,920 ----a-w I:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w I:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w I:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 45,768 ----a-w I:\WINDOWS\system32\wups2(2)(2).dll
2008-07-18 20:10 36,552 ----a-w I:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w I:\WINDOWS\system32\wups(2)(2).dll
2008-07-18 20:09 563,912 ----a-w I:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w I:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w I:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w I:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w I:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w I:\WINDOWS\system32\muweb.dll
2008-07-09 07:05 75,248 ----a-w I:\WINDOWS\zllsputility.exe
2008-07-09 07:05 1,086,952 ----a-w I:\WINDOWS\system32\zpeng24.dll
2008-07-07 20:28 253,952 ----a-w I:\WINDOWS\system32\es.dll
2008-07-07 20:28 253,952 ----a-w I:\WINDOWS\system32\es(5)(2).dll
2008-06-26 08:13 620,544 ----a-w I:\WINDOWS\system32\urlmon(2)(2).dll
2008-06-26 08:13 1,499,648 ----a-w I:\WINDOWS\system32\shdocvw(2)(2).dll
2008-06-24 16:44 74,240 ----a-w I:\WINDOWS\system32\mscms.dll
2008-06-23 15:10 670,208 ----a-w I:\WINDOWS\system32\wininet.dll
2008-06-23 15:10 670,208 ----a-w I:\WINDOWS\system32\wininet(2)(2).dll
2008-06-20 17:47 247,808 ----a-w I:\WINDOWS\system32\mswsock.dll
2005-01-27 19:27 17,245 -c--a-w I:\WINDOWS\inf\hxdll.dll
2004-10-28 17:14 27,036 -c--a-w I:\WINDOWS\inf\mdusb.sys
2008-05-13 04:22 32,768 -csha-w I:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008051320080514\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="I:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"WOOKIT"="I:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"SpybotSD TeaTimer"="I:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"NvCplDaemon"="I:\WINDOWS\system32\NvCpl.dll" [2007-11-06 8523776]
"WOOWATCH"="I:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"ZoneAlarm Client"="I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"nwiz"="nwiz.exe" [2007-11-06 I:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="I:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
I:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
hp psc 1000 series.lnk - I:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 147456]
hpoddt01.exe.lnk - I:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi2"= hxdll.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"I:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"I:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"I:\\WINDOWS\\system32\\dpvsetup.exe"=
"I:\\Program Files\\Qnext\\qnextclient.exe"=
"I:\\Program Files\\Podmailing\\podmailing.exe"=
"I:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
R1 aswSP;avast! Self Protection;I:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;I:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 UxTuneUp;TuneUp Extension de thème;I:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 Cap7134;MEDION (7134) WDM Video Capture;I:\WINDOWS\system32\DRIVERS\Cap7134.sys [2003-06-05 350752]
R3 cmudax;C-Media High Definition Audio Interface;I:\WINDOWS\system32\drivers\cmudax.sys [2005-05-12 1287296]
R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;I:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2003-06-12 24704]
S3 TTPhase1394;TTPhase1394;I:\WINDOWS\system32\Drivers\TTPhase1394.sys [2004-10-14 97152]
S3 TTPhaseA;TTPhaseA;I:\WINDOWS\system32\Drivers\TTPhaseA.sys [2004-10-14 24576]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;I:\WINDOWS\System32\TuneUpDefragService.exe [2008-09-09 355584]
S3 USBMIDI;UF USB MIDI Driver;I:\WINDOWS\system32\Drivers\Mdusb.sys [2004-10-28 27036]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Phase24FireWireService - I:\Program Files\Fichiers communs\TerraTec\PhaseFW\driver\PhaseFWService.exe
HKLM-Run-Cmaudio - cmicnfg.cpl
.
------- Supplementary Scan -------
.
FireFox -: Profile - I:\Documents and Settings\nico\Application Data\Mozilla\Firefox\Profiles\yfyrm5oh.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.yahoo.com/
FF -: plugin - I:\PROGRA~1\MOZILL~1\plugins\npdivx32.dll
FF -: plugin - I:\PROGRA~1\MOZILL~1\plugins\npDivxPlayerPlugin.dll
FF -: plugin - I:\PROGRA~1\MOZILL~1\plugins\npnul32.dll
FF -: plugin - I:\PROGRA~1\MOZILL~1\plugins\NPSWF32.dll
FF -: plugin - I:\PROGRA~1\MOZILL~1\plugins\NPZoneSB.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-11 12:53:26
Windows 5.1.2600 Service Pack 3 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-09-11 12:54:31
ComboFix-quarantined-files.txt 2008-09-11 10:54:26
Pre-Run: 43,774,357,504 octets libres
Post-Run: 43,769,147,392 octets libres
173 --- E O F --- 2008-09-10 10:38:35 -
et le nouveau hi jack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:03:23, on 11/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Windows Defender\MsMpEng.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
I:\Program Files\Alwil Software\Avast4\ashServ.exe
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\System32\FTRTSVC.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\WINDOWS\system32\svchost.exe
I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
I:\WINDOWS\system32\RunDll32.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
I:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
I:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
I:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
I:\PROGRA~1\Wanadoo\Toaster.exe
I:\PROGRA~1\Wanadoo\Inactivity.exe
I:\PROGRA~1\Wanadoo\PollingModule.exe
I:\Program Files\Windows Live\Messenger\usnsvc.exe
I:\WINDOWS\explorer.exe
I:\WINDOWS\system32\notepad.exe
I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
I:\WINDOWS\system32\ZoneLabs\vsmon.exe
I:\Program Files\Wanadoo\GestionnaireInternet.exe
I:\Program Files\Wanadoo\ComComp.exe
I:\Program Files\Wanadoo\Watch.exe
I:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
I:\Program Files\Windows Live\Messenger\msnmsgr.exe
I:\Program Files\Internet Explorer\iexplore.exe
I:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
I:\Documents and Settings\nico\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - I:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - I:\Program Files\ZoneAlarmSB\bar\2.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - I:\Program Files\ZoneAlarmSB\bar\2.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [avast!] I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WOOWATCH] I:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] I:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [SpybotSD TeaTimer] I:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Phase24FireWireService] "I:\Program Files\Fichiers communs\TerraTec\PhaseFW\driver\PhaseFWService.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - I:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - I:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - I:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - I:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - I:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - I:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
-
et le nouveau hi jack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:03:23, on 11/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Windows Defender\MsMpEng.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
I:\Program Files\Alwil Software\Avast4\ashServ.exe
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\System32\FTRTSVC.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\WINDOWS\system32\svchost.exe
I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
I:\WINDOWS\system32\RunDll32.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
I:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
I:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
I:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
I:\PROGRA~1\Wanadoo\Toaster.exe
I:\PROGRA~1\Wanadoo\Inactivity.exe
I:\PROGRA~1\Wanadoo\PollingModule.exe
I:\Program Files\Windows Live\Messenger\usnsvc.exe
I:\WINDOWS\explorer.exe
I:\WINDOWS\system32\notepad.exe
I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
I:\WINDOWS\system32\ZoneLabs\vsmon.exe
I:\Program Files\Wanadoo\GestionnaireInternet.exe
I:\Program Files\Wanadoo\ComComp.exe
I:\Program Files\Wanadoo\Watch.exe
I:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
I:\Program Files\Windows Live\Messenger\msnmsgr.exe
I:\Program Files\Internet Explorer\iexplore.exe
I:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
I:\Documents and Settings\nico\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - I:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - I:\Program Files\ZoneAlarmSB\bar\2.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - I:\Program Files\ZoneAlarmSB\bar\2.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [avast!] I:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WOOWATCH] I:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] I:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [SpybotSD TeaTimer] I:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Phase24FireWireService] "I:\Program Files\Fichiers communs\TerraTec\PhaseFW\driver\PhaseFWService.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - I:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - I:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - I:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - I:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - I:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - I:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - I:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - I:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
-
je ne vois pourtant plus d infections...
relance hijackthis en cliquant sur scan only et coches ces lignes stp :
O4 - Global Startup: hp psc 1000 series.lnk = ?
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O4 - Global Startup: hp psc 1000 series.lnk = ?
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
puis tu cliques sur fix checked.
vas aussi faire la mise à niveau de java à cette adresse stp : https://www.java.com/fr/download/manual.jsp
et ensuite désinstalle la version antérieure.
C est peut etre ton pare feu zone alarm qui le bloque...essais en le désactivant -
ok bon je vais devoir faire ça plutard
merci encore je te tiens au courant des que
j'aurais fait ces manip -