Sujet Précédent Sujet Suivant

Au secours : un virus me bloque !!!

Fermé
Arno75 - 19 nov. 2008 à 02:16
 Utilisateur anonyme - 25 nov. 2008 à 03:06
Bonjour,
Un ou plusieurs virus me bloque sur Firefox et surtout m'empêche de lancer certaines application comme malwarebytes.

Voici un rapport de hijack.
Messieurs les cracks, j'ai besoin de toutes vos compétences !
D'avance merci beaucoup !!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:13:40, on 19/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HPQ\Shared\hpqwmi.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www8.hp.com/fr/fr/home.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,
O2 - BHO: C:\WINDOWS\system32\jsne87fidgf.dll - {c5bf49a2-94f3-42bd-f434-3604812c897d} - C:\WINDOWS\system32\jsne87fidgf.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\ctfmon.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Briand\Local Settings\Application Data\spool.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Briand\Application Data\gadcom\gadcom.exe" 61A847B5BBF72810369239466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [Twain] C:\Documents and Settings\Briand\Application Data\Twain\Twain.exe
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\ctfmon.exe
O4 - HKUS\.DEFAULT\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [ntuser] C:\WINDOWS\system32\drivers\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [autoload] C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Application Data\spool.exe (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [java_sun] Java (Sun)
O14 - IERESET.INF: START_PAGE_URL=https://www8.hp.com/fr/fr/home.html
O20 - AppInit_DLLs: karna.dat
O20 - Winlogon Notify: winctrl32 - WinCtrl32.dll (file missing)
O20 - Winlogon Notify: zqtcrtb - C:\WINDOWS\
O22 - SharedTaskScheduler: mcb7uehuj3n8weuhejsw - {C5BF49A2-94F3-42BD-F434-3604812C897D} - C:\WINDOWS\system32\jsne87fidgf.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (antivirscheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (antivirservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FCI (fci) - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: ICF (icf) - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe (file missing)
O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Planificateur de tâches (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\ctfmon.exe (file missing)
O23 - Service: Sygate Personal Firewall (smcservice) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

126 réponses

Précédent
Réponse 61 / 126
Utilisateur anonyme
20 nov. 2008 à 16:16
Hi,

Poste 62.

Alut.
0
Réponse 62 / 126
Utilisateur anonyme
20 nov. 2008 à 16:16
Hi,

même en mode sans échec.

Alut.
0
Réponse 63 / 126
lacoquine Messages postés 116 Date d'inscription jeudi 1 mai 2008 Statut Membre Dernière intervention 25 novembre 2008
20 nov. 2008 à 16:21
Meme en mode sans echec ça bug
0
Réponse 64 / 126
Utilisateur anonyme
20 nov. 2008 à 16:29
Hi,

Essai ces deux liens:Surtout rennome les:

fais un clic droit sur le fichier combofix.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\combofix
Décompresser combofixdans ce dossier.
C'est important pour les sauvegardes."

http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/

https://forospyware.com

Sinon passe ce fix:

Télécharge sur ton bureau MSNFix

* Enregistrez le fichier sur votre bureau.
* Ne pas double-cliquer sur le fichier
* Faites un clic droit sur le fichier puis Extraire tout, le but étant de récupérer un dossier MSNFix

* Double-cliquez sur le dossier MSNFix afin de l'ouvrir
* Vous trouverez dedans un nouveau dossier ainsi qu'un fichier MSNFix.bat (le .bat peut ne pas apparaître chez vous).
* Double-cliquez sur MSNFix.bat

Alut.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 65 / 126
Utilisateur anonyme
20 nov. 2008 à 16:31
essaie en :

allant sur le lien , clicdroit , proprietes et tu copies/colles l'aresse dans la barre d'adresses d'une page mozilla firefox
0
Réponse 66 / 126
Utilisateur anonyme
20 nov. 2008 à 16:32
oui je sais.....je suis long.......lol
0
Réponse 67 / 126
lacoquine Messages postés 116 Date d'inscription jeudi 1 mai 2008 Statut Membre Dernière intervention 25 novembre 2008
20 nov. 2008 à 16:46
Écoute tu es assez gentil de m'aider que jamais je ne chialerai si tu es un peu long (ce qui n'est pas le cas en passant!) Msn fix semble fonctionner, j'ai lancé la recherche j'attends :)
0
Réponse 68 / 126
lacoquine Messages postés 116 Date d'inscription jeudi 1 mai 2008 Statut Membre Dernière intervention 25 novembre 2008
20 nov. 2008 à 16:47
Ca me dit infection présente ...je lance le nettoyage?
0
Réponse 69 / 126
Utilisateur anonyme
20 nov. 2008 à 16:52
Fais !
0
Réponse 70 / 126
lacoquine Messages postés 116 Date d'inscription jeudi 1 mai 2008 Statut Membre Dernière intervention 25 novembre 2008
20 nov. 2008 à 16:57
Ça me dit le systeme ne peut trouver le fichier incl\msnRK.txt.
0
Réponse 71 / 126
lacoquine Messages postés 116 Date d'inscription jeudi 1 mai 2008 Statut Membre Dernière intervention 25 novembre 2008
20 nov. 2008 à 16:58
Je viens de faire un scan avec antivir voici le résultat:





Avira AntiVir Personal
Report file date: 20 novembre 2008 10:29

Scanning for 1042450 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: SHAWINIG-C797DA

Version information:
BUILD.DAT : 8.2.0.336 16933 Bytes 2008-10-30 11:40:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 2008-06-26 15:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 2008-05-26 14:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 2008-06-12 19:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 2008-05-26 14:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 2008-10-27 01:04:51
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 2008-11-09 01:04:54
ANTIVIR2.VDF : 7.1.0.89 221184 Bytes 2008-11-16 01:04:55
ANTIVIR3.VDF : 7.1.0.110 109568 Bytes 2008-11-19 01:04:56
Engineversion : 8.2.0.34
AEVDF.DLL : 8.1.0.6 102772 Bytes 2008-10-14 17:05:56
AESCRIPT.DLL : 8.1.1.15 332156 Bytes 2008-11-20 01:05:09
AESCN.DLL : 8.1.1.5 123251 Bytes 2008-11-20 01:05:08
AERDL.DLL : 8.1.1.3 438645 Bytes 2008-11-20 01:05:07
AEPACK.DLL : 8.1.3.4 393591 Bytes 2008-11-20 01:05:05
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 2008-11-20 01:05:04
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 2008-11-20 01:05:03
AEHELP.DLL : 8.1.2.0 119159 Bytes 2008-11-20 01:05:00
AEGEN.DLL : 8.1.1.4 319861 Bytes 2008-11-20 01:04:59
AEEMU.DLL : 8.1.0.9 393588 Bytes 2008-10-14 17:05:56
AECORE.DLL : 8.1.5.0 172407 Bytes 2008-11-20 01:04:58
AEBB.DLL : 8.1.0.3 53618 Bytes 2008-10-14 17:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 2008-07-09 15:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 2008-05-16 16:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 2008-11-20 01:04:57
AVREG.DLL : 8.0.0.1 33537 Bytes 2008-05-09 18:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 15:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 2008-06-12 19:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-23 00:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 2008-06-12 19:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 19:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 2008-06-12 20:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 2008-06-27 20:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, F:, G:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 20 novembre 2008 10:29

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'iesvcmon.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
34 processes with 34 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!
Boot sector 'G:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '53' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\3LANW1MB\cd[1].htm
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\3LANW1MB\cd[1].htm
[DETECTION] Is the TR/Dldr.Suurch.GS Trojan
[NOTE] The file was moved to '498082b9.qua'!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XMEFYEIY\nw32[1].exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '495882d5.qua'!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XMEFYEIY\nw32[2].exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '495882d9.qua'!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XMEFYEIY\nw32[3].exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '495882dd.qua'!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XMEFYEIY\nw32[4].exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '495882e1.qua'!
C:\Documents and Settings\Marie-Claude\Bureau\SmitfraudFix.exe
[DETECTION] Contains recognition pattern of the DR/Tool.Reboot.F.19 dropper
[NOTE] The file was moved to '498e82f3.qua'!
C:\Documents and Settings\Marie-Claude\Bureau\SDFix\SDFix\backups\backups.zip
[0] Archive type: ZIP
--> backups/ati6krxx.sys
[DETECTION] Contains recognition pattern of the RKIT/Protector.BC root kit
--> backups/byyiflazkxbgq.exe
[DETECTION] Contains recognition pattern of the DR/Zlob.Gen dropper
--> backups/csrssc.exe
[DETECTION] Is the TR/Dldr.Suurch.GS Trojan
--> backups/dwwnw64r.exe
[DETECTION] Is the TR/Spy.Zeno.FI Trojan
--> backups/jsne87fidgf.dll
[DETECTION] Is the TR/Fakealert.HO Trojan
--> backups/pxlziathojtpmetk.exe
[DETECTION] Contains recognition pattern of the DR/Zlob.Gen dropper
--> backups/QdrDrive20.dll
[DETECTION] Is the TR/Click.Agent.can Trojan
--> backups/rs32net.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
--> backups/rzrncvfq.dll
[DETECTION] Is the TR/Fakealert.abz.6 Trojan
--> backups/VnrBlock21.exe
[DETECTION] Is the TR/Dldr.Agent.ante Trojan
--> backups/VnrPack20.exe
[DETECTION] Is the TR/Dldr.Agen.vn.343 Trojan
[NOTE] The file was moved to '498882f6.qua'!
C:\Documents and Settings\Marie-Claude\Bureau\SDFix\SDFix\backups\catchme.zip
[0] Archive type: ZIP
--> ATI6KRXX.sys
[DETECTION] Contains recognition pattern of the RKIT/Protector.BC root kit
--> TDSSoiqt.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.JW back-door program
--> TDSSarxx.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.adb back-door program
--> TDSSvkql.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.acs back-door program
--> TDSScfmm.dll
[DETECTION] Is the TR/Agent.73728.7 Trojan
--> dwwnw64r.exe
[DETECTION] Is the TR/Spy.Zeno.FI Trojan
[NOTE] The file was moved to '499982fb.qua'!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4ARGPPLS\nw32[1].exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49588354.qua'!
C:\Program Files\ppcbooster\ppcb_32.exe
[DETECTION] Is the TR/Dldr.LwAge.24576 Trojan
[NOTE] The file was moved to '4988860f.qua'!
C:\WINDOWS\c20232.exe
[DETECTION] Is the TR/Dldr.VB.iqv Trojan
[NOTE] The file was moved to '4955868b.qua'!
C:\WINDOWS\DWrvg.exe
[0] Archive type: NSIS
--> ProgramFilesDir/QdrDrive20.dll
[DETECTION] Is the TR/Click.Agent.can Trojan
--> ProgramFilesDir/VnrPack20.exe
[DETECTION] Is the TR/Dldr.Agen.vn.343 Trojan
--> ProgramFilesDir/bs17.exe
[DETECTION] Contains recognition pattern of the DR/Click.Agent.bip dropper
[DETECTION] Contains recognition pattern of the DR/Agent.hgt dropper
[NOTE] The file was moved to '499786b4.qua'!
C:\WINDOWS\f4f.exe
[DETECTION] Is the TR/Agent.M.778 Trojan
[NOTE] The file was moved to '498b8696.qua'!
C:\WINDOWS\feoc827.exe
[DETECTION] Is the TR/Dldr.VB.iqv Trojan
[NOTE] The file was moved to '499486ca.qua'!
C:\WINDOWS\gbg033414.exe
[DETECTION] Is the TR/Dldr.VB.iqv Trojan
[NOTE] The file was moved to '498c86cb.qua'!
C:\WINDOWS\gncyq5.exe
[0] Archive type: NSIS
--> ProgramFilesDir/f4f.exe
[DETECTION] Is the TR/Agent.M.778 Trojan
[DETECTION] Contains recognition pattern of the DR/BHO.dwj dropper
[NOTE] The file was moved to '498886dc.qua'!
C:\WINDOWS\hw5305.exe
[DETECTION] Is the TR/Dldr.VB.iqv Trojan
[NOTE] The file was moved to '495a86e8.qua'!
C:\WINDOWS\o255.exe
[DETECTION] Is the TR/Dldr.VB.iqv Trojan
[NOTE] The file was moved to '495a86a8.qua'!
C:\WINDOWS\pn8.exe
[0] Archive type: NSIS
--> ProgramFilesDir/VnrBlock21.exe
[DETECTION] Is the TR/Dldr.Agent.ante Trojan
[DETECTION] Contains recognition pattern of the DR/Peed.579 dropper
[NOTE] The file was moved to '495d86e8.qua'!
C:\WINDOWS\vtj708346.exe
[0] Archive type: NSIS
--> ProgramFilesDir/ppcb_32.exe
[DETECTION] Is the TR/Dldr.LwAge.24576 Trojan
[DETECTION] Contains recognition pattern of the DR/Dldr.Agent.aopb dropper
[NOTE] The file was moved to '498f86f6.qua'!
C:\WINDOWS\wuan364443.exe
[DETECTION] Is the TR/Dldr.VB.iqv Trojan
[NOTE] The file was moved to '49868708.qua'!
C:\WINDOWS\system32\cmdl.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4989885c.qua'!
C:\WINDOWS\system32\g25.exe
[DETECTION] Contains recognition pattern of the DR/Click.Agent.bty dropper
[NOTE] The file was moved to '495a8830.qua'!
C:\WINDOWS\system32\ocntssdl.exe
[DETECTION] Is the TR/Agent.tzh Trojan
[NOTE] The file was moved to '4993887f.qua'!
C:\WINDOWS\system32\pfpmtdghda.dll
[DETECTION] Is the TR/BHO.czp Trojan
[NOTE] The file was moved to '49958888.qua'!
C:\WINDOWS\system32\rswnw64q.exe
[DETECTION] Is the TR/Spy.Zeno.FI Trojan
[NOTE] The file was moved to '499c889f.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\89Q701EZ\cd[1].htm
[0] Archive type: HIDDEN
--> FIL\\\?\C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\89Q701EZ\cd[1].htm
[DETECTION] Is the TR/Dldr.Suurch.GS Trojan
[NOTE] The file was moved to '498088ad.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\89Q701EZ\cmdl[1].exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498988bb.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'F:\' <internet>
Begin scan in 'G:\' <données>


End of the scan: 20 novembre 2008 10:56
Used time: 27:07 Minute(s)

The scan has been done completely.

4836 Scanning directories
192798 Files were scanned
49 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
28 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
192747 Files not concerned
1921 Archives were scanned
2 Warnings
28 Notes
0
Réponse 72 / 126
Utilisateur anonyme
20 nov. 2008 à 17:08
ok redemarrese et tente combofix maintenant.......
0
Réponse 73 / 126
lacoquine Messages postés 116 Date d'inscription jeudi 1 mai 2008 Statut Membre Dernière intervention 25 novembre 2008
20 nov. 2008 à 17:19
combofix ne veut toujours pas loader
0
Réponse 74 / 126
Utilisateur anonyme
20 nov. 2008 à 17:22
grrrrr!!!!!!!!
0
Réponse 75 / 126
lacoquine Messages postés 116 Date d'inscription jeudi 1 mai 2008 Statut Membre Dernière intervention 25 novembre 2008
20 nov. 2008 à 17:23
bon je pense que je vais prendre un break
on recommence plus tard d'acc?
0
Réponse 76 / 126
Utilisateur anonyme
20 nov. 2008 à 17:26
comme tu veux.......le tout est que tu repartes satisfaite
0
Réponse 77 / 126
lacoquine Messages postés 116 Date d'inscription jeudi 1 mai 2008 Statut Membre Dernière intervention 25 novembre 2008
20 nov. 2008 à 21:31
Voila le rapport



-------------- UsbFix V2.410 ---------------

* User : Marie-Claude - SHAWINIG-C797DA
* Outils mis a jours le 20/11/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 15:28:42 le 2008-11-20
* Windows Xp - Internet Explorer 7.0.5730.13


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\DOCUME~1\MARIE-~1\LOCALS~1\Temp\1.tmp\b2e.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\iesvcmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\alg.exe

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe

D: - Lecteur de CD-ROM

F: - Lecteur fixe

G: - Lecteur fixe


--------------- [ Lecteur C ] ----------------

C: - Lecteur fixe


+- Listing des fichiers présents :

[2008-07-08 18:03][--a------] C:\AUTOEXEC.BAT
[2004-08-03 15:38][-rahs----] C:\NTDETECT.COM
[2008-07-08 19:14][---hs----] C:\boot.ini
[2008-11-20 14:32][--a------] C:\fixnavi.txt
[2008-11-20 14:32][--a------] C:\lopR.txt
[2008-11-20 14:32][--a------] C:\TB.txt
[2008-11-20 14:32][--a------] C:\UsbFix.txt
[2008-07-08 18:03][--a------] C:\CONFIG.SYS
[2008-07-08 18:03][--a------] C:\IO.SYS
[2008-07-08 18:03][--a------] C:\MSDOS.SYS
[2008-07-08 18:03][--a------] C:\pagefile.sys

--------------- [ Lecteur D ] ----------------

D: - Lecteur de CD-ROM


+- Listing des fichiers présents :


--------------- [ Lecteur F ] ----------------

F: - Lecteur fixe


+- Listing des fichiers présents :


--------------- [ Lecteur G ] ----------------

G: - Lecteur fixe


+- Listing des fichiers présents :


--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
MsnMsgr="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
SpybotSD TeaTimer=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

RTHDCPL=RTHDCPL.EXE
Alcmtr=ALCMTR.EXE
NeroFilterCheck=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
iesvcmon="C:\WINDOWS\system32\iesvcmon.exe"
avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{13b059e6-4d4f-11dd-b47d-001921c84f11}\Shell\AutoRun\command

--------------- [ Nettoyage des disques ] ----------------


--------------- [ Resumé ] ----------------

-> /!\ Le resultat doit etre interprété par un spécialiste /!\

[2008-07-08 18:03][--a------] C:\AUTOEXEC.BAT
[2004-08-03 15:38][-rahs----] C:\NTDETECT.COM
[2008-07-08 19:14][---hs----] C:\boot.ini

--------------- ! Fin du rapport ! ----------------
0
Réponse 78 / 126
Utilisateur anonyme
20 nov. 2008 à 21:32
Hi,

Peut tu refaire un hijackthis.

Alut.
0
Réponse 79 / 126
lacoquine Messages postés 116 Date d'inscription jeudi 1 mai 2008 Statut Membre Dernière intervention 25 novembre 2008
20 nov. 2008 à 21:32
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:32:34, on 2008-11-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\iesvcmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iesvcmon] "C:\WINDOWS\system32\iesvcmon.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://www.cogeco.ca/fr/OLS3.3/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
0
Réponse 80 / 126
Utilisateur anonyme
20 nov. 2008 à 21:40
Hi,

Rend toi sur ce site

C:\WINDOWS\system32\iesvcmon.exe

Clic sur "parcourir" et ensuite recherche le texte en gras et poste le rapport qui en résult.

Alut.
0