Refus Windows Mode ss échec / Virus Lab 2009

Roudoudou -
Copodeboa - 11 févr. 2009 à 19:34

Bonjour,

J'en appelle à votre aide et expertise car depuis une semaine, j'essaye de réparer tout seul mon ordi à la suite d'une forte attaque virale et, pour l'instant, ce n'est pas vraiment un succès.

Tout d'abord, Windows refuse de s'ouvrir en mode sans échec (je fais bien F8 et la sélection) : en fait, lorsque je suis sur la page où se trouve le choix entre l'administrateur et mon compte, je rendre mon mot de passe et ensuite le PC se reboote tout seul et lance tout de suite après le chargement de Windows en mode normal.

Ensuite, lorsque Windows s'ouvre, j'ai le message d'erreur suivant qui s'affiche "Windows - Pas de disque / Exception Processing Message c0000013 Parameters 75afbf7c 4 75afbf7c 75 afbf7c" et j'ai le choix entre Annuler, Recommencer et Continuer. J'annule par deux ou trois fois cette fenêtre.

Et pour finir, l'ordinateur a fait l'objet la semaine dernière d'une attaque virale assez puissante de Virus Lab 2009. Je pense que ce virus a peut-être été désinstallé depuis, mais je suis certain que d'autres virus aussi puissants sont aujourd'hui installés sur mon ornidateur.

Par ailleurs, Norton est installé et il détecte régulièrement certains virus qu'il est censé avoir détruit une heure avant... Bref, je ne m'en sors pas.

J'ai installé quelques antivirus comme il est recommandé sur certains post : hijackthis, Smitfraudfix, Malwarebytes... Toutefois, là aussi, mon ordinateur l'est fait planter avant la fin des scans ou des réparations.

Voilà, je remercie tout personne qui voudra m'éclairer sur la marche à suivre, mais j'avoue que je suis peu paumé et désespéré.

Merci à tous les conseils éclairés. Ils sont les bienvenus.

Je vous communique ci-après le dernier rapport de scan de hijackthis (le dernier scan est passé) :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:48:02, on 08/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
C:\Program Files\tinyproxy\tinyproxy.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\TF1Vision\TF1vision.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\orange\player orange\Orange Player.exe
C:\Program Files\Fichiers communs\Real\Update_OB\rnathchk.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [PlayerKiosquePlus] C:\Program Files\Lecteur CANALPLAY\PlayerKiosquePlus.exe /iconic
O4 - HKLM\..\Run: [CanalPlayerHelper] C:\Program Files\Lecteur CANALPLAY\CanalPlayerHelper.exe
O4 - HKLM\..\Run: [ORAHSSStartup] "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [e-TF1] C:\Program Files\TF1Vision\TF1vision.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Allocine] "C:\Program Files\Allocine\Allocine.exe" /check
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Canal Widget] "C:\Program Files\Canal\Canal Widget\Launcher.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kddqv.exe] C:\WINDOWS\system32\kddqv.exe
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdprs.exe] C:\WINDOWS\system32\kdprs.exe
O4 - HKLM\..\Run: [CPM73d43bbf] Rundll32.exe "c:\windows\system32\lcnduerb.dll",a
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [OrangePlayer] c:\program files\orange\player orange\Orange Player.exe /systray
O4 - HKCU\..\Run: [(dmserver) ] "C:\Program Files\Services en ligne\bin\nvwrszhc.exe" /set
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: *.canal-plus.com (HKLM)
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot2_x.cab
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst0_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt0_x.cab
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://images.goa.com/it/Woo2/fr/20031030/Downloads/npwwg.cab
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://www.m6video.fr/1click/install/files/installer2.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://extraweb-emea.ey.com/home/extraweb/iNotes.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - https://www.cult3d.com/
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://extraweb-emea.ey.com/FRM005/iNotes6.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - https://tiragesphoto.fnac.com/
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager) - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
O16 - DPF: {B9907873-6560-4A36-B76B-9DADE84A7F55} (FnacmusicDnl.DnlManager) - https://www.fnacmusic.com/telechargementFnacmusic/FnacmusicDnl.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E1AF091A-9F23-4059-89D7-C05EE073285D} - https://www.canalplus.com/canalplay/
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {FD40EC41-D860-4579-8BA4-52671A45C71C} (AxHtChat Class) - http://images.goa.com/it/Woo2/fr/chat/nPaxChat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EDA04AB-A48A-484B-9EEB-36065321313A}: NameServer = 85.255.114.21,85.255.112.134
O20 - AppInit_DLLs: karna.da sjqsfx.dll,c:\windows\system32\lcnduerb.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lcnduerb.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lcnduerb.dll
O23 - Service: Apple Mobile Device - Unknown owner - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Client DHCP (Dhcp) - Unknown owner - C:\Program Files\tinyproxy\tinyproxy.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Logical Disk Manager (dmserver) - Unknown owner - C:\Program Files\Services en ligne\bin\nvwrszhc.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe

Afficher la suite

A voir également:

Refus Windows Mode ss échec / Virus Lab 2009
Mode sans echec ps4 - Guide
Mode avion - Guide
Mode sans echec - Guide
God mode windows - Guide
Mode sécurisé samsung - Guide

101 réponses

Réponse 41 / 101

Roudoudou

Hello,

Ci-joint le rapport Smitfraudfix + Hijackthis.

@+
Roudoudou

***************************

SmitFraudFix v2.373

Rapport fait à 16:24:29,71, 10/11/2008
Executé à partir de C:\Documents and Settings\Thierry\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» DNS Avant Fix

Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté !

Description: GVC-REALTEK Ethernet 10/100 PCI Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 85.255.114.21
DNS Server Search Order: 85.255.112.134

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3EDA04AB-A48A-484B-9EEB-36065321313A}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{3EDA04AB-A48A-484B-9EEB-36065321313A}: NameServer=85.255.114.21,85.255.112.134
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3EDA04AB-A48A-484B-9EEB-36065321313A}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{3EDA04AB-A48A-484B-9EEB-36065321313A}: NameServer=85.255.114.21,85.255.112.134
HKLM\SYSTEM\CS3\Services\Tcpip\..\{3EDA04AB-A48A-484B-9EEB-36065321313A}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» DNS Après Fix

HKLM\SYSTEM\CS3\Services\Tcpip\..\{3EDA04AB-A48A-484B-9EEB-36065321313A}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

************************************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:25:54, on 10/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TF1Vision\TF1vision.exe
C:\WINDOWS\system32\tbctray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\orange\player orange\Orange Player.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Real\Update_OB\rnathchk.exe
C:\Documents and Settings\Thierry\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kddqv.exe] C:\WINDOWS\system32\kddqv.exe
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdprs.exe] C:\WINDOWS\system32\kdprs.exe
O4 - HKLM\..\Run: [CPM73d43bbf] Rundll32.exe "c:\windows\system32\owsvmexm.dll",a
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PlayerKiosquePlus] C:\Program Files\Lecteur CANALPLAY\PlayerKiosquePlus.exe /iconic
O4 - HKLM\..\Run: [ORAHSSStartup] "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [e-TF1] C:\Program Files\TF1Vision\TF1vision.exe
O4 - HKLM\..\Run: [CanalPlayerHelper] C:\Program Files\Lecteur CANALPLAY\CanalPlayerHelper.exe
O4 - HKLM\..\Run: [Canal Widget] "C:\Program Files\Canal\Canal Widget\Launcher.exe"
O4 - HKLM\..\Run: [Allocine] "C:\Program Files\Allocine\Allocine.exe" /check
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OrangePlayer] c:\program files\orange\player orange\Orange Player.exe /systray
O4 - HKCU\..\Run: [(dmserver) ] "C:\Program Files\Services en ligne\bin\nvwrszhc.exe" /set
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: *.canal-plus.com (HKLM)
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot2_x.cab
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst0_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt0_x.cab
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://images.goa.com/it/Woo2/fr/20031030/Downloads/npwwg.cab
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://www.m6video.fr/1click/install/files/installer2.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://extraweb-emea.ey.com/home/extraweb/iNotes.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - https://www.cult3d.com/
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://extraweb-emea.ey.com/FRM005/iNotes6.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - https://tiragesphoto.fnac.com/
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager) - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
O16 - DPF: {B9907873-6560-4A36-B76B-9DADE84A7F55} (FnacmusicDnl.DnlManager) - https://www.fnacmusic.com/telechargementFnacmusic/FnacmusicDnl.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E1AF091A-9F23-4059-89D7-C05EE073285D} - https://www.canalplus.com/canalplay/
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {FD40EC41-D860-4579-8BA4-52671A45C71C} (AxHtChat Class) - http://images.goa.com/it/Woo2/fr/chat/nPaxChat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EDA04AB-A48A-484B-9EEB-36065321313A}: NameServer = 85.255.114.21,85.255.112.134
O23 - Service: Apple Mobile Device - Unknown owner - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Client DHCP (Dhcp) - Unknown owner - C:\Program Files\tinyproxy\tinyproxy.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Logical Disk Manager (dmserver) - Unknown owner - C:\Program Files\Services en ligne\bin\nvwrszhc.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe

Réponse 42 / 101

Utilisateur anonyme

Re,

● Télécharge OtmoveIt3 d'Old Timer Sur ton bureau.

● Double clique sur " OtmoveIt3.exe " pour le lancer.

● Copie/colle le texte suivant en gris dans la case de gauche " Paste Instructions for items to be moved "

:processes
explorer.exe

Files:
c:\windows\system32\kddqv.exe
c:\windows\system32\kdprs.exe

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"C:\WINDOWS\system32\kddqv.exe"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"C:\WINDOWS\system32\kdprs.exe"=-

● Clique sur " MoveIt! "

● Copie tout ce qui est marqué dans la case de droite " Results "

● Colle tout sur le forum.

( Rapport situé ici aussi : C:\_OTMoveIt\MovedFiles )

Réponse 43 / 101

Roudoudou

Salut,

J'ai bien fait le OTMoveit3. Toutefois, le logiciel s'est bien executé, mais au moment de le fermer, le PC a planté. J'ai pu récupérer le rapport après le redémarrage.

A ce sujet, à l'ouverture de Windows, j'ai le message suivant qui s'affiche (depuis que Combofix a été exécuté) : "Erreur de Chargement de C/ : Rundll Windows/systems32/Owsvmexm.dll". je t'avoue que je ne sais pas ce que cela signifie.

Je te transmets également pour info le rapport hijackthis que je viens de réaliser.

@+
Roudoudou

******************************************

========== PROCESSES ==========
Process explorer.exe killed successfully.
Unable to kill process: Files:
Unable to kill process: c:\windows\system32\kddqv.exe
Unable to kill process: c:\windows\system32\kdprs.exe
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\C:\WINDOWS\system32\kddqv.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\C:\WINDOWS\system32\kdprs.exe deleted successfully.

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11102008_165550

**********************************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:13:39, on 10/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TF1Vision\TF1vision.exe
C:\Program Files\Fichiers communs\Real\Update_OB\rnathchk.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canal\Canal Widget\Canal Widget.exe
C:\WINDOWS\system32\tbctray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\orange\player orange\Orange Player.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdprs.exe] C:\WINDOWS\system32\kdprs.exe
O4 - HKLM\..\Run: [CPM73d43bbf] Rundll32.exe "c:\windows\system32\owsvmexm.dll",a
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PlayerKiosquePlus] C:\Program Files\Lecteur CANALPLAY\PlayerKiosquePlus.exe /iconic
O4 - HKLM\..\Run: [ORAHSSStartup] "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [e-TF1] C:\Program Files\TF1Vision\TF1vision.exe
O4 - HKLM\..\Run: [CanalPlayerHelper] C:\Program Files\Lecteur CANALPLAY\CanalPlayerHelper.exe
O4 - HKLM\..\Run: [Canal Widget] "C:\Program Files\Canal\Canal Widget\Launcher.exe"
O4 - HKLM\..\Run: [Allocine] "C:\Program Files\Allocine\Allocine.exe" /check
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OrangePlayer] c:\program files\orange\player orange\Orange Player.exe /systray
O4 - HKCU\..\Run: [(dmserver) ] "C:\Program Files\Services en ligne\bin\nvwrszhc.exe" /set
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: *.canal-plus.com (HKLM)
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot2_x.cab
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst0_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt0_x.cab
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://images.goa.com/it/Woo2/fr/20031030/Downloads/npwwg.cab
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://www.m6video.fr/1click/install/files/installer2.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://extraweb-emea.ey.com/home/extraweb/iNotes.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - https://www.cult3d.com/
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://extraweb-emea.ey.com/FRM005/iNotes6.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - https://tiragesphoto.fnac.com/
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager) - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
O16 - DPF: {B9907873-6560-4A36-B76B-9DADE84A7F55} (FnacmusicDnl.DnlManager) - https://www.fnacmusic.com/telechargementFnacmusic/FnacmusicDnl.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E1AF091A-9F23-4059-89D7-C05EE073285D} - https://www.canalplus.com/canalplay/
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {FD40EC41-D860-4579-8BA4-52671A45C71C} (AxHtChat Class) - http://images.goa.com/it/Woo2/fr/chat/nPaxChat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EDA04AB-A48A-484B-9EEB-36065321313A}: NameServer = 85.255.114.21,85.255.112.134
O23 - Service: Apple Mobile Device - Unknown owner - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Client DHCP (Dhcp) - Unknown owner - C:\Program Files\tinyproxy\tinyproxy.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Logical Disk Manager (dmserver) - Unknown owner - C:\Program Files\Services en ligne\bin\nvwrszhc.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe

Réponse 44 / 101

Utilisateur anonyme

Re,

Télécharge Lop S&D ici :

Lop S&D

==>Double-clique dessus pour lancer l'installation

==>Puis double-clique sur le raccourci Lop S&D présent sur ton bureau

==>Séléctionne la langue souhaitée

==> Puis choisis l'Option 1 ( Recherche )

==>>Patiente jusqu'à la fin du scan

Poste le rapport généré ( C:lopR.txt )

Roudoudou

Re,

Et voici !

Yeepee!
Roudoudou

******************************

--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.80GHz )
BIOS : Default System BIOS
USER : Thierry ( Administrator )
BOOT : Normal boot
Antivirus : Norton AntiVirus 15.0.0.58 (Activated)
Firewall : Norton AntiVirus 15.0.0.58 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:111 Go (Free:73 Go)
D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 10/11/2008|17:30 )

--------------------\\ Listing des dossiers dans APPLIC~1

[24/09/2002|22:21] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[24/09/2002|22:21] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[24/09/2002|23:11] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec

[24/09/2002|23:08] C:\DOCUME~1\ADMINI~2\APPLIC~1\Microsoft

[01/06/2008|20:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[19/08/2007|15:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[19/08/2007|15:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[24/09/2002|23:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
[21/11/2004|12:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ciel
[19/07/2007|23:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\fluxDVD
[11/06/2003|22:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[07/11/2008|01:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[24/09/2002|23:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MGI
[01/05/2003|00:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[19/07/2007|23:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\mpDRM
[28/09/2004|21:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN Messenger 6.2.0137
[04/10/2002|07:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[16/10/2005|15:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OD2
[07/12/2002|17:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[24/09/2002|23:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[09/02/2008|10:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[20/10/2008|19:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[06/11/2008|00:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[29/06/2006|21:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[09/11/2008|21:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

[14/01/2008|20:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Apple Computer
[24/09/2002|22:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[30/11/2007|23:11] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[24/09/2002|23:11] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

[25/02/2007|23:14] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[30/11/2007|23:10] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[16/01/2005|19:29] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec

[05/04/2008|21:04] C:\DOCUME~1\Thierry\APPLIC~1\Adobe
[01/06/2008|20:46] C:\DOCUME~1\Thierry\APPLIC~1\AdobeUM
[19/08/2007|16:48] C:\DOCUME~1\Thierry\APPLIC~1\Apple Computer
[25/02/2007|21:08] C:\DOCUME~1\Thierry\APPLIC~1\Azureus
[21/02/2007|22:02] C:\DOCUME~1\Thierry\APPLIC~1\BitTorrent
[29/08/2007|01:21] C:\DOCUME~1\Thierry\APPLIC~1\DivX
[06/04/2008|18:47] C:\DOCUME~1\Thierry\APPLIC~1\FUJIFILM
[09/08/2005|15:27] C:\DOCUME~1\Thierry\APPLIC~1\Google
[29/01/2003|23:10] C:\DOCUME~1\Thierry\APPLIC~1\Help
[18/09/2004|06:56] C:\DOCUME~1\Thierry\APPLIC~1\Identities
[06/04/2008|18:32] C:\DOCUME~1\Thierry\APPLIC~1\InstallShield
[15/11/2002|22:15] C:\DOCUME~1\Thierry\APPLIC~1\InterTrust
[06/09/2003|11:28] C:\DOCUME~1\Thierry\APPLIC~1\Macromedia
[07/11/2008|01:24] C:\DOCUME~1\Thierry\APPLIC~1\Malwarebytes
[20/05/2006|09:06] C:\DOCUME~1\Thierry\APPLIC~1\Microsoft
[01/01/2003|20:52] C:\DOCUME~1\Thierry\APPLIC~1\MSN6
[16/10/2005|15:38] C:\DOCUME~1\Thierry\APPLIC~1\OD2
[15/09/2007|20:12] C:\DOCUME~1\Thierry\APPLIC~1\player orange
[25/08/2008|20:46] C:\DOCUME~1\Thierry\APPLIC~1\Real
[23/01/2003|23:22] C:\DOCUME~1\Thierry\APPLIC~1\Roxio
[27/08/2007|00:36] C:\DOCUME~1\Thierry\APPLIC~1\Samsung
[05/08/2004|23:09] C:\DOCUME~1\Thierry\APPLIC~1\Steinberg
[13/04/2008|15:04] C:\DOCUME~1\Thierry\APPLIC~1\Sun
[04/01/2008|21:18] C:\DOCUME~1\Thierry\APPLIC~1\Symantec
[04/10/2002|20:57] C:\DOCUME~1\Thierry\APPLIC~1\Template
[21/04/2006|23:20] C:\DOCUME~1\Thierry\APPLIC~1\vlc
[05/01/2008|13:18] C:\DOCUME~1\Thierry\APPLIC~1\WinRAR

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[10/11/2008 14:14][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[15/09/2008 20:38][--a------] C:\WINDOWS\tasks\Norton AntiVirus - Effectuer une analyse complŠte du systŠme - Thierry.job
[10/11/2008 17:09][--ah-----] C:\WINDOWS\tasks\SA.DAT
[28/08/2001 07:00][-r-h-----] C:\WINDOWS\tasks\DESKTOP.INI

--------------------\\ Listing des dossiers dans C:\Program Files

[09/01/2005|23:41] C:\Program Files\a2 free
[28/08/2007|23:21] C:\Program Files\AC3Filter
[26/01/2008|10:18] C:\Program Files\Adobe
[14/07/2004|14:34] C:\Program Files\AKAI
[29/10/2002|23:03] C:\Program Files\Alcatel
[24/02/2008|22:03] C:\Program Files\Allocine
[03/08/2008|06:18] C:\Program Files\Apple Software Update
[31/07/2004|07:07] C:\Program Files\Auralog
[07/11/2004|10:51] C:\Program Files\BoontyGames
[22/01/2003|22:54] C:\Program Files\Bpm Wizard 2002
[04/02/2003|23:46] C:\Program Files\Cakewalk
[05/04/2008|21:05] C:\Program Files\Canal
[09/11/2008|19:09] C:\Program Files\CCleaner
[21/11/2004|12:47] C:\Program Files\Ciel
[24/09/2002|23:07] C:\Program Files\Classic PhoneTools
[04/02/2006|16:55] C:\Program Files\Common Files
[24/09/2002|22:21] C:\Program Files\ComPlus Applications
[24/09/2002|22:59] C:\Program Files\CONEXANT
[05/10/2002|16:11] C:\Program Files\Cresta
[24/09/2002|23:08] C:\Program Files\CyberLink
[24/09/2002|23:05] C:\Program Files\Dell
[24/09/2002|23:07] C:\Program Files\Dell Modem-On-Hold
[24/09/2002|23:07] C:\Program Files\Digital Line Detect
[31/12/2004|18:56] C:\Program Files\directx
[28/08/2007|23:41] C:\Program Files\DivX
[13/03/2007|22:06] C:\Program Files\FaxDrive
[28/08/2007|23:23] C:\Program Files\ffdshow
[10/11/2008|08:33] C:\Program Files\Fichiers communs
[09/11/2008|18:30] C:\Program Files\FindyKill
[19/10/2008|14:49] C:\Program Files\FinePixViewer
[04/10/2008|19:35] C:\Program Files\Fnacmusic
[12/10/2008|21:51] C:\Program Files\Furnish Pro
[09/08/2005|15:26] C:\Program Files\Google
[06/01/2004|22:06] C:\Program Files\Havas Medimedia
[23/07/2008|20:29] C:\Program Files\InstallShield Installation Information
[15/10/2008|10:57] C:\Program Files\Internet Explorer
[01/12/2007|11:30] C:\Program Files\iPod
[22/08/2006|20:34] C:\Program Files\IrfanView
[17/03/2008|20:03] C:\Program Files\iTunes
[11/10/2008|07:10] C:\Program Files\Java
[25/03/2006|14:27] C:\Program Files\Jeux classiques
[26/01/2008|10:19] C:\Program Files\JukeBoX V2
[10/11/2008|15:02] C:\Program Files\Kazaa
[06/11/2008|21:20] C:\Program Files\Lecteur CANALPLAY
[05/10/2002|15:46] C:\Program Files\Logitech
[16/11/2002|03:37] C:\Program Files\lycoed
[08/11/2008|18:17] C:\Program Files\Malwarebytes' Anti-Malware
[10/07/2004|23:21] C:\Program Files\M-Audio Midisport 2x2
[26/08/2008|21:06] C:\Program Files\Messenger
[24/09/2002|23:07] C:\Program Files\MGI
[24/09/2002|22:22] C:\Program Files\microsoft frontpage
[17/07/2003|23:31] C:\Program Files\Microsoft MapPoint Europe
[12/01/2003|11:18] C:\Program Files\Microsoft Money
[12/01/2003|11:15] C:\Program Files\Microsoft Office
[24/09/2002|23:09] C:\Program Files\Microsoft Works
[24/09/2002|23:07] C:\Program Files\Modem Helper
[28/08/2007|23:22] C:\Program Files\Morgan
[26/08/2008|20:58] C:\Program Files\Movie Maker
[18/01/2004|11:19] C:\Program Files\MSN
[24/09/2002|22:21] C:\Program Files\MSN Gaming Zone
[11/11/2004|16:17] C:\Program Files\MSN Messenger
[16/11/2006|09:17] C:\Program Files\MSXML 4.0
[05/04/2008|21:00] C:\Program Files\MSXML 6.0
[16/10/2005|15:38] C:\Program Files\Music Manager
[23/07/2008|20:35] C:\Program Files\MyDSC2
[10/11/2008|15:54] C:\Program Files\Navilog1
[26/08/2008|20:51] C:\Program Files\NetMeeting
[04/01/2008|22:53] C:\Program Files\Norton AntiVirus
[08/09/2007|14:29] C:\Program Files\Nouveau dossier
[15/07/2006|12:28] C:\Program Files\Orange
[10/02/2007|23:36] C:\Program Files\OrangeHSS
[26/08/2008|20:51] C:\Program Files\Outlook Express
[19/09/2004|18:19] C:\Program Files\PerfectNav
[24/10/2008|07:58] C:\Program Files\PhoTags Express
[07/12/2002|17:18] C:\Program Files\PIXELA
[05/10/2008|19:54] C:\Program Files\Pixie
[06/11/2002|23:53] C:\Program Files\Propellerhead
[01/12/2007|11:28] C:\Program Files\QuickTime
[05/10/2002|15:47] C:\Program Files\Real
[24/09/2002|23:07] C:\Program Files\Realtek Semiconductor Corp
[06/04/2008|18:31] C:\Program Files\REGSHAVE
[12/01/2003|11:12] C:\Program Files\Roxio
[12/04/2006|19:24] C:\Program Files\SAGEM
[27/08/2007|00:07] C:\Program Files\Samsung
[23/10/2008|21:59] C:\Program Files\Services en ligne
[21/04/2006|23:13] C:\Program Files\SLD Codec Pack
[08/09/2007|14:26] C:\Program Files\Smart Projects
[24/09/2002|23:08] C:\Program Files\Sonic
[16/11/2002|18:52] C:\Program Files\Sound Forge
[09/02/2008|12:55] C:\Program Files\Spybot - Search & Destroy
[05/08/2004|22:54] C:\Program Files\Steinberg
[03/06/2008|09:03] C:\Program Files\Symantec
[19/07/2008|07:10] C:\Program Files\Syncrosoft
[16/03/2008|15:31] C:\Program Files\TF1Vision
[07/11/2008|22:52] C:\Program Files\Trend Micro
[24/09/2002|23:08] C:\Program Files\Turtle Beach
[31/12/2004|18:37] C:\Program Files\Ubi Soft
[04/07/2004|19:27] C:\Program Files\Uninstall Information
[30/01/2005|10:31] C:\Program Files\UpToTen
[21/04/2006|23:15] C:\Program Files\VideoLAN
[30/03/2007|20:23] C:\Program Files\VirginMega
[28/08/2007|22:42] C:\Program Files\virtualdub_virtualdub_1.7.2_anglais_10126
[30/01/2003|00:35] C:\Program Files\Voyetra Turtle Beach
[02/09/2007|15:15] C:\Program Files\Wanadoo
[01/04/2006|12:44] C:\Program Files\Wanadoo Messager
[08/09/2007|08:32] C:\Program Files\Winamp
[05/10/2002|15:46] C:\Program Files\Windows Media Components
[25/02/2007|22:56] C:\Program Files\Windows Media Connect 2
[26/08/2008|20:51] C:\Program Files\Windows Media Player
[26/08/2008|20:51] C:\Program Files\Windows NT
[04/01/2008|21:40] C:\Program Files\Windows Sidebar
[05/09/2004|10:24] C:\Program Files\WindowsUpdate
[05/01/2008|13:18] C:\Program Files\WinRAR
[24/09/2002|22:22] C:\Program Files\XEROX
[09/02/2008|11:01] C:\Program Files\XnView
[28/08/2007|23:21] C:\Program Files\XviD
[09/11/2008|19:09] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[12/01/2003|11:12] C:\Program Files\Fichiers communs\Adaptec Shared
[01/06/2008|20:54] C:\Program Files\Fichiers communs\Adobe
[25/06/2008|23:06] C:\Program Files\Fichiers communs\Adobe AIR
[19/08/2007|15:10] C:\Program Files\Fichiers communs\Apple
[21/11/2004|12:47] C:\Program Files\Fichiers communs\Ciel
[10/10/2002|19:31] C:\Program Files\Fichiers communs\Designer
[08/09/2007|21:38] C:\Program Files\Fichiers communs\DigiDesign
[19/07/2007|23:04] C:\Program Files\Fichiers communs\fluxDVD
[10/02/2007|23:31] C:\Program Files\Fichiers communs\France Telecom
[19/09/2004|18:18] C:\Program Files\Fichiers communs\InstallShield
[22/02/2007|21:40] C:\Program Files\Fichiers communs\Java
[05/10/2002|15:46] C:\Program Files\Fichiers communs\Logitech
[11/06/2003|22:35] C:\Program Files\Fichiers communs\Macrovision Shared
[24/09/2002|23:07] C:\Program Files\Fichiers communs\MGI Shared
[05/04/2008|20:30] C:\Program Files\Fichiers communs\Microsoft Shared
[19/07/2007|23:03] C:\Program Files\Fichiers communs\mpDRM
[24/09/2002|22:21] C:\Program Files\Fichiers communs\MSSoap
[04/06/2004|08:48] C:\Program Files\Fichiers communs\ndfrtprc
[24/09/2002|22:21] C:\Program Files\Fichiers communs\ODBC
[10/11/2002|14:20] C:\Program Files\Fichiers communs\Real
[24/09/2002|22:21] C:\Program Files\Fichiers communs\Services
[24/09/2002|22:21] C:\Program Files\Fichiers communs\SpeechEngines
[28/11/2004|17:18] C:\Program Files\Fichiers communs\SWF Studio
[10/11/2008|15:56] C:\Program Files\Fichiers communs\Symantec Shared
[26/08/2008|20:51] C:\Program Files\Fichiers communs\System
[30/01/2003|00:35] C:\Program Files\Fichiers communs\Turtle Beach
[24/09/2002|23:02] C:\Program Files\Fichiers communs\Voyetra
[10/11/2002|14:20] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 46 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\Thierry\Cookies\thierry@advertising[1].txt

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 17:38:40
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwQueryDirectoryFile
scanning hidden processes ...
scanning hidden files ...
C:\WINDOWS\System32\kdprs.exe 69632 bytes executable
scan completed successfully
hidden processes: 0
hidden files: 1

--------------------\\ Recherche d'autres infections

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{3EDA04AB-A48A-484B-9EEB-36065321313A}]
NameServer REG_SZ 85.255.114.21,85.255.112.134
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{3EDA04AB-A48A-484B-9EEB-36065321313A}]
NameServer REG_SZ 85.255.114.21,85.255.112.134
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{3EDA04AB-A48A-484B-9EEB-36065321313A}]
NameServer REG_SZ 85.255.114.21,85.255.112.134
[b]==> WAREOUT <==/b

--------------------\\ KoobFace !

C:\WINDOWS\bemark2.dat

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Thierry\Bureau\Bureau divers\Folder Kazaa\Cubase SX Full Version with Crack.exe

[F:4][D:1]-> C:\DOCUME~1\Thierry\LOCALS~1\Temp
[F:64][D:0]-> C:\DOCUME~1\Thierry\Cookies
[F:103][D:6]-> C:\DOCUME~1\Thierry\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 10/11/2008|17:42 - Option : [1]

--------------------\\ Fin du rapport a 17:42:03

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 45 / 101

Utilisateur anonyme

Re,

Fait ceci maintenant et après toute ces manip tu me fait un hijackthis.

merci.

===================================================================

Relance Lop S&D

Choisis cette fois ci l'Option 2 ( Suppression )

Ne ferme pas la fenêtre lors de la suppression !

Poste le rapport généré ( C:\lopR.txt )

( Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr, Onglet Fichier,

Nouvelle tâche, tape explorer.exe et valide )

===================================================================

Aller dans Démarrer > Panneau de configuration > Connexions > clique droit sur la connexion > Propriétés > onglet Gestion de réseau
Mettre en surbrillance Protocole Internet (tcp/ip) puis cliquer sur le bouton Propriétés.
Dans les options (serveur DNS préféré et serveur DNS auxiliaire) Tu trouveras une de ces adresses présentes dans le rapport hijackthis en ligne 017 =>(85.255.114.21,85.255.112.134 )

Pour les éliminer, cocher : "Obtenir les adresses des serveurs DNS automatiquement" puis cliquer 2 fois sur"Ok" et redémarrer le PC.

@+

Réponse 46 / 101

Roudoudou

Hello,

Ci-joint le rapport après Lop S&D.

En revanche, petit problème : ma config des fenêtres ne correspond pas à ce que tu me décris pour afficher les serveurs DNS. J'ai consulté les aides microsoft pour voir où je pouvais y accéder sur mon système et je n'ai pas encore trouvé...

Si tu as une idée, je suis preneur.

Je poursuis les recherches également.

@+
Roudoudou

*************

--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.80GHz )
BIOS : Default System BIOS
USER : Thierry ( Administrator )
BOOT : Normal boot
Antivirus : Norton AntiVirus 15.0.0.58 (Activated)
Firewall : Norton AntiVirus 15.0.0.58 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:111 Go (Free:73 Go)
D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [2] ( 10/11/2008|18:04 )

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\DOCUME~1\Thierry\Cookies\thierry@advertising[1].txt

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing des dossiers dans APPLIC~1

[24/09/2002|22:21] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[24/09/2002|22:21] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[24/09/2002|23:11] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec

[24/09/2002|23:08] C:\DOCUME~1\ADMINI~2\APPLIC~1\Microsoft

[01/06/2008|20:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[19/08/2007|15:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[19/08/2007|15:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[24/09/2002|23:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
[21/11/2004|12:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ciel
[19/07/2007|23:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\fluxDVD
[11/06/2003|22:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[07/11/2008|01:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[24/09/2002|23:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MGI
[01/05/2003|00:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[19/07/2007|23:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\mpDRM
[28/09/2004|21:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN Messenger 6.2.0137
[04/10/2002|07:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
[16/10/2005|15:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OD2
[07/12/2002|17:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[24/09/2002|23:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[09/02/2008|10:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[20/10/2008|19:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[06/11/2008|00:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[29/06/2006|21:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[09/11/2008|21:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

[14/01/2008|20:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Apple Computer
[24/09/2002|22:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[30/11/2007|23:11] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[24/09/2002|23:11] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec

[25/02/2007|23:14] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[30/11/2007|23:10] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[16/01/2005|19:29] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec

[05/04/2008|21:04] C:\DOCUME~1\Thierry\APPLIC~1\Adobe
[01/06/2008|20:46] C:\DOCUME~1\Thierry\APPLIC~1\AdobeUM
[19/08/2007|16:48] C:\DOCUME~1\Thierry\APPLIC~1\Apple Computer
[25/02/2007|21:08] C:\DOCUME~1\Thierry\APPLIC~1\Azureus
[21/02/2007|22:02] C:\DOCUME~1\Thierry\APPLIC~1\BitTorrent
[29/08/2007|01:21] C:\DOCUME~1\Thierry\APPLIC~1\DivX
[06/04/2008|18:47] C:\DOCUME~1\Thierry\APPLIC~1\FUJIFILM
[09/08/2005|15:27] C:\DOCUME~1\Thierry\APPLIC~1\Google
[29/01/2003|23:10] C:\DOCUME~1\Thierry\APPLIC~1\Help
[18/09/2004|06:56] C:\DOCUME~1\Thierry\APPLIC~1\Identities
[06/04/2008|18:32] C:\DOCUME~1\Thierry\APPLIC~1\InstallShield
[15/11/2002|22:15] C:\DOCUME~1\Thierry\APPLIC~1\InterTrust
[06/09/2003|11:28] C:\DOCUME~1\Thierry\APPLIC~1\Macromedia
[07/11/2008|01:24] C:\DOCUME~1\Thierry\APPLIC~1\Malwarebytes
[20/05/2006|09:06] C:\DOCUME~1\Thierry\APPLIC~1\Microsoft
[01/01/2003|20:52] C:\DOCUME~1\Thierry\APPLIC~1\MSN6
[16/10/2005|15:38] C:\DOCUME~1\Thierry\APPLIC~1\OD2
[15/09/2007|20:12] C:\DOCUME~1\Thierry\APPLIC~1\player orange
[25/08/2008|20:46] C:\DOCUME~1\Thierry\APPLIC~1\Real
[23/01/2003|23:22] C:\DOCUME~1\Thierry\APPLIC~1\Roxio
[27/08/2007|00:36] C:\DOCUME~1\Thierry\APPLIC~1\Samsung
[05/08/2004|23:09] C:\DOCUME~1\Thierry\APPLIC~1\Steinberg
[13/04/2008|15:04] C:\DOCUME~1\Thierry\APPLIC~1\Sun
[04/01/2008|21:18] C:\DOCUME~1\Thierry\APPLIC~1\Symantec
[04/10/2002|20:57] C:\DOCUME~1\Thierry\APPLIC~1\Template
[21/04/2006|23:20] C:\DOCUME~1\Thierry\APPLIC~1\vlc
[05/01/2008|13:18] C:\DOCUME~1\Thierry\APPLIC~1\WinRAR

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[10/11/2008 14:14][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[15/09/2008 20:38][--a------] C:\WINDOWS\tasks\Norton AntiVirus - Effectuer une analyse complŠte du systŠme - Thierry.job
[10/11/2008 17:09][--ah-----] C:\WINDOWS\tasks\SA.DAT
[28/08/2001 07:00][-r-h-----] C:\WINDOWS\tasks\DESKTOP.INI

--------------------\\ Listing des dossiers dans C:\Program Files

[09/01/2005|23:41] C:\Program Files\a2 free
[28/08/2007|23:21] C:\Program Files\AC3Filter
[26/01/2008|10:18] C:\Program Files\Adobe
[14/07/2004|14:34] C:\Program Files\AKAI
[29/10/2002|23:03] C:\Program Files\Alcatel
[24/02/2008|22:03] C:\Program Files\Allocine
[03/08/2008|06:18] C:\Program Files\Apple Software Update
[31/07/2004|07:07] C:\Program Files\Auralog
[07/11/2004|10:51] C:\Program Files\BoontyGames
[22/01/2003|22:54] C:\Program Files\Bpm Wizard 2002
[04/02/2003|23:46] C:\Program Files\Cakewalk
[05/04/2008|21:05] C:\Program Files\Canal
[09/11/2008|19:09] C:\Program Files\CCleaner
[21/11/2004|12:47] C:\Program Files\Ciel
[24/09/2002|23:07] C:\Program Files\Classic PhoneTools
[04/02/2006|16:55] C:\Program Files\Common Files
[24/09/2002|22:21] C:\Program Files\ComPlus Applications
[24/09/2002|22:59] C:\Program Files\CONEXANT
[05/10/2002|16:11] C:\Program Files\Cresta
[24/09/2002|23:08] C:\Program Files\CyberLink
[24/09/2002|23:05] C:\Program Files\Dell
[24/09/2002|23:07] C:\Program Files\Dell Modem-On-Hold
[24/09/2002|23:07] C:\Program Files\Digital Line Detect
[31/12/2004|18:56] C:\Program Files\directx
[28/08/2007|23:41] C:\Program Files\DivX
[13/03/2007|22:06] C:\Program Files\FaxDrive
[28/08/2007|23:23] C:\Program Files\ffdshow
[10/11/2008|08:33] C:\Program Files\Fichiers communs
[09/11/2008|18:30] C:\Program Files\FindyKill
[19/10/2008|14:49] C:\Program Files\FinePixViewer
[04/10/2008|19:35] C:\Program Files\Fnacmusic
[12/10/2008|21:51] C:\Program Files\Furnish Pro
[09/08/2005|15:26] C:\Program Files\Google
[06/01/2004|22:06] C:\Program Files\Havas Medimedia
[23/07/2008|20:29] C:\Program Files\InstallShield Installation Information
[15/10/2008|10:57] C:\Program Files\Internet Explorer
[01/12/2007|11:30] C:\Program Files\iPod
[22/08/2006|20:34] C:\Program Files\IrfanView
[17/03/2008|20:03] C:\Program Files\iTunes
[11/10/2008|07:10] C:\Program Files\Java
[25/03/2006|14:27] C:\Program Files\Jeux classiques
[26/01/2008|10:19] C:\Program Files\JukeBoX V2
[10/11/2008|15:02] C:\Program Files\Kazaa
[06/11/2008|21:20] C:\Program Files\Lecteur CANALPLAY
[05/10/2002|15:46] C:\Program Files\Logitech
[16/11/2002|03:37] C:\Program Files\lycoed
[08/11/2008|18:17] C:\Program Files\Malwarebytes' Anti-Malware
[10/07/2004|23:21] C:\Program Files\M-Audio Midisport 2x2
[26/08/2008|21:06] C:\Program Files\Messenger
[24/09/2002|23:07] C:\Program Files\MGI
[24/09/2002|22:22] C:\Program Files\microsoft frontpage
[17/07/2003|23:31] C:\Program Files\Microsoft MapPoint Europe
[12/01/2003|11:18] C:\Program Files\Microsoft Money
[12/01/2003|11:15] C:\Program Files\Microsoft Office
[24/09/2002|23:09] C:\Program Files\Microsoft Works
[24/09/2002|23:07] C:\Program Files\Modem Helper
[28/08/2007|23:22] C:\Program Files\Morgan
[26/08/2008|20:58] C:\Program Files\Movie Maker
[18/01/2004|11:19] C:\Program Files\MSN
[24/09/2002|22:21] C:\Program Files\MSN Gaming Zone
[11/11/2004|16:17] C:\Program Files\MSN Messenger
[16/11/2006|09:17] C:\Program Files\MSXML 4.0
[05/04/2008|21:00] C:\Program Files\MSXML 6.0
[16/10/2005|15:38] C:\Program Files\Music Manager
[23/07/2008|20:35] C:\Program Files\MyDSC2
[10/11/2008|15:54] C:\Program Files\Navilog1
[26/08/2008|20:51] C:\Program Files\NetMeeting
[04/01/2008|22:53] C:\Program Files\Norton AntiVirus
[08/09/2007|14:29] C:\Program Files\Nouveau dossier
[15/07/2006|12:28] C:\Program Files\Orange
[10/02/2007|23:36] C:\Program Files\OrangeHSS
[26/08/2008|20:51] C:\Program Files\Outlook Express
[19/09/2004|18:19] C:\Program Files\PerfectNav
[24/10/2008|07:58] C:\Program Files\PhoTags Express
[07/12/2002|17:18] C:\Program Files\PIXELA
[05/10/2008|19:54] C:\Program Files\Pixie
[06/11/2002|23:53] C:\Program Files\Propellerhead
[01/12/2007|11:28] C:\Program Files\QuickTime
[05/10/2002|15:47] C:\Program Files\Real
[24/09/2002|23:07] C:\Program Files\Realtek Semiconductor Corp
[06/04/2008|18:31] C:\Program Files\REGSHAVE
[12/01/2003|11:12] C:\Program Files\Roxio
[12/04/2006|19:24] C:\Program Files\SAGEM
[27/08/2007|00:07] C:\Program Files\Samsung
[23/10/2008|21:59] C:\Program Files\Services en ligne
[21/04/2006|23:13] C:\Program Files\SLD Codec Pack
[08/09/2007|14:26] C:\Program Files\Smart Projects
[24/09/2002|23:08] C:\Program Files\Sonic
[16/11/2002|18:52] C:\Program Files\Sound Forge
[09/02/2008|12:55] C:\Program Files\Spybot - Search & Destroy
[05/08/2004|22:54] C:\Program Files\Steinberg
[03/06/2008|09:03] C:\Program Files\Symantec
[19/07/2008|07:10] C:\Program Files\Syncrosoft
[16/03/2008|15:31] C:\Program Files\TF1Vision
[07/11/2008|22:52] C:\Program Files\Trend Micro
[24/09/2002|23:08] C:\Program Files\Turtle Beach
[31/12/2004|18:37] C:\Program Files\Ubi Soft
[04/07/2004|19:27] C:\Program Files\Uninstall Information
[30/01/2005|10:31] C:\Program Files\UpToTen
[21/04/2006|23:15] C:\Program Files\VideoLAN
[30/03/2007|20:23] C:\Program Files\VirginMega
[28/08/2007|22:42] C:\Program Files\virtualdub_virtualdub_1.7.2_anglais_10126
[30/01/2003|00:35] C:\Program Files\Voyetra Turtle Beach
[02/09/2007|15:15] C:\Program Files\Wanadoo
[01/04/2006|12:44] C:\Program Files\Wanadoo Messager
[08/09/2007|08:32] C:\Program Files\Winamp
[05/10/2002|15:46] C:\Program Files\Windows Media Components
[25/02/2007|22:56] C:\Program Files\Windows Media Connect 2
[26/08/2008|20:51] C:\Program Files\Windows Media Player
[26/08/2008|20:51] C:\Program Files\Windows NT
[04/01/2008|21:40] C:\Program Files\Windows Sidebar
[05/09/2004|10:24] C:\Program Files\WindowsUpdate
[05/01/2008|13:18] C:\Program Files\WinRAR
[24/09/2002|22:22] C:\Program Files\XEROX
[09/02/2008|11:01] C:\Program Files\XnView
[28/08/2007|23:21] C:\Program Files\XviD
[09/11/2008|19:09] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[12/01/2003|11:12] C:\Program Files\Fichiers communs\Adaptec Shared
[01/06/2008|20:54] C:\Program Files\Fichiers communs\Adobe
[25/06/2008|23:06] C:\Program Files\Fichiers communs\Adobe AIR
[19/08/2007|15:10] C:\Program Files\Fichiers communs\Apple
[21/11/2004|12:47] C:\Program Files\Fichiers communs\Ciel
[10/10/2002|19:31] C:\Program Files\Fichiers communs\Designer
[08/09/2007|21:38] C:\Program Files\Fichiers communs\DigiDesign
[19/07/2007|23:04] C:\Program Files\Fichiers communs\fluxDVD
[10/02/2007|23:31] C:\Program Files\Fichiers communs\France Telecom
[19/09/2004|18:18] C:\Program Files\Fichiers communs\InstallShield
[22/02/2007|21:40] C:\Program Files\Fichiers communs\Java
[05/10/2002|15:46] C:\Program Files\Fichiers communs\Logitech
[11/06/2003|22:35] C:\Program Files\Fichiers communs\Macrovision Shared
[24/09/2002|23:07] C:\Program Files\Fichiers communs\MGI Shared
[05/04/2008|20:30] C:\Program Files\Fichiers communs\Microsoft Shared
[19/07/2007|23:03] C:\Program Files\Fichiers communs\mpDRM
[24/09/2002|22:21] C:\Program Files\Fichiers communs\MSSoap
[04/06/2004|08:48] C:\Program Files\Fichiers communs\ndfrtprc
[24/09/2002|22:21] C:\Program Files\Fichiers communs\ODBC
[10/11/2002|14:20] C:\Program Files\Fichiers communs\Real
[24/09/2002|22:21] C:\Program Files\Fichiers communs\Services
[24/09/2002|22:21] C:\Program Files\Fichiers communs\SpeechEngines
[28/11/2004|17:18] C:\Program Files\Fichiers communs\SWF Studio
[10/11/2008|15:56] C:\Program Files\Fichiers communs\Symantec Shared
[26/08/2008|20:51] C:\Program Files\Fichiers communs\System
[30/01/2003|00:35] C:\Program Files\Fichiers communs\Turtle Beach
[24/09/2002|23:02] C:\Program Files\Fichiers communs\Voyetra
[10/11/2002|14:20] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 50 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 18:13:48
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwQueryDirectoryFile
scanning hidden processes ...
scanning hidden files ...
C:\WINDOWS\System32\kdprs.exe 69632 bytes executable
scan completed successfully
hidden processes: 0
hidden files: 1

--------------------\\ Recherche d'autres infections

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{3EDA04AB-A48A-484B-9EEB-36065321313A}]
NameServer REG_SZ 85.255.114.21,85.255.112.134
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{3EDA04AB-A48A-484B-9EEB-36065321313A}]
NameServer REG_SZ 85.255.114.21,85.255.112.134
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{3EDA04AB-A48A-484B-9EEB-36065321313A}]
NameServer REG_SZ 85.255.114.21,85.255.112.134
[b]==> WAREOUT <==/b

--------------------\\ KoobFace !

C:\WINDOWS\bemark2.dat

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Thierry\Bureau\Bureau divers\Folder Kazaa\Cubase SX Full Version with Crack.exe

[F:4][D:1]-> C:\DOCUME~1\Thierry\LOCALS~1\Temp
[F:65][D:0]-> C:\DOCUME~1\Thierry\Cookies
[F:530][D:6]-> C:\DOCUME~1\Thierry\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 10/11/2008|17:42 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 10/11/2008|18:17 - Option : [2]

--------------------\\ Fin du rapport a 18:17:01

Réponse 47 / 101

Utilisateur anonyme

Re,

Fait moi uin nouveau hijackthis.STP.

merci

Réponse 48 / 101

Roudoudou

Je trouve pas pour les addresses tcp/ip...

Ci-après le rapport hijackthis.

Merci.

A+
Roudoudou

*************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:04:58, on 10/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TF1Vision\TF1vision.exe
C:\Program Files\Fichiers communs\Real\Update_OB\rnathchk.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\tbctray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\orange\player orange\Orange Player.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdprs.exe] C:\WINDOWS\system32\kdprs.exe
O4 - HKLM\..\Run: [CPM73d43bbf] Rundll32.exe "c:\windows\system32\owsvmexm.dll",a
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PlayerKiosquePlus] C:\Program Files\Lecteur CANALPLAY\PlayerKiosquePlus.exe /iconic
O4 - HKLM\..\Run: [ORAHSSStartup] "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [e-TF1] C:\Program Files\TF1Vision\TF1vision.exe
O4 - HKLM\..\Run: [CanalPlayerHelper] C:\Program Files\Lecteur CANALPLAY\CanalPlayerHelper.exe
O4 - HKLM\..\Run: [Canal Widget] "C:\Program Files\Canal\Canal Widget\Launcher.exe"
O4 - HKLM\..\Run: [Allocine] "C:\Program Files\Allocine\Allocine.exe" /check
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OrangePlayer] c:\program files\orange\player orange\Orange Player.exe /systray
O4 - HKCU\..\Run: [(dmserver) ] "C:\Program Files\Services en ligne\bin\nvwrszhc.exe" /set
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: *.canal-plus.com (HKLM)
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot2_x.cab
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst0_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt0_x.cab
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://images.goa.com/it/Woo2/fr/20031030/Downloads/npwwg.cab
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://www.m6video.fr/1click/install/files/installer2.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://extraweb-emea.ey.com/home/extraweb/iNotes.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - https://www.cult3d.com/
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://extraweb-emea.ey.com/FRM005/iNotes6.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - https://tiragesphoto.fnac.com/
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager) - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
O16 - DPF: {B9907873-6560-4A36-B76B-9DADE84A7F55} (FnacmusicDnl.DnlManager) - https://www.fnacmusic.com/telechargementFnacmusic/FnacmusicDnl.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E1AF091A-9F23-4059-89D7-C05EE073285D} - https://www.canalplus.com/canalplay/
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {FD40EC41-D860-4579-8BA4-52671A45C71C} (AxHtChat Class) - http://images.goa.com/it/Woo2/fr/chat/nPaxChat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EDA04AB-A48A-484B-9EEB-36065321313A}: NameServer = 85.255.114.21,85.255.112.134
O23 - Service: Apple Mobile Device - Unknown owner - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Client DHCP (Dhcp) - Unknown owner - C:\Program Files\tinyproxy\tinyproxy.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Logical Disk Manager (dmserver) - Unknown owner - C:\Program Files\Services en ligne\bin\nvwrszhc.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe

Réponse 49 / 101

Utilisateur anonyme

Re,

==>Télécharge sur ton bureau MSNFix

* Enregistrez le fichier sur votre bureau.
* Ne pas double-cliquer sur le fichier
* Faites un clic droit sur le fichier puis Extraire tout, le but étant de récupérer un dossier MSNFix

* Double-cliquez sur le dossier MSNFix afin de l'ouvrir
* Vous trouverez dedans un nouveau dossier ainsi qu'un fichier MSNFix.bat (le .bat peut ne pas apparaître chez vous).
* Double-cliquez sur MSNFix.bat

Tutorial MSNFix

Réponse 50 / 101

Roudoudou

Super Goldo,

Je viens de trouver l'endroit où est mentionnée l'addresse tcp/ip.

Il y a bien la référence que tu m'indiquais dans ton précédent post.

Je l'efface ? Puis je redémarre le PC, puis je charge MSNFix ? et je te poste le rapport ? Quel programme !

Youpi !
Roudoudou

Réponse 51 / 101

Utilisateur anonyme

Re,

Tu la dit !!!!

@+

Réponse 52 / 101

Roudoudou

Re,

Mauvaise nouvelle : j'ai bien fait comme indiqué pour le changement d'adresse tcp/ip. Mais après le redémarrage, l'adresse est toujours présente !

Sinon, j'ai exécuté le MSNFix. Le PC a encore redémarré. Puis, j'ai refait un hijackthis. Et voici le résultat !

@ plus
Roudoudou

*********************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:09:39, on 10/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OB\rnathchk.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TF1Vision\TF1vision.exe
C:\WINDOWS\system32\tbctray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\orange\player orange\Orange Player.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Canal\Canal Widget\Canal Widget.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdprs.exe] C:\WINDOWS\system32\kdprs.exe
O4 - HKLM\..\Run: [CPM73d43bbf] Rundll32.exe "c:\windows\system32\owsvmexm.dll",a
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PlayerKiosquePlus] C:\Program Files\Lecteur CANALPLAY\PlayerKiosquePlus.exe /iconic
O4 - HKLM\..\Run: [ORAHSSStartup] "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [e-TF1] C:\Program Files\TF1Vision\TF1vision.exe
O4 - HKLM\..\Run: [CanalPlayerHelper] C:\Program Files\Lecteur CANALPLAY\CanalPlayerHelper.exe
O4 - HKLM\..\Run: [Canal Widget] "C:\Program Files\Canal\Canal Widget\Launcher.exe"
O4 - HKLM\..\Run: [Allocine] "C:\Program Files\Allocine\Allocine.exe" /check
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OrangePlayer] c:\program files\orange\player orange\Orange Player.exe /systray
O4 - HKCU\..\Run: [(dmserver) ] "C:\Program Files\Services en ligne\bin\nvwrszhc.exe" /set
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: *.canal-plus.com (HKLM)
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot2_x.cab
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst0_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt0_x.cab
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://images.goa.com/it/Woo2/fr/20031030/Downloads/npwwg.cab
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://www.m6video.fr/1click/install/files/installer2.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://extraweb-emea.ey.com/home/extraweb/iNotes.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - https://www.cult3d.com/
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://extraweb-emea.ey.com/FRM005/iNotes6.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - https://tiragesphoto.fnac.com/
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager) - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
O16 - DPF: {B9907873-6560-4A36-B76B-9DADE84A7F55} (FnacmusicDnl.DnlManager) - https://www.fnacmusic.com/telechargementFnacmusic/FnacmusicDnl.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E1AF091A-9F23-4059-89D7-C05EE073285D} - https://www.canalplus.com/canalplay/
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {FD40EC41-D860-4579-8BA4-52671A45C71C} (AxHtChat Class) - http://images.goa.com/it/Woo2/fr/chat/nPaxChat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EDA04AB-A48A-484B-9EEB-36065321313A}: NameServer = 85.255.114.21,85.255.112.134
O23 - Service: Apple Mobile Device - Unknown owner - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Client DHCP (Dhcp) - Unknown owner - C:\Program Files\tinyproxy\tinyproxy.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Logical Disk Manager (dmserver) - Unknown owner - C:\Program Files\Services en ligne\bin\nvwrszhc.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe

Réponse 53 / 101

Utilisateur anonyme

Re,

● Télécharge OtmoveIt3 d'Old Timer Sur ton bureau.

● Double clique sur " OtmoveIt3.exe " pour le lancer.

● Copie/colle le texte suivant en gris dans la case de gauche " Paste Instructions for items to be moved "

Files:
c:\windows\system32\kdprs.exe

:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

:Commands
[reboot]

● Clique sur " MoveIt! "

● Copie tout ce qui est marqué dans la case de droite " Results "

● Colle tout sur le forum.

( Rapport situé ici aussi : C:\_OTMoveIt\MovedFiles )

ensuite redémarre le pc et refais un nouveau rapport hijackthis stp

Réponse 54 / 101

Roudoudou

Salut,

Bad news : je crains que cela soit un coup pour rien :-(

@+
Thierry

*******************************

Error: Unable to interpret <Files: > in the current context!
Error: Unable to interpret <c:\windows\system32\kdprs.exe > in the current context!
========== REGISTRY ==========
========== COMMANDS ==========

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11102008_203557

***********************************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:42:32, on 10/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TF1Vision\TF1vision.exe
C:\WINDOWS\system32\tbctray.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Canal\Canal Widget\Canal Widget.exe
C:\program files\orange\player orange\Orange Player.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdprs.exe] C:\WINDOWS\system32\kdprs.exe
O4 - HKLM\..\Run: [CPM73d43bbf] Rundll32.exe "c:\windows\system32\owsvmexm.dll",a
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PlayerKiosquePlus] C:\Program Files\Lecteur CANALPLAY\PlayerKiosquePlus.exe /iconic
O4 - HKLM\..\Run: [ORAHSSStartup] "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [e-TF1] C:\Program Files\TF1Vision\TF1vision.exe
O4 - HKLM\..\Run: [CanalPlayerHelper] C:\Program Files\Lecteur CANALPLAY\CanalPlayerHelper.exe
O4 - HKLM\..\Run: [Canal Widget] "C:\Program Files\Canal\Canal Widget\Launcher.exe"
O4 - HKLM\..\Run: [Allocine] "C:\Program Files\Allocine\Allocine.exe" /check
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OrangePlayer] c:\program files\orange\player orange\Orange Player.exe /systray
O4 - HKCU\..\Run: [(dmserver) ] "C:\Program Files\Services en ligne\bin\nvwrszhc.exe" /set
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: *.canal-plus.com (HKLM)
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot2_x.cab
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst0_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt0_x.cab
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://images.goa.com/it/Woo2/fr/20031030/Downloads/npwwg.cab
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://www.m6video.fr/1click/install/files/installer2.cab
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://extraweb-emea.ey.com/home/extraweb/iNotes.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - https://www.cult3d.com/
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://extraweb-emea.ey.com/FRM005/iNotes6.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - https://tiragesphoto.fnac.com/
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager) - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
O16 - DPF: {B9907873-6560-4A36-B76B-9DADE84A7F55} (FnacmusicDnl.DnlManager) - https://www.fnacmusic.com/telechargementFnacmusic/FnacmusicDnl.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E1AF091A-9F23-4059-89D7-C05EE073285D} - https://www.canalplus.com/canalplay/
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {FD40EC41-D860-4579-8BA4-52671A45C71C} (AxHtChat Class) - http://images.goa.com/it/Woo2/fr/chat/nPaxChat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EDA04AB-A48A-484B-9EEB-36065321313A}: NameServer = 85.255.114.21,85.255.112.134
O23 - Service: Apple Mobile Device - Unknown owner - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Client DHCP (Dhcp) - Unknown owner - C:\Program Files\tinyproxy\tinyproxy.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Logical Disk Manager (dmserver) - Unknown owner - C:\Program Files\Services en ligne\bin\nvwrszhc.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe

Réponse 55 / 101

Utilisateur anonyme

Re,

Passe de nouveau smithfraudix STP.

merci.

Réponse 56 / 101

Utilisateur anonyme

Re,

-Télécharge et installe MalwareByte's Anti-Malware
Malwarebyte

- Mets le à jour

---
- Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.
- Sélectionne Exécuter un examen complet si ce n'est pas déjà fait
- clique sur Rechercher

- Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok

- Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.

- Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection

- Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.

Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok

Tutoriel pour MalwareByte's

Réponse 57 / 101

Roudoudou

Option 1, 2 ou 5 ?

Merci.

@+
Roudoudou

Réponse 58 / 101

Utilisateur anonyme

Re,

Passe malwarebyte et ensuite poste moi le rapport générer et après on avisera.

merci

Réponse 59 / 101

Roudoudou

Ok Chef Goldo.

A tout'
Roudoudou

Réponse 60 / 101

Roudoudou

Goldo,

de retour sur les ondes après le scan de MWMB (un peu long mais certainement efficace). Il a trouvé les "usual virus" (ils sont tenaces tout de même).

Ci-après le rapport.

@+
Roudoudou

****************************

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1380
Windows 5.1.2600 Service Pack 3

10/11/2008 22:42:51
mbam-log-2008-11-10 (22-42-51).txt

Type de recherche: Examen complet (A:\|C:\|)
Eléments examinés: 144730
Temps écoulé: 1 hour(s), 10 minute(s), 50 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 19

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\(dmserver) (Trojan.Agent.X) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm73d43bbf (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3eda04ab-a48a-484b-9eeb-36065321313a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.21,85.255.112.134 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3eda04ab-a48a-484b-9eeb-36065321313a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.21,85.255.112.134 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{3eda04ab-a48a-484b-9eeb-36065321313a}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.21,85.255.112.134 -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\WINDOWS\SYSTEM32\512686 (Trojan.BHO) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\System Volume Information\_restore{B424D3FD-F423-4451-A92D-CAFB5F4149AC}\RP1065\A0109183.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B424D3FD-F423-4451-A92D-CAFB5F4149AC}\RP1067\A0111765.exe (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B424D3FD-F423-4451-A92D-CAFB5F4149AC}\RP1067\A0111767.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B424D3FD-F423-4451-A92D-CAFB5F4149AC}\RP1067\A0111769.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B424D3FD-F423-4451-A92D-CAFB5F4149AC}\RP1067\A0111774.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B424D3FD-F423-4451-A92D-CAFB5F4149AC}\RP1068\A0121799.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B424D3FD-F423-4451-A92D-CAFB5F4149AC}\RP1068\A0121802.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B424D3FD-F423-4451-A92D-CAFB5F4149AC}\RP1068\A0121825.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B424D3FD-F423-4451-A92D-CAFB5F4149AC}\RP1068\A0121832.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B424D3FD-F423-4451-A92D-CAFB5F4149AC}\RP1068\A0121838.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B424D3FD-F423-4451-A92D-CAFB5F4149AC}\RP1068\A0121839.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B424D3FD-F423-4451-A92D-CAFB5F4149AC}\RP1068\A0121841.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B424D3FD-F423-4451-A92D-CAFB5F4149AC}\RP1068\A0121842.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{B424D3FD-F423-4451-A92D-CAFB5F4149AC}\RP1068\A0121843.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\TDSScfum.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\TDSSofxh.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\TDSSmqlt.sys.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Online Spyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.

Discussions similaires

Comment désactiver le mode sécurisé de la Freebox POP.

Accéder au mode sans échec asus

Refus Windows Mode ss échec / Virus Lab 2009

101 réponses

Votre réponse

Discussions similaires

Newsletters