Sujet Précédent Sujet Suivant

Infection?

Résolu
rick0837 Messages postés 54 Statut Membre -  
sKe69 Messages postés 21955 Statut Contributeur sécurité -
Bonjour,
Je pense que je suis infecté par je ne s'ai trop quoi si quelqu'un peut me venir en aide?
D'avance merci
PS: voici un rapport de hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:57:43, on 02/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS2\System32\smss.exe
C:\WINDOWS2\system32\winlogon.exe
C:\WINDOWS2\system32\services.exe
C:\WINDOWS2\system32\lsass.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS2\Explorer.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS2\system32\nvsvc32.exe
C:\WINDOWS2\system32\PnkBstrA.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS2\system32\RUNDLL32.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS2\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Documents and Settings\lelong\Bureau\Nouveau dossier\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe
O3 - Toolbar: Barre de confiance - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS2\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS2\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS2\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS2\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS2\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS2\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WiFi Station.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS2\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS2\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS2\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS2\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega.DMFacade.Interface) - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr/configurateur/AccountHelper.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS2\system32\nvsvc32.exe
O23 - Service: ODBC Administration Service (odbcasvc) - Unknown owner - C:\WINDOWS2\SYSTEM32\odbcasvc.EXE (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS2\system32\PnkBstrA.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS2\system32\sfrem01.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS2\System32\TuneUpDefragService.exe

31 réponses

  • 1
  • 2
Réponse 1 / 31
rick0837 Messages postés 54 Statut Membre 8
 
Bonjour, je vient de faire ce que tu ma dit alors voici les rapports

ComboFix 08-10-02.04 - lelong 2008-10-03 8:35:00.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1102 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\lelong\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS2\system32\AutoRun.inf
C:\WINDOWS2\system32\TDSSerrors.log
C:\WINDOWS2\system32\tmp76.tmp
C:\WINDOWS2\system32\tmp77.tmp

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Legacy_MCHINJDRV
-------\Legacy_ODBCASVC
-------\Service_Boonty Games
-------\Service_odbcasvc

((((((((((((((((((((((((( Files Created from 2008-09-03 to 2008-10-03 )))))))))))))))))))))))))))))))
.

2008-10-02 18:54 . 2008-10-02 18:54 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-02 18:54 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS2\system32\drivers\mbamswissarmy.sys
2008-10-02 18:54 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS2\system32\drivers\mbam.sys
2008-10-02 18:51 . 2008-10-02 18:51 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS2\Application Data\Yahoo! Companion
2008-10-02 18:50 . 2008-10-02 18:50 <REP> d-------- C:\Program Files\Yahoo!
2008-10-02 18:50 . 2008-10-02 18:50 <REP> d-------- C:\Program Files\CCleaner
2008-10-02 17:52 . 2008-10-02 17:52 <REP> d-------- C:\rsit
2008-10-02 16:45 . 2008-10-02 16:52 <REP> d-a------ C:\Documents and Settings\All Users.WINDOWS2\Application Data\TEMP
2008-10-02 11:49 . 2007-08-19 17:23 <REP> d--h----- C:\Documents and Settings\Administrateur.CRISTAL-UNION\Voisinage r‚seau
2008-10-02 11:49 . 2007-08-19 17:23 <REP> d--h----- C:\Documents and Settings\Administrateur.CRISTAL-UNION\Voisinage d'impression
2008-10-02 11:49 . 2007-08-19 15:34 <REP> d--h----- C:\Documents and Settings\Administrateur.CRISTAL-UNION\ModŠles
2008-10-02 11:49 . 2007-08-19 17:23 <REP> d-------- C:\Documents and Settings\Administrateur.CRISTAL-UNION\Mes documents
2008-10-02 11:49 . 2007-08-19 17:23 <REP> dr------- C:\Documents and Settings\Administrateur.CRISTAL-UNION\Menu D‚marrer
2008-10-02 11:49 . 2007-08-19 17:23 <REP> d-------- C:\Documents and Settings\Administrateur.CRISTAL-UNION\Favoris
2008-10-02 11:49 . 2007-08-19 17:23 <REP> d-------- C:\Documents and Settings\Administrateur.CRISTAL-UNION\Bureau
2008-10-02 11:49 . 2008-10-02 11:49 <REP> d-------- C:\Documents and Settings\Administrateur.CRISTAL-UNION
2008-10-01 22:02 . 2008-10-01 22:26 <REP> d-------- C:\WINDOWS2\BDOSCAN8
2008-10-01 22:00 . 2008-10-01 22:00 <REP> d-------- C:\VundoFix Backups
2008-10-01 21:53 . 2008-10-02 12:18 <REP> d-------- C:\Program Files\Enigma Software Group
2008-09-29 16:47 . 2008-09-29 16:47 <REP> d--h----- C:\Documents and Settings\All Users.WINDOWS2\Application Data\CanonBJ
2008-09-29 16:47 . 2007-04-30 22:00 215,040 --a------ C:\WINDOWS2\system32\CNMLM90.DLL
2008-09-29 16:47 . 2008-04-13 20:47 25,856 --a------ C:\WINDOWS2\system32\drivers\usbprint.sys
2008-09-29 16:47 . 2008-04-13 20:47 25,856 --a--c--- C:\WINDOWS2\system32\dllcache\usbprint.sys
2008-09-27 17:35 . 2008-09-27 17:35 <REP> d-------- C:\Program Files\Hercules
2008-09-27 17:35 . 2008-09-27 17:35 <REP> d-------- C:\Documents and Settings\lelong\Application Data\InstallShield
2008-09-27 17:35 . 2006-12-01 11:00 395,648 --a------ C:\WINDOWS2\system32\drivers\rt61.sys
2008-09-27 17:35 . 2007-02-15 10:36 395,008 --a------ C:\WINDOWS2\system32\drivers\RT619x.sys
2008-09-27 17:35 . 2007-02-15 10:36 238,080 --a------ C:\WINDOWS2\system32\drivers\rt25009x.sys
2008-09-27 17:35 . 2006-06-01 22:37 236,800 --a------ C:\WINDOWS2\system32\drivers\rt2500.sys
2008-09-27 17:35 . 2006-11-30 19:30 8,192 --a------ C:\WINDOWS2\system32\drivers\rt2661.bin
2008-09-27 17:35 . 2006-11-30 19:30 8,192 --a------ C:\WINDOWS2\system32\drivers\rt2561s.bin
2008-09-27 17:35 . 2006-11-30 19:30 8,192 --a------ C:\WINDOWS2\system32\drivers\rt2561.bin
2008-09-27 16:12 . 2008-09-27 16:12 21,419 --a------ C:\WINDOWS2\system32\drivers\AegisP.sys
2008-09-26 18:23 . 2008-09-26 18:23 <REP> d-------- C:\Program Files\VCD
2008-09-26 18:23 . 2008-09-26 18:39 <REP> d-------- C:\Program Files\TRACKS
2008-09-26 18:23 . 2008-09-26 18:23 <REP> d-------- C:\Program Files\Support
2008-09-26 18:23 . 2008-09-26 18:23 <REP> d-------- C:\Program Files\SUBTITLES
2008-09-26 18:23 . 2008-09-26 18:32 <REP> d-------- C:\Program Files\SOUND
2008-09-26 18:23 . 2008-09-26 18:23 <REP> d-------- C:\Program Files\ONLINE
2008-09-26 18:21 . 2008-09-26 18:23 <REP> d-------- C:\Program Files\NIS
2008-09-26 18:17 . 2008-09-26 18:21 <REP> d-------- C:\Program Files\MOVIES
2008-09-26 18:17 . 2008-09-26 18:17 <REP> d-------- C:\Program Files\MEMCARD
2008-09-26 18:17 . 2008-09-26 18:17 <REP> d-------- C:\Program Files\LANGUAGES
2008-09-26 18:17 . 2008-09-26 18:17 <REP> d-------- C:\Program Files\GLOBAL
2008-09-26 18:17 . 2008-09-26 18:17 <REP> d-------- C:\Program Files\FRONTEND
2008-09-26 18:16 . 2008-09-26 18:17 <REP> d-------- C:\Program Files\DirectX
2008-09-26 18:16 . 2008-09-26 18:16 <REP> d-------- C:\Program Files\CREDITS
2008-09-26 18:16 . 2008-09-26 18:36 <REP> d-------- C:\Program Files\CARS
2008-09-26 18:16 . 2006-11-01 13:31 8,904,704 --a------ C:\Program Files\NFSC.exe
2008-09-26 18:16 . 2007-08-29 09:26 720,896 --a------ C:\Program Files\EAInstall.dll
2008-09-26 18:16 . 2007-08-29 09:27 499,712 --a------ C:\Program Files\msvcp71.dll
2008-09-26 18:16 . 2007-08-29 09:28 380,928 --a------ C:\Program Files\server.dll
2008-09-26 18:16 . 2007-08-29 09:27 348,160 --a------ C:\Program Files\msvcr71.dll
2008-09-26 18:16 . 2007-08-29 09:26 253,952 --a------ C:\Program Files\eauninstall.exe
2008-09-26 18:16 . 2007-08-29 09:31 118,784 --a------ C:\Program Files\caller.dll
2008-09-26 18:16 . 2007-08-29 09:31 61,440 --a------ C:\Program Files\vcd.dll
2008-09-26 18:15 . 2008-09-26 18:41 <REP> d-------- C:\NFSC
2008-09-23 19:44 . 2008-09-23 20:02 <REP> d-------- C:\Program Files\e-anim701
2008-09-19 22:28 . 2008-04-14 04:33 21,504 --a------ C:\WINDOWS2\system32\hidserv.dll
2008-09-19 22:28 . 2008-04-14 04:33 21,504 --a--c--- C:\WINDOWS2\system32\dllcache\hidserv.dll
2008-09-19 22:27 . 2008-04-13 20:45 32,128 --a------ C:\WINDOWS2\system32\drivers\usbccgp.sys
2008-09-19 22:27 . 2008-04-13 20:45 32,128 --a--c--- C:\WINDOWS2\system32\dllcache\usbccgp.sys
2008-09-19 22:27 . 2008-04-14 04:05 14,720 --a------ C:\WINDOWS2\system32\drivers\kbdhid.sys
2008-09-19 22:27 . 2008-04-14 04:05 14,720 --a--c--- C:\WINDOWS2\system32\dllcache\kbdhid.sys
2008-09-15 16:40 . 2008-09-15 16:40 <REP> d-------- C:\Documents and Settings\lelong\Application Data\Command & Conquer(tm)ÿ3ÿ La Fureur de Kane
2008-09-13 18:55 . 2008-09-26 18:42 <REP> d-------- C:\Program Files\Electronic Arts
2008-09-12 21:45 . 2008-09-12 21:45 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS2\Application Data\AntiVir PersonalEdition Classic
2008-09-12 21:09 . 2008-09-12 21:09 <REP> d-------- C:\a54717b9155845baab9d72644f73
2008-09-11 13:26 . 2003-03-19 04:05 89,088 --------- C:\WINDOWS2\system32\atl71.dll
2008-09-11 13:26 . 2003-09-23 11:38 34,688 --a------ C:\WINDOWS2\system32\pcampr5.sys
2008-09-11 13:22 . 2008-09-11 13:22 <REP> d-------- C:\Program Files\Securitoo
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS2\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS2\system32\QuickTime.qts
2008-09-03 22:23 . 2008-09-04 15:27 <REP> d-------- C:\Program Files\LANPing
2008-09-03 22:21 . 2008-09-06 12:47 <REP> d-------- C:\Program Files\CDDC-MahJongg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-03 06:18 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-10-02 16:58 --------- d-----w C:\Documents and Settings\lelong\Application Data\ImgBurn
2008-10-02 16:58 --------- d-----w C:\Documents and Settings\All Users.WINDOWS2\Application Data\Spybot - Search & Destroy
2008-10-02 10:47 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-10-01 20:45 7,168 --sha-w C:\Program Files\Thumbs.db
2008-10-01 18:55 --------- d-----w C:\Documents and Settings\lelong\Application Data\LimeWire
2008-10-01 09:32 --------- d-----w C:\Documents and Settings\All Users.WINDOWS2\Application Data\TrackMania
2008-09-27 15:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-26 16:25 1,805 ----a-w C:\Program Files\deinstallieren Need for Speed Carbon.lnk
2008-09-26 13:57 --------- d-----w C:\Program Files\LimeWire
2008-09-23 18:19 --------- d-----w C:\Program Files\QuickTime
2008-09-23 18:18 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-09-23 17:35 --------- d-----w C:\Program Files\eMule
2008-09-15 14:40 --------- d-----w C:\Documents and Settings\lelong\Application Data\Command & Conquer(tm) 3  La Fureur de Kane
2008-09-13 16:52 --------- d-----w C:\Program Files\nLite
2008-09-12 19:14 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-09-12 19:14 --------- d-----w C:\Documents and Settings\All Users.WINDOWS2\Application Data\Lavasoft
2008-09-06 12:02 137,656 ----a-w C:\WINDOWS2\system32\drivers\PnkBstrK.sys
2008-09-04 14:33 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-04 13:53 --------- d-----w C:\Program Files\Xara
2008-09-04 13:33 --------- d-----w C:\Program Files\LuckyTender
2008-09-04 13:25 --------- d-----w C:\Program Files\Jasc Software Inc
2008-09-04 13:23 --------- d-----w C:\Program Files\HyCam2
2008-09-04 13:21 --------- d-----w C:\Program Files\Bonjour
2008-09-02 16:43 --------- d-----w C:\Program Files\TmUnitedForever
2008-09-01 13:07 --------- d-----w C:\Documents and Settings\lelong\Application Data\LuckyTender
2008-08-31 20:52 --------- d-----w C:\Program Files\VirginMega
2008-08-30 11:13 --------- d-----w C:\Program Files\DAZ
2008-08-30 11:12 --------- d-----w C:\Program Files\Fichiers communs\DAZ
2008-08-29 11:32 --------- d-----w C:\Program Files\Satsuki Decoder Pack
2008-08-27 14:57 --------- d-----w C:\Documents and Settings\lelong\Application Data\Apple Computer
2008-08-27 14:55 --------- d-----w C:\Program Files\Apple Software Update
2008-08-27 10:17 --------- d-----w C:\Documents and Settings\lelong\Application Data\Teleca
2008-08-27 10:16 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2008-08-26 15:51 --------- d-----w C:\Documents and Settings\lelong\Application Data\Sony Ericsson
2008-08-14 17:46 --------- d-----w C:\Documents and Settings\All Users.WINDOWS2\Application Data\TrackMania United
2008-01-15 18:02 635,625 ----a-w C:\Documents and Settings\lelong\pays.zip
2007-11-08 14:39 22,328 ----a-w C:\Documents and Settings\lelong\Application Data\PnkBstrK.sys
2007-11-03 18:20 1 ----a-w C:\Documents and Settings\lelong\SI.bin
2007-08-31 13:39 22,486 ----a-w C:\Program Files\Gamesload.ico
2007-08-29 07:31 8,950,976 ----a-w C:\Program Files\cpt.nun
2007-08-29 07:28 1,462 ----a-w C:\Program Files\server.cfg
2007-08-29 07:27 2,238 ----a-w C:\Program Files\NFS_icon.ico
2007-08-29 07:26 45,002 ----a-w C:\Program Files\filelist.txt
2007-08-29 07:25 1,091,256 ----a-w C:\Program Files\[u]0[/u]0000000.256
2007-08-24 06:34 59,245 ----a-w C:\Program Files\eula_de.rtf
2008-03-31 06:28 23 --sha-w C:\WINDOWS2\system32\bcbef6_z.dll
.
[code]<pre>
----a-w 5,109,800 2002-12-07 06:27:30 C:\Documents and Settings\lelong\Mes documents\logiciel pour gifs\xara 3D\Xara Menu Maker 1.0 .exe
</pre>[/code]

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"ctfmon.exe"="C:\WINDOWS2\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-20 68856]
"H/PC Connection Agent"="C:\PROGRA~1\MI3AA1~1\wcescomm.exe" [2006-06-26 1211176]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" [2008-06-20 154368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS2\system32\NvCpl.dll" [2008-05-16 13529088]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-03-20 213936]
"NvMediaCenter"="C:\WINDOWS2\system32\NvMcTray.dll" [2008-05-16 86016]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 327720]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696]
"ISUSPM"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 C:\WINDOWS2\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2008-05-16 C:\WINDOWS2\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS2\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"C:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe"=
"C:\\Program Files\\Call of Duty Game of the Year Edition\\CoDUOMP.exe"=
"C:\\Program Files\\Inventel\\Gateway\\RGWRepair.exe"=
"C:\\WINDOWS2\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS2\\system32\\PnkBstrB.exe"=
"C:\\Documents and Settings\\lelong\\Mes documents\\TrackmaniaServer\\TrackmaniaServer.exe"=
"C:\\Program Files\\CroTeam\\Serious Sam - The Second Encounter\\Bin\\SeriousSam.exe"=
"C:\\Program Files\\TrackMania United\\TmUnited.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Empire Interactive\\FlatOut 2\\FlatOut2.exe"=
"C:\\Program Files\\TmUnitedForever\\TmForever.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\TmUnitedForever\\TrackmaniaServer.exe"=
"C:\\Documents and Settings\\lelong\\Mes documents\\TrackMania\\TrackmaniaServer.exe"=
"C:\\Program Files\\TrackMania United\\TrackmaniaServer.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"28960:UDP"= 28960:UDP:CoD2
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 nvgts;nvgts;C:\WINDOWS2\system32\DRIVERS\nvgts.sys [2008-01-25 132096]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS2\System32\svchost.exe [2008-04-14 14336]
S2 aswFsBlk;aswFsBlk;C:\WINDOWS2\system32\DRIVERS\aswFsBlk.sys [ ]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;C:\WINDOWS2\system32\Drivers\BRGSp50.sys [2005-06-08 20608]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS2\System32\TuneUpDefragService.exe [2008-06-28 355584]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS2\system32\DRIVERS\zd1211Bu.sys [2005-08-17 330240]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{027b2886-727e-11dc-9d86-001921e40060}]
\Shell\AutoRun\command - C:\WINDOWS2\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

BHO-{05DE00E4-E691-4074-859F-68DD28C01019} - (no file)
BHO-{57F7BFCB-57E2-4A58-9C33-0BA7C99BC37E} - (no file)
BHO-{7CFD1B61-56FD-417C-9F99-ABB2173E402A} - (no file)
ShellExecuteHooks-{B09E0F0B-28FE-4A7E-90F6-6D09E4234852} - (no file)

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\lelong\Application Data\Mozilla\Firefox\Profiles\wu60xkvf.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF -: plugin - C:\Documents and Settings\lelong\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-03 08:39:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS2\system32\nvsvc32.exe
C:\WINDOWS2\system32\PnkBstrA.exe
C:\WINDOWS2\system32\rundll32.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Hercules\WiFi Station\WiFiStation.exe
C:\Program Files\Microsoft ActiveSync\rapimgr.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Completion time: 2008-10-03 8:43:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-03 06:43:30

Avant-CF: 123ÿ363ÿ659ÿ776 octets libres
Post-Run: 123,451,174,912 octets libres

270 --- E O F --- 2008-09-23 06:49:24

Logfile of random's system information tool 1.04 (written by random/random)
Run by lelong at 2008-10-03 08:44:53
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 118 GB (41%) free of 286 GB
Total RAM: 1535 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:45:03, on 03/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS2\System32\smss.exe
C:\WINDOWS2\system32\winlogon.exe
C:\WINDOWS2\system32\services.exe
C:\WINDOWS2\system32\lsass.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS2\system32\nvsvc32.exe
C:\WINDOWS2\system32\PnkBstrA.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS2\system32\RUNDLL32.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS2\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS2\system32\wuauclt.exe
C:\WINDOWS2\explorer.exe
C:\WINDOWS2\system32\notepad.exe
C:\Documents and Settings\lelong\Bureau\RSIT.exe
C:\Documents and Settings\lelong\Bureau\Nouveau dossier\HiJackThis\lelong.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO Barre de Confiance - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O3 - Toolbar: Barre de confiance - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS2\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS2\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS2\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS2\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS2\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS2\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WiFi Station.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS2\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS2\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega.DMFacade.Interface) - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr/configurateur/AccountHelper.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS2\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS2\system32\PnkBstrA.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS2\system32\sfrem01.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS2\System32\TuneUpDefragService.exe
1
Réponse 2 / 31
dakius
 
salut la solution a ton problem c un tré bon antivirus!!!
je te consiel bite defender total security 2009 c le top cette année
mai il faut netoyer tout ta machine avant donc sauvgarde bien tou t fichier et tu for mate le system !
si tu veu je te le donne!
0
Réponse 3 / 31
rick0837 Messages postés 54 Statut Membre 8
 
Ok merci pour ta réponse si rapide, je suis ok pour que tu me le donne !
0
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
re,
AntiVir est très bien et de plus gratuit ^^

Je te conseilles de faire ce que je t'ai demandé ... en effet , une possible infection Vundo sur ton PC ( et changer d'anti-virus n'y fera rien hélas ... )
0
Réponse 4 / 31
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
Salut,

fais ceci pour approfondir le rapport Hijackthis :

Télécharges Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.

-> http://images.malwareremoval.com/random/RSIT.exe

! Déconnecte toi et fermes toutes tes applications en cours !

Double-clique sur " RSIT.exe " pour le lancer .

-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .

* Devant l'option "List files/folders created ..." , tu choisis : 3 months

* cliques ensuite sur " Continue " pour lancer l'analyse ...

( Note : Si la dernière version de HijackThis n'est pas détectée sur ton PC, RSIT le téléchargera et te demandera d'accepter la licence.)

-> laisses faire le scan et ne touche pas au PC ...

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).

Postes le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...

( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )

0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 31
rick0837 Messages postés 54 Statut Membre 8
 
re, voici les rapport

Logfile of random's system information tool 1.04 (written by random/random)
Run by lelong at 2008-10-02 17:52:11
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 118 GB (41%) free of 286 GB
Total RAM: 1535 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:52:21, on 02/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS2\System32\smss.exe
C:\WINDOWS2\system32\winlogon.exe
C:\WINDOWS2\system32\services.exe
C:\WINDOWS2\system32\lsass.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS2\Explorer.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS2\system32\nvsvc32.exe
C:\WINDOWS2\system32\PnkBstrA.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS2\system32\RUNDLL32.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS2\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Documents and Settings\lelong\Bureau\RSIT.exe
C:\Documents and Settings\lelong\Bureau\Nouveau dossier\HiJackThis\lelong.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {57F7BFCB-57E2-4A58-9C33-0BA7C99BC37E} - C:\WINDOWS2\system32\fcCUMcaA.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7CFD1B61-56FD-417C-9F99-ABB2173E402A} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO Barre de Confiance - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O2 - BHO: (no name) - {B09E0F0B-28FE-4A7E-90F6-6D09E4234852} - C:\WINDOWS2\system32\pmnlKeeC.dll
O3 - Toolbar: Barre de confiance - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS2\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS2\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS2\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS2\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS2\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS2\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WiFi Station.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS2\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS2\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS2\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS2\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega.DMFacade.Interface) - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr/configurateur/AccountHelper.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: pmnlKeeC - C:\WINDOWS2\SYSTEM32\pmnlKeeC.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS2\system32\nvsvc32.exe
O23 - Service: ODBC Administration Service (odbcasvc) - Unknown owner - C:\WINDOWS2\SYSTEM32\odbcasvc.EXE (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS2\system32\PnkBstrA.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS2\system32\sfrem01.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS2\System32\TuneUpDefragService.exe
0
Réponse 6 / 31
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
bingo ... infection Vundo ...

On commence :

Télécharges VirtumundoBegone sur ton bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

!! Ce déconnecter et fermer toute ces applications le temps de la manipe !!

Double cliquer sur VirtumundoBeGone.exe et suivre les instructions.
Une fois terminé, redémarrer le PC, le rapport VBG.TXT sera crée sur le bureau .
(Si un message Ecran bleu "Erreur fatale" apparaît, pas d’inquiétude car c'est normal et attendu).

Postes le rapport VBG accompagné d'un nouveau rapport RSIT pour analyse ...
0
Réponse 7 / 31
dakius Messages postés 6 Statut Membre
 
oui mai apré il te restera a réparer les déga ka comis le virus
0
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
Non ...
0
Réponse 8 / 31
rick0837 Messages postés 54 Statut Membre 8
 
voila pour VGB,

[10/02/2008, 18:20:59] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\lelong\Bureau\VirtumundoBeGone.exe" )
[10/02/2008, 18:21:11] - Detected System Information:
[10/02/2008, 18:21:11] - Windows Version: 5.1.2600, Service Pack 3
[10/02/2008, 18:21:11] - Current Username: lelong (Admin)
[10/02/2008, 18:21:11] - Windows is in NORMAL mode.
[10/02/2008, 18:21:11] - Searching for Browser Helper Objects:
[10/02/2008, 18:21:11] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[10/02/2008, 18:21:11] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[10/02/2008, 18:21:11] - BHO 3: {57F7BFCB-57E2-4A58-9C33-0BA7C99BC37E} ()
[10/02/2008, 18:21:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/02/2008, 18:21:11] - Checking for HKLM\...\Winlogon\Notify\fcCUMcaA
[10/02/2008, 18:21:11] - Key not found: HKLM\...\Winlogon\Notify\fcCUMcaA, continuing.
[10/02/2008, 18:21:11] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/02/2008, 18:21:11] - BHO 5: {7CFD1B61-56FD-417C-9F99-ABB2173E402A} ()
[10/02/2008, 18:21:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/02/2008, 18:21:11] - No filename found. Continuing.
[10/02/2008, 18:21:11] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[10/02/2008, 18:21:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/02/2008, 18:21:11] - No filename found. Continuing.
[10/02/2008, 18:21:11] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[10/02/2008, 18:21:11] - BHO 8: {988B07F5-7392-455A-8A1F-64935CB8B6ED} (BHO Barre de Confiance)
[10/02/2008, 18:21:11] - BHO 9: {B09E0F0B-28FE-4A7E-90F6-6D09E4234852} ()
[10/02/2008, 18:21:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/02/2008, 18:21:11] - Checking for HKLM\...\Winlogon\Notify\pmnlKeeC
[10/02/2008, 18:21:11] - Found: HKLM\...\Winlogon\Notify\pmnlKeeC - This is probably Virtumundo.
[10/02/2008, 18:21:11] - Assigning {B09E0F0B-28FE-4A7E-90F6-6D09E4234852} MSEvents Object
[10/02/2008, 18:21:11] - BHO list has been changed! Starting over...
[10/02/2008, 18:21:11] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[10/02/2008, 18:21:11] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[10/02/2008, 18:21:11] - BHO 3: {57F7BFCB-57E2-4A58-9C33-0BA7C99BC37E} ()
[10/02/2008, 18:21:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/02/2008, 18:21:11] - Checking for HKLM\...\Winlogon\Notify\fcCUMcaA
[10/02/2008, 18:21:11] - Key not found: HKLM\...\Winlogon\Notify\fcCUMcaA, continuing.
[10/02/2008, 18:21:11] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/02/2008, 18:21:11] - BHO 5: {7CFD1B61-56FD-417C-9F99-ABB2173E402A} ()
[10/02/2008, 18:21:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/02/2008, 18:21:11] - No filename found. Continuing.
[10/02/2008, 18:21:11] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[10/02/2008, 18:21:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/02/2008, 18:21:11] - No filename found. Continuing.
[10/02/2008, 18:21:11] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[10/02/2008, 18:21:11] - BHO 8: {988B07F5-7392-455A-8A1F-64935CB8B6ED} (BHO Barre de Confiance)
[10/02/2008, 18:21:12] - BHO 9: {B09E0F0B-28FE-4A7E-90F6-6D09E4234852} (MSEvents Object)
[10/02/2008, 18:21:12] - ALERT: Found MSEvents Object!
[10/02/2008, 18:21:12] - Finished Searching Browser Helper Objects
[10/02/2008, 18:21:12] - *** Detected MSEvents Object
[10/02/2008, 18:21:12] - Trying to remove MSEvents Object...
[10/02/2008, 18:21:13] - Terminating Process: IEXPLORE.EXE
[10/02/2008, 18:21:13] - Terminating Process: RUNDLL32.EXE
[10/02/2008, 18:21:13] - Disabling Automatic Shell Restart
[10/02/2008, 18:21:13] - Terminating Process: EXPLORER.EXE
[10/02/2008, 18:21:14] - Suspending the NT Session Manager System Service
[10/02/2008, 18:21:14] - Terminating Windows NT Logon/Logoff Manager
[10/02/2008, 18:21:14] - Re-enabling Automatic Shell Restart
[10/02/2008, 18:21:14] - File to disable: C:\WINDOWS2\system32\pmnlKeeC.dll
[10/02/2008, 18:21:14] - Renaming C:\WINDOWS2\system32\pmnlKeeC.dll -> C:\WINDOWS2\system32\pmnlKeeC.dll.vir
[10/02/2008, 18:21:14] - File successfully renamed!
[10/02/2008, 18:21:14] - Removing HKLM\...\Browser Helper Objects\{B09E0F0B-28FE-4A7E-90F6-6D09E4234852}
[10/02/2008, 18:21:14] - Removing HKCR\CLSID\{B09E0F0B-28FE-4A7E-90F6-6D09E4234852}
[10/02/2008, 18:21:14] - Adding Kill Bit for ActiveX for GUID: {B09E0F0B-28FE-4A7E-90F6-6D09E4234852}
[10/02/2008, 18:21:14] - Deleting ATLEvents/MSEvents Registry entries
[10/02/2008, 18:21:15] - Removing HKLM\...\Winlogon\Notify\pmnlKeeC
[10/02/2008, 18:21:15] - Searching for Browser Helper Objects:
[10/02/2008, 18:21:15] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[10/02/2008, 18:21:15] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[10/02/2008, 18:21:15] - BHO 3: {57F7BFCB-57E2-4A58-9C33-0BA7C99BC37E} ()
[10/02/2008, 18:21:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/02/2008, 18:21:15] - Checking for HKLM\...\Winlogon\Notify\fcCUMcaA
[10/02/2008, 18:21:15] - Key not found: HKLM\...\Winlogon\Notify\fcCUMcaA, continuing.
[10/02/2008, 18:21:15] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/02/2008, 18:21:15] - BHO 5: {7CFD1B61-56FD-417C-9F99-ABB2173E402A} ()
[10/02/2008, 18:21:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/02/2008, 18:21:15] - No filename found. Continuing.
[10/02/2008, 18:21:15] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[10/02/2008, 18:21:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/02/2008, 18:21:15] - No filename found. Continuing.
[10/02/2008, 18:21:15] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[10/02/2008, 18:21:15] - BHO 8: {988B07F5-7392-455A-8A1F-64935CB8B6ED} (BHO Barre de Confiance)
[10/02/2008, 18:21:15] - Finished Searching Browser Helper Objects
[10/02/2008, 18:21:15] - Finishing up...
[10/02/2008, 18:21:15] - A restart is needed.
[10/02/2008, 18:21:19] - Attempting to Restart via STOP error (Blue Screen!)

et pour RSit,

[10/02/2008, 18:20:59] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\lelong\Bureau\VirtumundoBeGone.exe" )
[10/02/2008, 18:21:11] - Detected System Information:
[10/02/2008, 18:21:11] - Windows Version: 5.1.2600, Service Pack 3
[10/02/2008, 18:21:11] - Current Username: lelong (Admin)
[10/02/2008, 18:21:11] - Windows is in NORMAL mode.
[10/02/2008, 18:21:11] - Searching for Browser Helper Objects:
[10/02/2008, 18:21:11] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[10/02/2008, 18:21:11] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[10/02/2008, 18:21:11] - BHO 3: {57F7BFCB-57E2-4A58-9C33-0BA7C99BC37E} ()
[10/02/2008, 18:21:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/02/2008, 18:21:11] - Checking for HKLM\...\Winlogon\Notify\fcCUMcaA
[10/02/2008, 18:21:11] - Key not found: HKLM\...\Winlogon\Notify\fcCUMcaA, continuing.
[10/02/2008, 18:21:11] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/02/2008, 18:21:11] - BHO 5: {7CFD1B61-56FD-417C-9F99-ABB2173E402A} ()
[10/02/2008, 18:21:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/02/2008, 18:21:11] - No filename found. Continuing.
[10/02/2008, 18:21:11] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[10/02/2008, 18:21:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/02/2008, 18:21:11] - No filename found. Continuing.
[10/02/2008, 18:21:11] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[10/02/2008, 18:21:11] - BHO 8: {988B07F5-7392-455A-8A1F-64935CB8B6ED} (BHO Barre de Confiance)
[10/02/2008, 18:21:11] - BHO 9: {B09E0F0B-28FE-4A7E-90F6-6D09E4234852} ()
[10/02/2008, 18:21:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/02/2008, 18:21:11] - Checking for HKLM\...\Winlogon\Notify\pmnlKeeC
[10/02/2008, 18:21:11] - Found: HKLM\...\Winlogon\Notify\pmnlKeeC - This is probably Virtumundo.
[10/02/2008, 18:21:11] - Assigning {B09E0F0B-28FE-4A7E-90F6-6D09E4234852} MSEvents Object
[10/02/2008, 18:21:11] - BHO list has been changed! Starting over...
[10/02/2008, 18:21:11] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[10/02/2008, 18:21:11] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[10/02/2008, 18:21:11] - BHO 3: {57F7BFCB-57E2-4A58-9C33-0BA7C99BC37E} ()
[10/02/2008, 18:21:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/02/2008, 18:21:11] - Checking for HKLM\...\Winlogon\Notify\fcCUMcaA
[10/02/2008, 18:21:11] - Key not found: HKLM\...\Winlogon\Notify\fcCUMcaA, continuing.
[10/02/2008, 18:21:11] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/02/2008, 18:21:11] - BHO 5: {7CFD1B61-56FD-417C-9F99-ABB2173E402A} ()
[10/02/2008, 18:21:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/02/2008, 18:21:11] - No filename found. Continuing.
[10/02/2008, 18:21:11] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[10/02/2008, 18:21:11] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/02/2008, 18:21:11] - No filename found. Continuing.
[10/02/2008, 18:21:11] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[10/02/2008, 18:21:11] - BHO 8: {988B07F5-7392-455A-8A1F-64935CB8B6ED} (BHO Barre de Confiance)
[10/02/2008, 18:21:12] - BHO 9: {B09E0F0B-28FE-4A7E-90F6-6D09E4234852} (MSEvents Object)
[10/02/2008, 18:21:12] - ALERT: Found MSEvents Object!
[10/02/2008, 18:21:12] - Finished Searching Browser Helper Objects
[10/02/2008, 18:21:12] - *** Detected MSEvents Object
[10/02/2008, 18:21:12] - Trying to remove MSEvents Object...
[10/02/2008, 18:21:13] - Terminating Process: IEXPLORE.EXE
[10/02/2008, 18:21:13] - Terminating Process: RUNDLL32.EXE
[10/02/2008, 18:21:13] - Disabling Automatic Shell Restart
[10/02/2008, 18:21:13] - Terminating Process: EXPLORER.EXE
[10/02/2008, 18:21:14] - Suspending the NT Session Manager System Service
[10/02/2008, 18:21:14] - Terminating Windows NT Logon/Logoff Manager
[10/02/2008, 18:21:14] - Re-enabling Automatic Shell Restart
[10/02/2008, 18:21:14] - File to disable: C:\WINDOWS2\system32\pmnlKeeC.dll
[10/02/2008, 18:21:14] - Renaming C:\WINDOWS2\system32\pmnlKeeC.dll -> C:\WINDOWS2\system32\pmnlKeeC.dll.vir
[10/02/2008, 18:21:14] - File successfully renamed!
[10/02/2008, 18:21:14] - Removing HKLM\...\Browser Helper Objects\{B09E0F0B-28FE-4A7E-90F6-6D09E4234852}
[10/02/2008, 18:21:14] - Removing HKCR\CLSID\{B09E0F0B-28FE-4A7E-90F6-6D09E4234852}
[10/02/2008, 18:21:14] - Adding Kill Bit for ActiveX for GUID: {B09E0F0B-28FE-4A7E-90F6-6D09E4234852}
[10/02/2008, 18:21:14] - Deleting ATLEvents/MSEvents Registry entries
[10/02/2008, 18:21:15] - Removing HKLM\...\Winlogon\Notify\pmnlKeeC
[10/02/2008, 18:21:15] - Searching for Browser Helper Objects:
[10/02/2008, 18:21:15] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[10/02/2008, 18:21:15] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[10/02/2008, 18:21:15] - BHO 3: {57F7BFCB-57E2-4A58-9C33-0BA7C99BC37E} ()
[10/02/2008, 18:21:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/02/2008, 18:21:15] - Checking for HKLM\...\Winlogon\Notify\fcCUMcaA
[10/02/2008, 18:21:15] - Key not found: HKLM\...\Winlogon\Notify\fcCUMcaA, continuing.
[10/02/2008, 18:21:15] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/02/2008, 18:21:15] - BHO 5: {7CFD1B61-56FD-417C-9F99-ABB2173E402A} ()
[10/02/2008, 18:21:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/02/2008, 18:21:15] - No filename found. Continuing.
[10/02/2008, 18:21:15] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[10/02/2008, 18:21:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/02/2008, 18:21:15] - No filename found. Continuing.
[10/02/2008, 18:21:15] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[10/02/2008, 18:21:15] - BHO 8: {988B07F5-7392-455A-8A1F-64935CB8B6ED} (BHO Barre de Confiance)
[10/02/2008, 18:21:15] - Finished Searching Browser Helper Objects
[10/02/2008, 18:21:15] - Finishing up...
[10/02/2008, 18:21:15] - A restart is needed.
[10/02/2008, 18:21:19] - Attempting to Restart via STOP error (Blue Screen!)
0
Réponse 9 / 31
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
re,

tu m'a poster 2 fois VGB ;)

Donnes moi le nouveau RSIT ...^^
0
Réponse 10 / 31
rick0837 Messages postés 54 Statut Membre 8
 
dsl, voici,

Logfile of random's system information tool 1.04 (written by random/random)
Run by lelong at 2008-10-02 18:34:31
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 118 GB (41%) free of 286 GB
Total RAM: 1535 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:34:38, on 02/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS2\System32\smss.exe
C:\WINDOWS2\system32\winlogon.exe
C:\WINDOWS2\system32\services.exe
C:\WINDOWS2\system32\lsass.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS2\Explorer.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS2\system32\nvsvc32.exe
C:\WINDOWS2\system32\PnkBstrA.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS2\system32\RUNDLL32.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS2\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Documents and Settings\lelong\Bureau\RSIT.exe
C:\Documents and Settings\lelong\Bureau\Nouveau dossier\HiJackThis\lelong.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: (no name) - {05DE00E4-E691-4074-859F-68DD28C01019} - C:\WINDOWS2\system32\fcCUMcaA.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {57F7BFCB-57E2-4A58-9C33-0BA7C99BC37E} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7CFD1B61-56FD-417C-9F99-ABB2173E402A} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO Barre de Confiance - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O3 - Toolbar: Barre de confiance - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS2\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS2\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS2\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS2\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS2\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS2\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WiFi Station.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS2\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS2\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS2\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS2\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega.DMFacade.Interface) - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr/configurateur/AccountHelper.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS2\system32\nvsvc32.exe
O23 - Service: ODBC Administration Service (odbcasvc) - Unknown owner - C:\WINDOWS2\SYSTEM32\odbcasvc.EXE (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS2\system32\PnkBstrA.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS2\system32\sfrem01.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS2\System32\TuneUpDefragService.exe
0
Réponse 11 / 31
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
Bien ... On continue :

1- Télécharges : - CCleaner
https://www.pcastuces.com/logitheque/ccleaner.htm
Ce logiciel va permettre de supprimer tous les fichiers temporaires et de corrigé ton registre .Lors de l'installation, avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires" sauf les 2 première.
Une fois le prg instalé et lancé, Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures"( Par la suite, laisse-le avec ses réglages par défaut. C'est tout ).

Un tuto ( aide ):
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm

---> Utilisation:
! déconnectes toi et fermes toutes applications en cours !
* vas dans "nettoyeur" : fait analyse puis nettoyage
* vas dans "registre" : fait chercher les erreurs et réparer ( plusieurs fois jusqu'à ce qu'il n'y est plus d'erreur ) .

( CCleaner : soft à garder sur son PC , super utile pour de bons nettoyages ... )

2- Télécharges MalwareByte's :
ici ftp://ftp.commentcamarche.com/download/mbam-setup.exe
ou ici : http://www.malwarebytes.org/mbam.php

Installes le ( choisis bien "francais" ; ne modifies pas les paramètres d'installe ) et mets le à jour .

(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharges le ici : https://www.malekal.com/tutorial-aboutbuster/ )

Potasses le tuto pour te familiariser avec le prg : https://forum.pcastuces.com/sujet.asp?f=31&s=3
( cela dis, il est très simple d'utilisation ).

Impératif : redémarres en mode sans échec :

/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Comment aller en Mode sans échec
1) Redémarres ton ordi
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisis la première option : Sans Échec, et valide avec "Entrée"
5) Choisis ton compte habituel, et non Administrateur (si besoin ... )
(attention : pas de connexion possible en mode sans échec , donc copies ou imprimes bien la manipe pour éviter les erreurs ...)

Lances Malwarebyte's .

Fais un scan dit "complet" ( sélectionnes bien tous tes disks avant le scan ! ) et supprimes tout ce qu'il peut trouver, c'est à dire :
-->Laisses le scan se terminer,puis à la fin tu cliques sur "résultat" .
-->Vérifies que tous les objets infectés soient validés, puis cliques sur " suppression " .

Redémarres ton PC ( mode normal ).

Postes le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date) accompagné d'un nouveau rapport RSIT ( fait en mode normal ) ...
0
Réponse 12 / 31
rick0837 Messages postés 54 Statut Membre 8
 
Re, voici les rapports

malwarbit
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1226
Windows 5.1.2600 Service Pack 3

02/10/2008 22:22:01
mbam-log-2008-10-02 (22-22-01).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 269783
Temps écoulé: 3 hour(s), 8 minute(s), 5 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 20

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS2\system32\fcCUMcaA.dll (Trojan.Vundo.H) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ee45019-f81b-46ab-b0e6-1f474f75b971} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{3ee45019-f81b-46ab-b0e6-1f474f75b971} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows2\system32\fccumcaa -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows2\system32\fccumcaa -> Delete on reboot.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS2\system32\fcCUMcaA.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS2\system32\AacMUCcf.ini (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS2\system32\AacMUCcf.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS2\system32\brwnludg.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS2\system32\gdulnwrb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS2\system32\ogkftghf.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS2\system32\fhgtfkgo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B5569BF3-BBBD-488B-AEE8-65AA3E65146F}\RP390\A0087472.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B5569BF3-BBBD-488B-AEE8-65AA3E65146F}\RP437\A0094702.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B5569BF3-BBBD-488B-AEE8-65AA3E65146F}\RP437\A0094703.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B5569BF3-BBBD-488B-AEE8-65AA3E65146F}\RP437\A0094704.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B5569BF3-BBBD-488B-AEE8-65AA3E65146F}\RP437\A0094706.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B5569BF3-BBBD-488B-AEE8-65AA3E65146F}\RP437\A0094707.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B5569BF3-BBBD-488B-AEE8-65AA3E65146F}\RP437\A0094720.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B5569BF3-BBBD-488B-AEE8-65AA3E65146F}\RP437\A0095866.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS2\system32\pmnlKeeC.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS2\system32\tuvTKdcy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS2\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS2\system32\tdssservers.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS2\Temp\TDSS92bd.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

et RSIT

Logfile of random's system information tool 1.04 (written by random/random)
Run by lelong at 2008-10-02 22:25:36
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 118 GB (41%) free of 286 GB
Total RAM: 1535 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:25:47, on 02/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS2\System32\smss.exe
C:\WINDOWS2\system32\winlogon.exe
C:\WINDOWS2\system32\services.exe
C:\WINDOWS2\system32\lsass.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS2\Explorer.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS2\RTHDCPL.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS2\system32\RUNDLL32.EXE
C:\WINDOWS2\system32\nvsvc32.exe
C:\WINDOWS2\system32\PnkBstrA.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe
C:\WINDOWS2\system32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS2\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\lelong\Bureau\RSIT.exe
C:\Documents and Settings\lelong\Bureau\Nouveau dossier\HiJackThis\lelong.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {05DE00E4-E691-4074-859F-68DD28C01019} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {57F7BFCB-57E2-4A58-9C33-0BA7C99BC37E} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7CFD1B61-56FD-417C-9F99-ABB2173E402A} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO Barre de Confiance - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O3 - Toolbar: Barre de confiance - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS2\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS2\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS2\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS2\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS2\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS2\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WiFi Station.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS2\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS2\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS2\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS2\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega.DMFacade.Interface) - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr/configurateur/AccountHelper.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS2\system32\nvsvc32.exe
O23 - Service: ODBC Administration Service (odbcasvc) - Unknown owner - C:\WINDOWS2\SYSTEM32\odbcasvc.EXE (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS2\system32\PnkBstrA.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS2\system32\sfrem01.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS2\System32\TuneUpDefragService.exe
0
Réponse 13 / 31
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
très bien ... on avance ... ^^

Dans l'ordre :

1- Supprimes tout ce qui ce trouve dans la quarantaine de Malwarebytes .

2- refais un coup de CCleaner ( registre compris ) .

3- Fais exactement ce qui suit :

Télécharges ComboFix (par sUBs) sur ton Bureau (et pas ailleurs !):

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
!! Déconnectes toi,fermes tes applications en cours et DESACTIVES TOUTES TES DEFENSES (anti-virus, guardes anti spy-ware, pare-feu) le temps de la manipe :
en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !!
--->Important : si tu rencontres des difficultés à ce niveau là, fais m'en part avant de poursuivre ...
Tuto ( aide ) ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

---------------------------------------------------------------------------------------------------------------------------------

Ensuite :
double-cliques sur l'icône "combofix.exe" pour lancer l'outil .

Appuyes sur la touche Y (Yes) pour démarrer le scan .

Notes importantes :
--> n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi .
--> Il se peut que le PC redémarre de lui même ( pour finaliser le nettoyage ) , laisses le faire .
--> si un message d'erreur windows apparait à un momment : clik sur la croix rouge en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! sinon pas de rapport ... )

Le rapport sera crée dans: C:\Combofix.txt

Postes le rapport Combofix accompagné d'un nouveau rapport RSIT pour analyse ...
0
Réponse 14 / 31
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
Salut,

1- refais un coup de CCleaner ( registre compris ) et dis moi comment va le PC maintenant ...

2- Rends toi sur ce site :

https://www.virustotal.com/gui/

Copies ce qui suit et colles le dans l'espace pour la recherche :
C:\Documents and Settings\lelong\Mes documents\logiciel pour gifs\xara 3D\Xara Menu Maker 1.0 .exe

Cliques sur Send File ( = " Envoyer le fichier " ).

Un rapport va s'élaborer ligne à ligne.

Attends bien la fin ... Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copies le dans ta prochaine réponse et attends la suite ... ( surtout le début avec le listing des AV )

( Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant )

0
Réponse 15 / 31
rick0837 Messages postés 54 Statut Membre 8
 
Re, voila j'ai fait ce que tu ma dit avec Ccleaner et il ma trouver quelque erreurs que j'ai suprimer et je l'ai refait et il n'y avait plus d'erreur
ensuite voici le r'apprt de virustotal

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.9.25.0 2008.09.29 -
AntiVir 7.8.1.34 2008.09.29 -
Authentium 5.1.0.4 2008.09.29 -
Avast 4.8.1195.0 2008.09.29 -
AVG 8.0.0.161 2008.09.28 -
BitDefender 7.2 2008.09.29 -
CAT-QuickHeal 9.50 2008.09.29 -
ClamAV 0.93.1 2008.09.29 -
DrWeb 4.44.0.09170 2008.09.29 -
eSafe 7.0.17.0 2008.09.28 -
eTrust-Vet 31.6.6110 2008.09.26 -
Ewido 4.0 2008.09.28 -
F-Prot 4.4.4.56 2008.09.28 -
F-Secure 8.0.14332.0 2008.09.29 -
Fortinet 3.113.0.0 2008.09.29 -
GData 19 2008.09.29 -
Ikarus T3.1.1.34.0 2008.09.29 -
K7AntiVirus 7.10.476 2008.09.27 -
Kaspersky 7.0.0.125 2008.09.29 -
McAfee 5393 2008.09.27 -
Microsoft 1.3903 2008.09.29 -
NOD32 3478 2008.09.28 -
Norman 5.80.02 2008.09.26 -
Panda 9.0.0.4 2008.09.28 -
PCTools 4.4.2.0 2008.09.26 -
Prevx1 V2 2008.09.29 -
Rising 20.63.62.00 2008.09.28 -
SecureWeb-Gateway 6.7.6 2008.09.29 -
Sophos 4.34.0 2008.09.29 -
Sunbelt 3.1.1675.1 2008.09.27 -
Symantec 10 2008.09.29 -
TheHacker 6.3.0.9.096 2008.09.29 -
TrendMicro 8.700.0.1004 2008.09.29 -
VBA32 3.12.8.6 2008.09.28 -
ViRobot 2008.9.26.1394 2008.09.26 -
VirusBuster 4.5.11.0 2008.09.28 -
Information additionnelle
File size: 5109800 bytes
MD5...: 8099d3aa6bd2b5b1536e3f0d27aa4e47
SHA1..: 459d38026cdab6fefa5eacc73539c25255e852f5
SHA256: 039c893da216e6ccf0dac0b7e3ef7a8aacfa425c9f04e29dc4f65c8a8f130750
SHA512: 7c967d34ac6507c0c1684f953cc2fba5d228944c042a9873e7f37683ef3bbb9d
07f64ea22576a875f5dce590e552300efa0141dceaa3baea38ebd513b2685533
PEiD..: Armadillo v1.71
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x408af7
timedatestamp.....: 0x3d4a2e3e (Fri Aug 02 07:01:18 2002)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x12436 0x13000 6.54 5c5060bef67ebb81f05c17a35ec12872
.rdata 0x14000 0x19b2 0x2000 4.87 1fa22713014a16f333a15283f667d28b
.data 0x16000 0x6e64 0x4000 1.35 a208c1abc7e4034fdfe9e0052f48914b
.rsrc 0x1d000 0x2caa8 0x2d000 7.02 ec94da8be72425a8c173d02dde72e1c9

( 7 imports )
> KERNEL32.dll: GetProcAddress, FormatMessageA, DeleteFileA, MulDiv, IsDBCSLeadByte, GetExitCodeProcess, CreateProcessA, GetTempFileNameA, GetSystemDefaultLCID, WaitForSingleObject, CompareStringA, Sleep, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, FreeLibrary, RemoveDirectoryA, FindNextFileA, WritePrivateProfileSectionA, GetStartupInfoA, WriteFile, ReadFile, SetFileAttributesA, LocalFree, LocalAlloc, LockResource, LoadResource, FindResourceA, SizeofResource, GetModuleHandleA, GlobalFree, GlobalUnlock, GlobalLock, GlobalAlloc, MultiByteToWideChar, lstrcmpiA, GetDiskFreeSpaceA, HeapAlloc, GetProcessHeap, HeapFree, lstrcpynA, ExitProcess, CreateFileA, CreateFileMappingA, MapViewOfFile, UnmapViewOfFile, CreateDirectoryA, SetFilePointer, GetFileSize, FindClose, GetLastError, FindFirstFileA, lstrlenA, GetFileAttributesA, GetPrivateProfileStringA, GetSystemDirectoryA, GetWindowsDirectoryA, lstrcatA, GetModuleFileNameA, GetTempPathA, lstrcpyA, GetPrivateProfileSectionA, LoadLibraryA, MoveFileExA, WritePrivateProfileStringA, GetShortPathNameA, FlushFileBuffers, IsBadCodePtr, CloseHandle, SetStdHandle, SetUnhandledExceptionFilter, LCMapStringW, LCMapStringA, GetFileType, GetStdHandle, SetHandleCount, GetEnvironmentStringsW, GetEnvironmentStrings, WideCharToMultiByte, FreeEnvironmentStringsW, FreeEnvironmentStringsA, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetStringTypeW, GetStringTypeA, GetOEMCP, GetACP, GetCPInfo, IsBadWritePtr, HeapReAlloc, VirtualAlloc, VirtualFree, HeapCreate, HeapDestroy, GetVersionExA, GetEnvironmentVariableA, GetVersion, GetCommandLineA, RtlUnwind, IsBadReadPtr
> USER32.dll: SetFocus, PostMessageA, GetDlgItem, SendDlgItemMessageA, GetParent, GetDC, LoadImageA, MessageBoxA, wsprintfA, CheckRadioButton, EnableWindow, IsDlgButtonChecked, GetDlgItemTextA, CheckDlgButton, SetDlgItemTextA, ReleaseDC, GetWindowLongA, SetWindowTextA, CharNextA, GetDesktopWindow, GetWindowTextA, GetWindow, DestroyWindow, CreateDialogParamA, GetSysColor, GetSysColorBrush, FillRect, BeginPaint, DrawTextA, EndPaint, GetClientRect, ScreenToClient, MoveWindow, SetParent, MapDialogRect, GetNextDlgTabItem, GetWindowRect, CreateDialogIndirectParamA, IsWindow, InvalidateRect, IsWindowEnabled, ShowWindow, UpdateWindow, IsDialogMessageA, SetWindowPos, GetActiveWindow, SetActiveWindow, SetWindowLongA, LoadStringA, LoadIconA, DispatchMessageA, SendMessageA, TranslateMessage, PeekMessageA
> GDI32.dll: CreateFontIndirectA, RealizePalette, SelectPalette, CreatePalette, GetObjectA, GetStockObject, CreateDIBitmap, GetTextExtentPointA, SelectObject, EnumFontFamiliesExA, DeleteDC, BitBlt, TextOutA, SetBkMode, SetBkColor, CreateCompatibleDC, CreateSolidBrush, SetTextColor, DeleteObject, GetDeviceCaps
> ADVAPI32.dll: RegCloseKey, RegQueryValueExA, RegOpenKeyExA
> SHELL32.dll: ShellExecuteA, SHBrowseForFolderA, SHGetPathFromIDListA, SHGetMalloc
> LZ32.dll: LZOpenFileA, LZCopy, LZClose
> COMCTL32.dll: -

( 0 exports )

packers (F-Prot): CAB, MSLZ
0
Réponse 16 / 31
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
Bon ...

1- Télécharges OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
ou http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

Déconnectes toi et fermes toute tes applications en cours .

cliques double sur OTMoveIt.exe pour le lancer.
copies ce qui se trouve en citation ci-dessous,

C:\Documents and Settings\lelong\Mes documents\logiciel pour gifs\xara 3D\Xara Menu Maker 1.0 .exe
C:\VundoFix Backups

et colles le dans le cadre de gauche de OTMoveIt2 :
Paste standard List of Files/Folders to be moved.

cliques sur MoveIt! pour lancer la suppression.
le résultat apparaîtra dans le cadre Results.

cliques sur Exit pour fermer.
--->postes le rapport situé dans le dossier " C:\OTMoveIt\MovedFiles." ( c'est un .log )

Note : il te sera peut-être demandé de redémarrer le pc pour achever la suppression.
si c'est le cas acceptes par "Yes".

2- Télécharges GenProc (de Jean-Chretien1 et Narco4) sur ton bureau (et pas ailleur !) :
http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip

!!Déconnectes toi et fermes tes application en cours !!

Dézippes (=extraire tout) le contenu de ce que tu viens de télécharger sur ton bureau .

Ouvres le dossier Genproc :
double-cliques sur GenProc.bat et laisses faire ...

Une fois terminé, postes le contenu du rapport qui s'ouvre ...

Aide en images ici : http://www.alt-shift-return.org/Info/GenProc-HowTo.html

IMPORTANT : postes le rapport et ne fait rien d'autre pour l'instant ( souvant il faut ajouter des consignes à la manipe indiquée pour que cela fonctionne parfaitement ) .

0
Réponse 17 / 31
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
très bien ... le scan est vierge ...

Dis moi comment va le PC .... encore des soucis ? ... Si tu n'as plus de prb , fais ce qui suit dans l'ordre :

1- Fermes toutes tes applications et déconnectes toi .

Relances Hijackthis mais click sur " Do a scan only "
Tu vois donc apparaitre le résultat du scan : une multitudes de lignes ,chacunes précédées d'un carré vide .
Tu vas cliquer sur les carrés des lignes suivantes :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS2\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS2\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS2\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS2\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS2\system32\CTFMON.EXE (User 'Default user')

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab

Tu cliques en bas sur le bouton FIX CHECKED et valides .

( si Spybot S&D s'affolle , acceptes toutes les modifs de registre ... )

2-Lances Toolscleaner2 .
*Cliques sur Recherche et laisses le scan se terminer (cela peut être long).
*Cliques sur Suppression pour finaliser.
*Tu peux, si tu le souhaites, te servir des Options facultatives
*Cliques sur "quitter" pour générer un rapport ( et pas sur la croix rouge !) :
---> Postes ce rapport : il se trouve à la racine de ton disque dur -> C:\TCleaner.txt .

Note : Ce petit soft va te nettoyer tout les trucs dont on c'est servi pour la désinfection ( tu n'en as plus besion ! ) .
Supprimes tout les outils , dossiers ou rapports consernant la désinfection que Toolscleaner2 n'a pas supprimé .

Puis enfin supprimes Toolscleaner2 ...

3- Refais un coup de CCleaner ( registre compris ).

4- Fais ce check-up pour finir :

( étape A à faire de suite ! et le reste dès que tu peux mais ne tardes pas trop ;) )

A-Purge de la restauration système
*Désactives ta restauration :
Cliques droit sur poste de travail/propriétés/Restauration système/coche la case désactiver la restauration, appliquer, OK
--->Redémarres ton PC
*Réactives ta restauration :
Cliques droit sur poste de travail/propriétés/Restauration système/décoche la case désactiver la restauration, appliquer, OK
--->Redémarres ton PC
( Note : tu peux aussi y accéder via panneau de configuration->" système "->" restauration système " ).

Attention : ne pas toucher au PC pendant qu'il travaille !

B-Nettoyage et Défragmentation de tes Disques
*Nettoyage :
Clic droit sur "poste de travail" ==>"ouvrir" ==>clic droit sur le disque C ==>Propriétés ==>onglet "Général"
Cliques sur le bouton "nettoyage de disque", OK
tu le fais pour chacun de tes disques

*Vérifications des erreurs :
Clic droit sur "poste de travail" ==>"ouvrir" ==>clic droit sur le disque C ==>Propriétés ==>onglet "Outil"
"Vérifier maintenant", une boîte s'ouvre, cocher les cases :
-réparer automatiquement les erreurs...
-rechercher et tenter une récupération...
--->Démarrer, ok
Note : s'il te dis de redémarrer ton Pc pour le faire , tu redémarres et tu laisses faire, cela prend un peu de temps c'est normal
tu le fais pour chacun de tes disques

ensuite toujours dans le même onglet tu choisis :
*Défragmentation :
"défragmenter maintenant", OK
une boîte s'ouvre, tu sélectionnes le disque à défragmenter, et tu cliques sur "analyser", puis après l'analyse, "défragmenter" . OK
tu le fais pour chacun de tes disques

C-Crées un point de restauration de ton PC :

Aller dans le Menu Démarrer puis dans Programmes,
- Ensuite dans Accessoires et enfin dans Outils système,
- Choisir "Restauration du système",
- Sélectionner "Créer un point de restauration",
- Cliquer sur "Suivant",
- Entrer un nom pour le point de restauration (ce nom doit être assez évocateur), exemple :
<< Point restauration sain >> .

--> Cliquer sur "Créer" et le point de restauration se créé automatiquement.

---> une fois terminé, dis moi ce que cela a donné ... =)

0
Réponse 18 / 31
rick0837 Messages postés 54 Statut Membre 8
 
je vient de terminé voici le rapport

[ Rapport ToolsCleaner version 2.2.3 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\Documents and Settings\All Users.WINDOWS2\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users.WINDOWS2\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\lelong\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\lelong\Bureau\ComboFix.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\WINDOWS2\system32\*.msnfix: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users.WINDOWS2\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\lelong\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\lelong\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\WINDOWS2\system32\*.msnfix: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\All Users.WINDOWS2\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Corbeille vidée!
Fichiers temporaires nettoyés !

Pour le reste je vais le faire aussitot que tu me donne le feu vert
0
Réponse 19 / 31
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
Bien :

fais ceci pour supprimé Combofix :

-->Cliques sur " Démarrer "( ou combine la touche Windows + R ) -> " Executer " -> copie/colles cette ligne :

ComboFix /u

( laisses l'espace entre Combofix et /u )

-->Valides .

Ensuite tu peux continuer la manipe ...

Dis moi ce que cela a donné une foi terminé .... ;)
0
Réponse 20 / 31
rick0837 Messages postés 54 Statut Membre 8
 
Ok je mis colle
0

Discussions similaires

infection
gladiator1952 -
gladiator1952 -

6 réponses
Infection pc
Nanie24 -
Nanie24 -

22 réponses
[pnkbstra]infection
swazolie -
billou631 -

9 réponses
infection virus
Utilisateur anonyme -
Utilisateur anonyme -

3 réponses
Infection Bloom ?
ccm81 -
fabul -

8 réponses