Sujet Précédent Sujet Suivant

Virus Trojan.Generic Impossible à SUPPRIMER

Fermé
krys95580 Messages postés 39 Date d'inscription vendredi 28 novembre 2008 Statut Membre Dernière intervention 1 décembre 2008 - 28 nov. 2008 à 14:55
 Utilisateur anonyme - 6 déc. 2008 à 15:36
Bonjour, il y'a deux ou trois jours de ca j'ai du attraper cette connerie de trojan et depuit j'ai fait tout les scanner possibles et imaginable je n'arrive pas à m'en débarasser. J'espere trouver de l'aide ici !! Je vous post mon log Hijackthis :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:53:53, on 28/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\windows\system32\RUNDLL32.EXE
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\windows\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\windows\system32\lxdxcoms.exe
C:\windows\system32\devldr32.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\windows\System32\svchost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\System32\alg.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.deezer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: MSUSER Class - {8D4D2F69-DF30-4471-988C-CC58545E86C8} - C:\windows\system32\AdminLp.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
O4 - HKLM\..\Run: [lxdxamon] "C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SystemHelp] RUNDLL32.EXE C:\windows\system32\SystemHper.dll,Install
O4 - HKLM\..\Run: [WindowAdmin] RUNDLL32.EXE C:\windows\system32\AdminLp.dll,Install
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\windows\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\windows\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\windows\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe
O23 - Service: lxdx_device - - C:\windows\system32\lxdxcoms.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

Merci d'avance.

38 réponses

Précédent
  • 1
  • 2
Réponse 21 / 38
krys95580 Messages postés 39 Date d'inscription vendredi 28 novembre 2008 Statut Membre Dernière intervention 1 décembre 2008 7
28 nov. 2008 à 17:58
J'ai fait ce que tu m'a dit de faire par contre : A la question: "Corriger le fichier infecté ?" répondre O (oui) et presser Entrée
pour remplacer le fichier corrompu. Il ne m'a pas demander ca il ma juste demander pour le registre voila le rapport :

SmitFraudFix v2.378

Rapport fait à 17:49:06,25, 28/11/2008
Executé à partir de C:\Documents and Settings\Michel\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\Program Files\Google\googletoolbar1.dll supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{832D7469-2A27-4A97-9D58-1EF86BE5E149}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{832D7469-2A27-4A97-9D58-1EF86BE5E149}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Utilisateur anonyme
28 nov. 2008 à 18:10
colle 1 nouveau scan hijack stp....
a+
0
Réponse 22 / 38
krys95580 Messages postés 39 Date d'inscription vendredi 28 novembre 2008 Statut Membre Dernière intervention 1 décembre 2008 7
28 nov. 2008 à 18:11
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:11:31, on 28/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\windows\system32\RUNDLL32.EXE
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\windows\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\windows\system32\devldr32.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\windows\system32\lxdxcoms.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\windows\System32\svchost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\System32\alg.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: MSUSER Class - {8D4D2F69-DF30-4471-988C-CC58545E86C8} - C:\windows\system32\AdminLp.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
O4 - HKLM\..\Run: [lxdxamon] "C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SystemHelp] RUNDLL32.EXE C:\windows\system32\SystemHper.dll,Install
O4 - HKLM\..\Run: [WindowAdmin] RUNDLL32.EXE C:\windows\system32\AdminLp.dll,Install
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\windows\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\windows\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\windows\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe
O23 - Service: lxdx_device - - C:\windows\system32\lxdxcoms.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
0
Utilisateur anonyme
28 nov. 2008 à 18:21
toujours la.....

fais ceci

---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt

a+
0
Réponse 23 / 38
krys95580 Messages postés 39 Date d'inscription vendredi 28 novembre 2008 Statut Membre Dernière intervention 1 décembre 2008 7
28 nov. 2008 à 18:35
Pc Tools m'a detecté un trojan je l'ai bloqué apres j'ai fait le scann voila le rapport :

ComboFix 08-11-27.07 - Michel 2008-11-28 18:25:33.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.521 [GMT 1:00]
Lancé depuis: c:\documents and settings\Michel\Bureau\FIX\ComboFix.exe
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-10-28 au 2008-11-28 ))))))))))))))))))))))))))))))))))))
.

2008-11-28 16:43 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe
2008-11-28 16:43 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe
2008-11-28 16:43 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe
2008-11-28 16:43 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\o4Patch.exe
2008-11-28 16:43 . 2008-05-18 20:40 82,944 --a------ c:\windows\system32\IEDFix.exe
2008-11-28 16:43 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe
2008-11-28 16:43 . 2008-08-18 11:19 82,432 --a------ c:\windows\system32\404Fix.exe
2008-11-28 16:43 . 2003-06-05 20:13 53,248 --a------ c:\windows\system32\Process.exe
2008-11-28 16:43 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe
2008-11-28 16:43 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe
2008-11-28 16:43 . 2008-11-28 17:49 1,220 --a------ c:\windows\system32\tmp.reg
2008-11-27 15:57 . 2008-11-27 15:57 <REP> d-------- c:\program files\Trend Micro
2008-11-27 14:19 . 2008-11-27 14:19 <REP> d-------- c:\program files\Enigma Software Group
2008-11-27 13:40 . 2008-11-27 13:40 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2008-11-27 12:49 . 2008-11-27 12:49 61,440 --a------ c:\windows\system32\AdminLp.dll
2008-11-27 08:09 . 2008-11-27 16:07 <REP> d-------- c:\program files\a-squared Free
2008-11-27 07:55 . 1996-08-20 20:37 15,840 --a------ c:\windows\system32\Machnm1.exe
2008-11-27 07:55 . 2005-09-25 16:37 5,632 --a------ c:\windows\system32\Machnm64.sys
2008-11-27 07:55 . 2008-11-27 07:55 3,120 --a------ c:\windows\system32\118290.54
2008-11-27 07:55 . 2008-11-27 07:55 3,120 --a------ c:\windows\118294.78
2008-11-27 07:55 . 2003-08-13 00:27 2,304 --a------ c:\windows\system32\Machnm32.sys
2008-11-27 07:49 . 2008-11-28 18:23 <REP> d-------- c:\program files\Spyware Doctor
2008-11-27 07:49 . 2008-11-27 07:49 <REP> d-------- c:\documents and settings\Michel\Application Data\PC Tools
2008-11-27 07:49 . 2008-11-28 18:17 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-27 07:49 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2008-11-27 07:49 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2008-11-27 07:49 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2008-11-27 07:49 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2008-11-27 03:20 . 2008-11-27 03:39 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-27 02:58 . 2008-11-27 16:41 <REP> d-------- c:\windows\BDOSCAN8
2008-11-27 02:42 . 2008-11-27 02:42 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll
2008-11-27 02:40 . 2008-11-27 02:41 <REP> d-------- c:\windows\ERUNT
2008-11-27 02:40 . 2008-05-02 15:44 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2008-11-27 02:40 . 2008-05-02 15:44 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2008-11-27 02:40 . 2008-05-02 14:49 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2008-11-27 02:40 . 2008-05-02 15:44 <REP> d-------- c:\documents and settings\Administrateur\Mes documents
2008-11-27 02:40 . 2008-05-02 15:44 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2008-11-27 02:40 . 2008-05-02 15:44 <REP> d-------- c:\documents and settings\Administrateur\Favoris
2008-11-27 02:40 . 2008-11-27 02:42 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2008-11-27 02:40 . 2008-11-27 02:40 <REP> d-------- c:\documents and settings\Administrateur
2008-11-27 02:36 . 2008-11-28 16:08 <REP> d-------- C:\SDFix
2008-11-26 22:55 . 2008-11-27 23:35 <REP> d-------- c:\documents and settings\Michel\.housecall6.6
2008-11-25 13:48 . 2008-11-25 13:48 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-25 13:48 . 2008-11-25 13:48 <REP> d-------- c:\documents and settings\Michel\Application Data\Malwarebytes
2008-11-25 13:48 . 2008-11-25 13:48 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-25 13:48 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-25 13:48 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-23 20:59 . 2008-11-23 20:59 65,536 --a------ c:\windows\system32\SystemHper.dll
2008-11-21 01:57 . 2008-11-21 04:12 <REP> d-------- c:\program files\WowCartographe
2008-11-16 13:09 . 2008-11-16 13:09 <REP> d-------- c:\documents and settings\Michel\Application Data\FaxCtr
2008-11-15 23:58 . 2008-11-16 00:00 <REP> d-------- c:\documents and settings\All Users\Lx_cats
2008-11-15 23:56 . 2008-02-19 05:14 360,448 --a------ c:\windows\system32\lxdxcoin.dll
2008-11-15 23:56 . 2008-02-06 11:24 64,737 --a------ c:\windows\system32\lxdxprpr.chm
2008-11-15 23:56 . 2008-02-28 01:15 40,960 --a------ c:\windows\system32\lxdxvs.dll
2008-11-15 23:55 . 2008-02-28 01:11 782,336 --a------ c:\windows\system32\lxdxdrs.dll
2008-11-15 23:55 . 2001-08-23 17:47 87,040 --a------ c:\windows\system32\wiafbdrv.dll
2008-11-15 23:55 . 2001-08-23 17:47 87,040 --a--c--- c:\windows\system32\dllcache\wiafbdrv.dll
2008-11-15 23:55 . 2008-02-28 01:11 81,920 --a------ c:\windows\system32\lxdxcaps.dll
2008-11-15 23:55 . 2008-02-28 01:02 69,632 --a------ c:\windows\system32\lxdxcnv4.dll
2008-11-15 23:54 . 2008-11-15 23:54 <REP> d-------- c:\documents and settings\All Users\Application Data\FaxCtr
2008-11-15 23:54 . 2008-03-20 06:18 339,968 --a------ c:\windows\system32\IMGMAN32.DLL
2008-11-15 23:54 . 2008-03-20 06:18 98,345 --a------ c:\windows\system32\IMHOST32.DLL
2008-11-15 23:54 . 2008-03-20 06:18 98,304 --a------ c:\windows\system32\IM31XPNG.DEL
2008-11-15 23:54 . 2008-03-20 06:18 69,632 --a------ c:\windows\system32\IM31XTIF.DEL
2008-11-15 23:54 . 2008-03-20 06:19 53,248 --a------ c:\windows\system32\lxf3oem.dll
2008-11-15 23:54 . 2008-03-20 06:18 49,152 --a------ c:\windows\system32\IM31IMG.DIL
2008-11-15 23:54 . 2008-01-10 16:17 45,056 --a------ c:\windows\system32\LXF3PMON.DLL
2008-11-15 23:54 . 2008-03-20 06:18 32,768 --a------ c:\windows\system32\LXF3FXPU.DLL
2008-11-15 23:54 . 2008-03-20 06:19 12,288 --a------ c:\windows\system32\LXF3PMRC.DLL
2008-11-15 23:53 . 2008-11-15 23:55 <REP> d-------- c:\program files\Lexmark Fax Solutions
2008-11-15 23:50 . 2008-11-23 16:45 <REP> d-------- c:\program files\Lexmark Toolbar
2008-11-15 23:50 . 2008-02-19 17:31 102,400 --a------ c:\windows\system32\lxdxwupd.dll
2008-11-15 23:50 . 2008-02-28 01:48 17,064 --a------ c:\windows\system32\lxdxwupd.exe
2008-11-15 23:50 . 2006-12-06 18:19 44 --a------ c:\windows\system32\lxdxrwrd.ini
2008-11-15 23:49 . 2008-11-15 23:58 <REP> d-------- c:\program files\Lexmark 3600-4600 Series
2008-11-13 17:26 . 2008-11-13 17:26 <REP> d--h----- C:\BJPrinter
2008-11-13 14:49 . 2008-11-13 14:49 <REP> d-------- c:\documents and settings\All Users\Application Data\Blizzard
2008-11-13 12:49 . 2008-11-27 14:52 <REP> d-------- c:\documents and settings\All Users\Bureau
2008-11-12 12:36 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 12:36 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-10 18:02 . 2008-11-10 18:02 <REP> d-------- c:\program files\SplitCam
2008-11-10 18:02 . 2003-05-14 21:07 389,120 --a------ c:\windows\system32\actskn43.ocx
2008-11-10 18:02 . 2008-11-10 18:02 13,824 --a------ c:\windows\system32\drivers\splitcam.sys
2008-11-10 18:00 . 2008-11-10 18:00 <REP> d-------- c:\program files\Messenger Plus! Live
2008-11-10 17:48 . 2008-11-10 17:56 <REP> d-------- c:\program files\CamStudio
2008-11-07 14:31 . 2007-07-19 18:14 3,727,720 --a------ c:\windows\system32\d3dx9_35.dll
2008-11-07 14:29 . 2008-11-07 14:29 <REP> d-------- c:\windows\Logs
2008-11-04 01:18 . 2008-11-04 01:19 <REP> d-------- c:\program files\Teamspeak2_RC2

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-28 16:55 --------- d-----w c:\program files\Wanadoo
2008-11-28 16:49 --------- d-----w c:\program files\Google
2008-11-27 22:48 --------- d-----w c:\program files\World of Warcraft
2008-11-27 13:49 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-11-27 06:54 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-24 01:51 --------- d-----w c:\program files\Vuze
2008-11-24 01:51 --------- d-----w c:\documents and settings\Michel\Application Data\Azureus
2008-11-13 14:23 --------- d-----w c:\program files\Fichiers communs\Blizzard Entertainment
2008-11-13 11:48 --------- d-----w c:\program files\Windows Media Connect 2
2008-11-13 11:43 --------- d-----w c:\program files\UPS Widget
2008-11-13 11:42 --------- d-----w c:\program files\PokerStars
2008-11-13 01:34 --------- d-----w c:\documents and settings\Michel\Application Data\Skype
2008-11-11 02:43 --------- d-----w c:\documents and settings\Michel\Application Data\teamspeak2
2008-11-09 00:40 5,632 ----a-w c:\windows\system32\drivers\StarOpen.sys
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-20 14:15 --------- d-----w c:\program files\Windows Live
2008-10-20 14:13 --------- d-----w c:\program files\Microsoft
2008-10-20 14:09 --------- d-----w c:\program files\Fichiers communs\Windows Live
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-05 14:52 --------- d-----w c:\program files\Fichiers communs\Roxio Shared
2008-10-05 14:50 --------- d-----w c:\program files\INFORAD
2008-10-05 14:48 --------- d-----w c:\documents and settings\Michel\Application Data\dvdcss
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:15 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-08 22:03 51,712 ----a-w c:\windows\system32\sirenacm.dll
2008-09-05 14:04 288,768 ----a-w c:\windows\WLXPGSS.SCR
2008-09-04 17:16 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-02 17:52 256 ----a-w c:\documents and settings\Michel\pool.bin
2008-05-02 14:17 278,528 ----a-w c:\program files\Fichiers communs\FDEUnInstaller.exe
2001-11-23 04:08 712,704 ----a-w c:\windows\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((( snapshot@2008-11-25_13.54.06,43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-27 01:58:59 45,056 ----a-w c:\windows\BDOSCAN8\avxdisk.dll
+ 2008-11-27 01:58:59 10,240 ----a-w c:\windows\BDOSCAN8\avxs.dll
+ 2008-11-27 01:59:00 27,136 ----a-w c:\windows\BDOSCAN8\avxt.dll
+ 2008-11-27 01:59:01 102,400 ----a-w c:\windows\BDOSCAN8\bdcore.dll
+ 2006-05-25 00:21:00 118,784 ----a-w c:\windows\BDOSCAN8\bdupd.dll
+ 2006-05-25 00:21:14 53,248 ----a-w c:\windows\BDOSCAN8\ipsupd.dll
+ 2008-11-27 01:59:02 142,848 ----a-w c:\windows\BDOSCAN8\libfn.dll
+ 2008-11-27 01:59:00 86,016 ----a-w c:\windows\BDOSCAN8\librtvr.dll
+ 2006-05-25 00:22:06 53,248 ----a-w c:\windows\bdoscandel.exe
+ 2006-05-25 00:21:00 118,784 ----a-w c:\windows\Downloaded Program Files\bdupd.dll
+ 2008-10-04 19:16:46 1,887,080 ----a-w c:\windows\Downloaded Program Files\CONFLICT.1\FP_AX_CAB_INSTALLER.exe
+ 2008-10-04 19:16:46 1,887,080 ----a-w c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
+ 2008-05-02 13:22:56 385,536 ----a-w c:\windows\Downloaded Program Files\Housecall_ActiveX.dll
+ 2006-05-25 00:21:14 53,248 ----a-w c:\windows\Downloaded Program Files\ipsupd.dll
+ 2008-08-07 14:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2008-11-28 14:57:56 4,255,744 ----a-w c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-11-28 14:57:56 159,744 ----a-w c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-08-07 14:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-11-27 01:41:01 385,024 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-11-27 01:41:01 8,192 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-10-05 03:16:26 235,936 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil10a.exe
- 2008-05-02 15:13:59 74,137 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-11-27 15:42:39 89,102 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
- 2008-10-26 11:26:04 67,820 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-27 06:51:14 67,820 ----a-w c:\windows\system32\perfc009.dat
- 2008-10-26 11:26:04 81,094 ----a-w c:\windows\system32\perfc00C.dat
+ 2008-11-27 06:51:14 81,094 ----a-w c:\windows\system32\perfc00C.dat
- 2008-10-26 11:26:04 433,116 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-27 06:51:14 433,116 ----a-w c:\windows\system32\perfh009.dat
- 2008-10-26 11:26:04 501,172 ----a-w c:\windows\system32\perfh00C.dat
+ 2008-11-27 06:51:14 501,172 ----a-w c:\windows\system32\perfh00C.dat
+ 2006-01-09 08:36:06 40,960 ----a-w c:\windows\system32\swsc.exe
- 2008-11-25 12:34:04 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_458.dat
+ 2008-11-28 16:54:43 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_458.dat
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-09-08 3513344]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1211176]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-18 81000]
"lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-03-20 668328]
"lxdxamon"="c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe" [2008-03-20 16040]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2008-03-20 320168]
"SystemHelp"="c:\windows\system32\SystemHper.dll" [2008-11-23 65536]
"WindowAdmin"="c:\windows\system32\AdminLp.dll" [2008-11-27 61440]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
--------- 2004-08-23 13:49 20480 c:\progra~1\Wanadoo\Watch.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\lxdxcoms.exe"=
"c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxmon.exe"=
"c:\\WINDOWS\\system32\\lxdxcfg.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxtime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxjswx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"2059:UDP"= 2059:UDP:Windows Media Format SDK (iexplore.exe)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-05-02 110160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-05-19 20560]
R2 fssfltr;FssFltr;c:\windows\system32\DRIVERS\fssfltr.sys [2008-10-20 56344]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service []
S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe [2008-11-15 98984]
S3 fsssvc;Windows Live Contrôle parental;"c:\program files\Windows Live\Family Safety\fsssvc.exe" [2008-09-04 512536]
.
- - - - ORPHELINS SUPPRIMES - - - -

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe


.
------- Examen supplémentaire -------
.

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\bdoscandellang.ini - c:\windows\bdoscandel.exe
c:\windows\Downloaded Program Files\live.ini
c:\windows\Downloaded Program Files\scanoptions.tsi
c:\windows\Downloaded Program Files\lang.ini
c:\windows\Downloaded Program Files\ipsupd.dll
c:\windows\Downloaded Program Files\bdupd.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\oscan8.ocx
O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
c:\windows\Downloaded Program Files\oscan8.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-28 18:30:13
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-11-28 18:31:49
ComboFix-quarantined-files.txt 2008-11-28 17:31:45
ComboFix2.txt 2008-11-26 13:14:06
ComboFix3.txt 2008-11-25 12:54:40

Avant-CF: 36 376 788 992 octets libres
Après-CF: 36,564,873,216 octets libres

278 --- E O F --- 2008-11-12 12:23:55
0
Utilisateur anonyme
28 nov. 2008 à 18:41
scan hijack stp?
a+
0
Réponse 24 / 38
krys95580 Messages postés 39 Date d'inscription vendredi 28 novembre 2008 Statut Membre Dernière intervention 1 décembre 2008 7
28 nov. 2008 à 18:43
PC Tools m'a detecté un trojan generic dans le registre HKEY_USER nommé : Wget.
Rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:42:58, on 28/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\windows\system32\RUNDLL32.EXE
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\windows\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\a-squared Free\a2service.exe
C:\windows\system32\devldr32.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\windows\system32\lxdxcoms.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\windows\System32\svchost.exe
C:\windows\System32\alg.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\windows\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
O4 - HKLM\..\Run: [lxdxamon] "C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SystemHelp] RUNDLL32.EXE C:\windows\system32\SystemHper.dll,Install
O4 - HKLM\..\Run: [WindowAdmin] RUNDLL32.EXE C:\windows\system32\AdminLp.dll,Install
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\windows\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\windows\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\windows\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe
O23 - Service: lxdx_device - - C:\windows\system32\lxdxcoms.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
0
Utilisateur anonyme
28 nov. 2008 à 19:00
GRRRRRRR!!!!!!!

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
a+
0
Utilisateur anonyme > Utilisateur anonyme
28 nov. 2008 à 19:08
Bonsoir,
Au lieu de passer ce fix (pourquoi d'ailleurs? ) pourquoi ne pas faire de CFScript .. ?

++


EDIT : krys95580, je ne m'adresse pas à toi ;)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 38
krys95580 Messages postés 39 Date d'inscription vendredi 28 novembre 2008 Statut Membre Dernière intervention 1 décembre 2008 7
28 nov. 2008 à 19:07
-----------\\ ToolBar S&D 1.2.5 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 2.80GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Michel ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1290 [VPS 081128-0] 4.8.1290 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:63 Go (Free:34 Go)
D:\ (Local Disk) - NTFS - Total:48 Go (Free:20 Go)
E:\ (Local Disk) - NTFS - Total:152 Go (Free:119 Go)
F:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 20-11-2008|20:25 )
Option : [1] ( 28/11/2008|19:06 )

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 28/11/2008|19:07 - Option : [1]

-----------\\ Fin du rapport a 19:07:45,96
0
Réponse 26 / 38
krys95580 Messages postés 39 Date d'inscription vendredi 28 novembre 2008 Statut Membre Dernière intervention 1 décembre 2008 7
28 nov. 2008 à 19:11
Desolé mais je comprends pas ce que tu me dit en parlant de CFscript....
0
Réponse 27 / 38
krys95580 Messages postés 39 Date d'inscription vendredi 28 novembre 2008 Statut Membre Dernière intervention 1 décembre 2008 7
28 nov. 2008 à 19:25
J'ai relancer mon jeu et il me dit que le trojan est toujours la.... Je comprends pas trop ce que je dois faire à présent.
0
Utilisateur anonyme
28 nov. 2008 à 20:16
suivant les conseils de C-XX et sous son controle (merci a lui)
fais ceci:
---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.

---> Copie le texte ci-dessous par sélection puis Ctrl+C :

File::
c:\windows\system32\AdminLp.dll
c:\windows\system32\SystemHper.dll
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemHelp"=-
"WindowAdmin"=-

---> Colle la sélection dans le bloc-notes

---> Enregistre ce fichier sur le bureau (Impératif)

---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes


2/

---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
https://searchengines.pl/

[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.

[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.

[*] Une fois le scan achevé, un rapport va s'afficher : poste-le

[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix\Combofix.txt
0
Réponse 28 / 38
krys95580 Messages postés 39 Date d'inscription vendredi 28 novembre 2008 Statut Membre Dernière intervention 1 décembre 2008 7
29 nov. 2008 à 01:12
Voila le rapport :

ComboFix 08-11-28.02 - Michel 2008-11-29 1:00:07.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.406 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\Michel\Bureau\FIX\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\Michel\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]

FILE ::
c:\windows\system32\AdminLp.dll
c:\windows\system32\SystemHper.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AdminLp.dll
c:\windows\system32\SystemHper.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-28 au 2008-11-29 ))))))))))))))))))))))))))))))))))))
.

2008-11-28 19:05 . 2008-11-28 19:07 <REP> d-------- C:\ToolBar SD
2008-11-28 16:43 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-11-28 16:43 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-11-28 16:43 . 2008-10-01 14:51 87,552 --a------ C:\WINDOWS\system32\VACFix.exe
2008-11-28 16:43 . 2008-10-10 07:58 82,944 --a------ C:\WINDOWS\system32\o4Patch.exe
2008-11-28 16:43 . 2008-10-10 07:58 82,944 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-11-28 16:43 . 2008-08-18 11:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-11-28 16:43 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-11-28 16:43 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-11-28 16:43 . 2008-11-28 17:49 1,220 --a------ C:\WINDOWS\system32\tmp.reg
2008-11-27 15:57 . 2008-11-27 15:57 <REP> d-------- C:\Program Files\Trend Micro
2008-11-27 14:19 . 2008-11-27 14:19 <REP> d-------- C:\Program Files\Enigma Software Group
2008-11-27 13:40 . 2008-11-27 13:40 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-11-27 08:09 . 2008-11-27 16:07 <REP> d-------- C:\Program Files\a-squared Free
2008-11-27 07:55 . 1996-08-20 20:37 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe
2008-11-27 07:55 . 2005-09-25 16:37 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
2008-11-27 07:55 . 2008-11-27 07:55 3,120 --a------ C:\WINDOWS\system32\118290.54
2008-11-27 07:55 . 2008-11-27 07:55 3,120 --a------ C:\WINDOWS\118294.78
2008-11-27 07:55 . 2003-08-13 00:27 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
2008-11-27 07:49 . 2008-11-28 18:23 <REP> d-------- C:\Program Files\Spyware Doctor
2008-11-27 07:49 . 2008-11-27 07:49 <REP> d-------- C:\Documents and Settings\Michel\Application Data\PC Tools
2008-11-27 07:49 . 2008-11-29 01:06 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-27 07:49 . 2008-08-25 12:36 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-11-27 07:49 . 2008-08-25 12:36 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-11-27 07:49 . 2008-08-25 12:36 40,840 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-11-27 07:49 . 2008-06-02 16:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-11-27 03:20 . 2008-11-27 03:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-27 02:58 . 2008-11-27 16:41 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-11-27 02:42 . 2008-11-27 02:42 579,584 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-11-27 02:40 . 2008-11-27 02:41 <REP> d-------- C:\WINDOWS\ERUNT
2008-11-27 02:40 . 2008-05-02 15:44 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-11-27 02:40 . 2008-05-02 15:44 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-11-27 02:40 . 2008-05-02 14:49 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-11-27 02:40 . 2008-05-02 15:44 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-11-27 02:40 . 2008-05-02 15:44 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-11-27 02:40 . 2008-05-02 15:44 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-11-27 02:40 . 2008-11-27 02:42 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-11-27 02:40 . 2008-11-27 02:40 <REP> d-------- C:\Documents and Settings\Administrateur
2008-11-27 02:36 . 2008-11-28 16:08 <REP> d-------- C:\SDFix
2008-11-26 22:55 . 2008-11-27 23:35 <REP> d-------- C:\Documents and Settings\Michel\.housecall6.6
2008-11-25 13:48 . 2008-11-25 13:48 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-25 13:48 . 2008-11-25 13:48 <REP> d-------- C:\Documents and Settings\Michel\Application Data\Malwarebytes
2008-11-25 13:48 . 2008-11-25 13:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-25 13:48 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-11-25 13:48 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-11-21 01:57 . 2008-11-21 04:12 <REP> d-------- C:\Program Files\WowCartographe
2008-11-16 13:09 . 2008-11-16 13:09 <REP> d-------- C:\Documents and Settings\Michel\Application Data\FaxCtr
2008-11-15 23:58 . 2008-11-16 00:00 <REP> d-------- C:\Documents and Settings\All Users\Lx_cats
2008-11-15 23:56 . 2008-02-19 05:14 360,448 --a------ C:\WINDOWS\system32\lxdxcoin.dll
2008-11-15 23:56 . 2008-02-06 11:24 64,737 --a------ C:\WINDOWS\system32\lxdxprpr.chm
2008-11-15 23:56 . 2008-02-28 01:15 40,960 --a------ C:\WINDOWS\system32\lxdxvs.dll
2008-11-15 23:55 . 2008-02-28 01:11 782,336 --a------ C:\WINDOWS\system32\lxdxdrs.dll
2008-11-15 23:55 . 2001-08-23 17:47 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2008-11-15 23:55 . 2001-08-23 17:47 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-11-15 23:55 . 2008-02-28 01:11 81,920 --a------ C:\WINDOWS\system32\lxdxcaps.dll
2008-11-15 23:55 . 2008-02-28 01:02 69,632 --a------ C:\WINDOWS\system32\lxdxcnv4.dll
2008-11-15 23:54 . 2008-11-15 23:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FaxCtr
2008-11-15 23:54 . 2008-03-20 06:18 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2008-11-15 23:54 . 2008-03-20 06:18 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2008-11-15 23:54 . 2008-03-20 06:18 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL
2008-11-15 23:54 . 2008-03-20 06:18 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL
2008-11-15 23:54 . 2008-03-20 06:19 53,248 --a------ C:\WINDOWS\system32\lxf3oem.dll
2008-11-15 23:54 . 2008-03-20 06:18 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL
2008-11-15 23:54 . 2008-01-10 16:17 45,056 --a------ C:\WINDOWS\system32\LXF3PMON.DLL
2008-11-15 23:54 . 2008-03-20 06:18 32,768 --a------ C:\WINDOWS\system32\LXF3FXPU.DLL
2008-11-15 23:54 . 2008-03-20 06:19 12,288 --a------ C:\WINDOWS\system32\LXF3PMRC.DLL
2008-11-15 23:53 . 2008-11-15 23:55 <REP> d-------- C:\Program Files\Lexmark Fax Solutions
2008-11-15 23:50 . 2008-11-23 16:45 <REP> d-------- C:\Program Files\Lexmark Toolbar
2008-11-15 23:50 . 2008-02-19 17:31 102,400 --a------ C:\WINDOWS\system32\lxdxwupd.dll
2008-11-15 23:50 . 2008-02-28 01:48 17,064 --a------ C:\WINDOWS\system32\lxdxwupd.exe
2008-11-15 23:50 . 2006-12-06 18:19 44 --a------ C:\WINDOWS\system32\lxdxrwrd.ini
2008-11-15 23:49 . 2008-11-15 23:58 <REP> d-------- C:\Program Files\Lexmark 3600-4600 Series
2008-11-13 17:26 . 2008-11-13 17:26 <REP> d--h----- C:\BJPrinter
2008-11-13 14:49 . 2008-11-13 14:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Blizzard
2008-11-13 12:49 . 2008-11-27 14:52 <REP> d-------- C:\Documents and Settings\All Users\Bureau
2008-11-12 12:36 . 2008-09-04 18:16 1,106,944 -----c--- C:\WINDOWS\system32\dllcache\msxml3.dll
2008-11-12 12:36 . 2008-10-24 12:21 455,296 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys
2008-11-10 18:02 . 2008-11-10 18:02 <REP> d-------- C:\Program Files\SplitCam
2008-11-10 18:02 . 2003-05-14 21:07 389,120 --a------ C:\WINDOWS\system32\actskn43.ocx
2008-11-10 18:02 . 2008-11-10 18:02 13,824 --a------ C:\WINDOWS\system32\drivers\splitcam.sys
2008-11-10 18:00 . 2008-11-10 18:00 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-11-10 17:48 . 2008-11-10 17:56 <REP> d-------- C:\Program Files\CamStudio
2008-11-07 14:31 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-11-07 14:29 . 2008-11-07 14:29 <REP> d-------- C:\WINDOWS\Logs
2008-11-04 01:18 . 2008-11-04 01:19 <REP> d-------- C:\Program Files\Teamspeak2_RC2

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-29 00:06 --------- d-----w C:\Program Files\Wanadoo
2008-11-28 16:49 --------- d-----w C:\Program Files\Google
2008-11-27 22:48 --------- d-----w C:\Program Files\World of Warcraft
2008-11-27 13:49 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-11-27 06:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-11-24 01:51 --------- d-----w C:\Program Files\Vuze
2008-11-24 01:51 --------- d-----w C:\Documents and Settings\Michel\Application Data\Azureus
2008-11-13 14:23 --------- d-----w C:\Program Files\Fichiers communs\Blizzard Entertainment
2008-11-13 11:48 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-11-13 11:43 --------- d-----w C:\Program Files\UPS Widget
2008-11-13 11:42 --------- d-----w C:\Program Files\PokerStars
2008-11-13 01:34 --------- d-----w C:\Documents and Settings\Michel\Application Data\Skype
2008-11-11 02:43 --------- d-----w C:\Documents and Settings\Michel\Application Data\teamspeak2
2008-11-09 00:40 5,632 ----a-w C:\windows\system32\drivers\StarOpen.sys
2008-10-24 11:21 455,296 ----a-w C:\windows\system32\drivers\mrxsmb.sys
2008-10-20 14:15 --------- d-----w C:\Program Files\Windows Live
2008-10-20 14:13 --------- d-----w C:\Program Files\Microsoft
2008-10-20 14:09 --------- d-----w C:\Program Files\Fichiers communs\Windows Live
2008-10-05 14:52 --------- d-----w C:\Program Files\Fichiers communs\Roxio Shared
2008-10-05 14:50 --------- d-----w C:\Program Files\INFORAD
2008-10-05 14:48 --------- d-----w C:\Documents and Settings\Michel\Application Data\dvdcss
2008-09-05 14:04 288,768 ----a-w C:\windows\WLXPGSS.SCR
2008-09-02 17:52 256 ----a-w C:\Documents and Settings\Michel\pool.bin
2008-05-02 14:17 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2001-11-23 04:08 712,704 ----a-w C:\windows\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((( snapshot_2008-11-28_18.30.53,60 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-28 16:54:43 16,384 ----atw C:\windows\Temp\Perflib_Perfdata_458.dat
+ 2008-11-29 00:05:46 16,384 ----atw C:\windows\Temp\Perflib_Perfdata_458.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50 122880]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-09-08 23:02 3513344]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 21:45 1211176]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 03:34 1695232]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2008-04-14 03:33 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-18 18:39 81000]
"lxdxmon.exe"="C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-03-20 07:25 668328]
"lxdxamon"="C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe" [2008-03-20 07:25 16040]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2008-03-20 07:22 320168]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-08-25 12:36 1168264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 03:33 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
--------- 2004-08-23 13:49 20480 C:\PROGRA~1\Wanadoo\Watch.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Vuze\\Azureus.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\WINDOWS\\system32\\lxdxcoms.exe"=
"C:\\Program Files\\Lexmark 3600-4600 Series\\lxdxmon.exe"=
"C:\\WINDOWS\\system32\\lxdxcfg.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxpswx.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxtime.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxjswx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"2059:UDP"= 2059:UDP:Windows Media Format SDK (iexplore.exe)

R1 aswSP;avast! Self Protection;C:\windows\system32\drivers\aswSP.sys [2008-05-02 16:17:07 110160]
R2 aswFsBlk;aswFsBlk;C:\windows\system32\DRIVERS\aswFsBlk.sys [2008-05-19 08:25:40 20560]
R2 fssfltr;FssFltr;C:\windows\system32\DRIVERS\fssfltr.sys [2008-10-20 15:15:29 56344]
R2 lxdx_device;lxdx_device;C:\windows\system32\lxdxcoms.exe -service []
S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;C:\windows\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe [2008-11-15 23:56:09 98984]
S3 fsssvc;Windows Live Contrôle parental;"C:\Program Files\Windows Live\Family Safety\fsssvc.exe" [2008-09-04 21:03:04 512536]
.
Contenu du dossier 'Tâches planifiées'

2008-11-28 C:\windows\Tasks\User_Feed_Synchronization-{ABD7D069-DDF8-4EF7-ADC9-068A0A5E026A}.job
- C:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
0
Utilisateur anonyme
29 nov. 2008 à 11:25
scan hijack pour voir stp

a+
0
Réponse 29 / 38
krys95580 Messages postés 39 Date d'inscription vendredi 28 novembre 2008 Statut Membre Dernière intervention 1 décembre 2008 7
29 nov. 2008 à 13:12
Bon j'ai relancer le jeu il ne me dit plus qu'il y'a de virus donc je pense etre desinfecté voila le rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:11, on 2008-11-29
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\windows\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\windows\system32\devldr32.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\windows\system32\lxdxcoms.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\windows\System32\svchost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\System32\alg.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\World of Warcraft\WoW.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
O4 - HKLM\..\Run: [lxdxamon] "C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\windows\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\windows\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\windows\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe
O23 - Service: lxdx_device - - C:\windows\system32\lxdxcoms.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
0
Utilisateur anonyme
29 nov. 2008 à 13:31
analyse ces deux fichiers sur virustotal stp

https://www.virustotal.com/gui/

c:\windows\system32\118290.54

c:\windows\118294.78

a+
0
Réponse 30 / 38
krys95580 Messages postés 39 Date d'inscription vendredi 28 novembre 2008 Statut Membre Dernière intervention 1 décembre 2008 7
29 nov. 2008 à 13:42
Voila les résultats que tu m'a demander :

Fichier 118290.54 :

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.11.28.2 2008.11.28 -
AntiVir 7.9.0.36 2008.11.28 -
Authentium 5.1.0.4 2008.11.28 -
Avast 4.8.1281.0 2008.11.28 -
AVG 8.0.0.199 2008.11.29 -
BitDefender 7.2 2008.11.29 -
CAT-QuickHeal 10.00 2008.11.29 -
ClamAV 0.94.1 2008.11.29 -
DrWeb 4.44.0.09170 2008.11.29 -
eSafe 7.0.17.0 2008.11.27 -
eTrust-Vet 31.6.6234 2008.11.28 -
Ewido 4.0 2008.11.29 -
F-Prot 4.4.4.56 2008.11.28 -
Fortinet 3.117.0.0 2008.11.29 -
GData 19 2008.11.29 -
Ikarus T3.1.1.45.0 2008.11.29 -
K7AntiVirus 7.10.538 2008.11.29 -
Kaspersky 7.0.0.125 2008.11.29 -
McAfee 5448 2008.11.28 -
McAfee+Artemis 5448 2008.11.28 -
Microsoft 1.4104 2008.11.29 -
NOD32 3650 2008.11.28 -
Panda 9.0.0.4 2008.11.29 -
PCTools 4.4.2.0 2008.11.28 -
Rising 21.05.52.00 2008.11.29 -
SecureWeb-Gateway 6.7.6 2008.11.28 -
Sophos 4.36.0 2008.11.29 -
Sunbelt 3.1.1832.2 2008.11.27 -
Symantec 10 2008.11.29 -
TheHacker 6.3.1.1.166 2008.11.28 -
TrendMicro 8.700.0.1004 2008.11.28 -
VBA32 3.12.8.9 2008.11.28 -
ViRobot 2008.11.29.1492 2008.11.29 -
VirusBuster 4.5.11.0 2008.11.28 -
0
Réponse 31 / 38
krys95580 Messages postés 39 Date d'inscription vendredi 28 novembre 2008 Statut Membre Dernière intervention 1 décembre 2008 7
29 nov. 2008 à 13:44
En ce qui concerne le deuxieme fichier : 118294.78 quand je demande l'analyse sur le site il me dit :

Le fichier a déjà été analysé:
MD5: 5b09779926a8aca46f9cafa14b2a9093
First received: -
Date 2008.11.29 13:41:41 (CET) [<1D]
Résultats 0/34
Permalink: analisis/082b7f2e68d5a26fe0843eaa36b7a305
0
Utilisateur anonyme
29 nov. 2008 à 18:33
fais ceci:
---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.

---> Copie le texte ci-dessous par sélection puis Ctrl+C :

File:
c:\windows\system32\118290.54
c:\windows\118294.78


Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemHelp"=-
"WindowAdmin"=-

---> Colle la sélection dans le bloc-notes

---> Enregistre ce fichier sur le bureau (Impératif)

---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes


2/

---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
https://searchengines.pl/

[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.

[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.

[*] Une fois le scan achevé, un rapport va s'afficher : poste-le

[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix\Combofix.txt
0
Réponse 32 / 38
krys95580 Messages postés 39 Date d'inscription vendredi 28 novembre 2008 Statut Membre Dernière intervention 1 décembre 2008 7
29 nov. 2008 à 21:01
Et voila le rapport :

ComboFix 08-11-29.02 - Michel 2008-11-29 20:53:42.5 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.633 [GMT 1:00]
Lancé depuis: c:\documents and settings\Michel\Bureau\FIX\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Michel\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\system32\AdminLp.dll
c:\windows\system32\SystemHper.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-28 au 2008-11-29 ))))))))))))))))))))))))))))))))))))
.

2008-11-28 19:05 . 2008-11-28 19:07 <REP> d-------- C:\ToolBar SD
2008-11-28 16:43 . 2007-09-05 23:22 289,144 --a------ c:\windows\system32\VCCLSID.exe
2008-11-28 16:43 . 2006-04-27 16:49 288,417 --a------ c:\windows\system32\SrchSTS.exe
2008-11-28 16:43 . 2008-10-01 14:51 87,552 --a------ c:\windows\system32\VACFix.exe
2008-11-28 16:43 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\o4Patch.exe
2008-11-28 16:43 . 2008-10-10 07:58 82,944 --a------ c:\windows\system32\IEDFix.C.exe
2008-11-28 16:43 . 2008-08-18 11:19 82,432 --a------ c:\windows\system32\404Fix.exe
2008-11-28 16:43 . 2004-07-31 17:50 51,200 --a------ c:\windows\system32\dumphive.exe
2008-11-28 16:43 . 2007-10-03 23:36 25,600 --a------ c:\windows\system32\WS2Fix.exe
2008-11-28 16:43 . 2008-11-28 17:49 1,220 --a------ c:\windows\system32\tmp.reg
2008-11-27 15:57 . 2008-11-27 15:57 <REP> d-------- c:\program files\Trend Micro
2008-11-27 14:19 . 2008-11-27 14:19 <REP> d-------- c:\program files\Enigma Software Group
2008-11-27 13:40 . 2008-11-27 13:40 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2008-11-27 08:09 . 2008-11-27 16:07 <REP> d-------- c:\program files\a-squared Free
2008-11-27 07:55 . 1996-08-20 20:37 15,840 --a------ c:\windows\system32\Machnm1.exe
2008-11-27 07:55 . 2005-09-25 16:37 5,632 --a------ c:\windows\system32\Machnm64.sys
2008-11-27 07:55 . 2008-11-27 07:55 3,120 --a------ c:\windows\system32\118290.54
2008-11-27 07:55 . 2008-11-27 07:55 3,120 --a------ c:\windows\118294.78
2008-11-27 07:55 . 2003-08-13 00:27 2,304 --a------ c:\windows\system32\Machnm32.sys
2008-11-27 07:49 . 2008-11-28 18:23 <REP> d-------- c:\program files\Spyware Doctor
2008-11-27 07:49 . 2008-11-27 07:49 <REP> d-------- c:\documents and settings\Michel\Application Data\PC Tools
2008-11-27 07:49 . 2008-11-29 20:50 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-27 07:49 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2008-11-27 07:49 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2008-11-27 07:49 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2008-11-27 07:49 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2008-11-27 03:20 . 2008-11-27 03:39 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-27 02:58 . 2008-11-27 16:41 <REP> d-------- c:\windows\BDOSCAN8
2008-11-27 02:42 . 2008-11-27 02:42 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll
2008-11-27 02:40 . 2008-11-27 02:41 <REP> d-------- c:\windows\ERUNT
2008-11-27 02:40 . 2008-05-02 15:44 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2008-11-27 02:40 . 2008-05-02 15:44 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2008-11-27 02:40 . 2008-05-02 14:49 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2008-11-27 02:40 . 2008-05-02 15:44 <REP> d-------- c:\documents and settings\Administrateur\Mes documents
2008-11-27 02:40 . 2008-05-02 15:44 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2008-11-27 02:40 . 2008-05-02 15:44 <REP> d-------- c:\documents and settings\Administrateur\Favoris
2008-11-27 02:40 . 2008-11-27 02:42 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2008-11-27 02:40 . 2008-11-27 02:40 <REP> d-------- c:\documents and settings\Administrateur
2008-11-27 02:36 . 2008-11-28 16:08 <REP> d-------- C:\SDFix
2008-11-26 22:55 . 2008-11-27 23:35 <REP> d-------- c:\documents and settings\Michel\.housecall6.6
2008-11-25 13:48 . 2008-11-25 13:48 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-25 13:48 . 2008-11-25 13:48 <REP> d-------- c:\documents and settings\Michel\Application Data\Malwarebytes
2008-11-25 13:48 . 2008-11-25 13:48 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-25 13:48 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-25 13:48 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-21 01:57 . 2008-11-21 04:12 <REP> d-------- c:\program files\WowCartographe
2008-11-16 13:09 . 2008-11-16 13:09 <REP> d-------- c:\documents and settings\Michel\Application Data\FaxCtr
2008-11-15 23:58 . 2008-11-16 00:00 <REP> d-------- c:\documents and settings\All Users\Lx_cats
2008-11-15 23:56 . 2008-02-19 05:14 360,448 --a------ c:\windows\system32\lxdxcoin.dll
2008-11-15 23:56 . 2008-02-06 11:24 64,737 --a------ c:\windows\system32\lxdxprpr.chm
2008-11-15 23:56 . 2008-02-28 01:15 40,960 --a------ c:\windows\system32\lxdxvs.dll
2008-11-15 23:55 . 2008-02-28 01:11 782,336 --a------ c:\windows\system32\lxdxdrs.dll
2008-11-15 23:55 . 2001-08-23 17:47 87,040 --a------ c:\windows\system32\wiafbdrv.dll
2008-11-15 23:55 . 2001-08-23 17:47 87,040 --a--c--- c:\windows\system32\dllcache\wiafbdrv.dll
2008-11-15 23:55 . 2008-02-28 01:11 81,920 --a------ c:\windows\system32\lxdxcaps.dll
2008-11-15 23:55 . 2008-02-28 01:02 69,632 --a------ c:\windows\system32\lxdxcnv4.dll
2008-11-15 23:54 . 2008-11-15 23:54 <REP> d-------- c:\documents and settings\All Users\Application Data\FaxCtr
2008-11-15 23:54 . 2008-03-20 06:18 339,968 --a------ c:\windows\system32\IMGMAN32.DLL
2008-11-15 23:54 . 2008-03-20 06:18 98,345 --a------ c:\windows\system32\IMHOST32.DLL
2008-11-15 23:54 . 2008-03-20 06:18 98,304 --a------ c:\windows\system32\IM31XPNG.DEL
2008-11-15 23:54 . 2008-03-20 06:18 69,632 --a------ c:\windows\system32\IM31XTIF.DEL
2008-11-15 23:54 . 2008-03-20 06:19 53,248 --a------ c:\windows\system32\lxf3oem.dll
2008-11-15 23:54 . 2008-03-20 06:18 49,152 --a------ c:\windows\system32\IM31IMG.DIL
2008-11-15 23:54 . 2008-01-10 16:17 45,056 --a------ c:\windows\system32\LXF3PMON.DLL
2008-11-15 23:54 . 2008-03-20 06:18 32,768 --a------ c:\windows\system32\LXF3FXPU.DLL
2008-11-15 23:54 . 2008-03-20 06:19 12,288 --a------ c:\windows\system32\LXF3PMRC.DLL
2008-11-15 23:53 . 2008-11-15 23:55 <REP> d-------- c:\program files\Lexmark Fax Solutions
2008-11-15 23:50 . 2008-11-23 16:45 <REP> d-------- c:\program files\Lexmark Toolbar
2008-11-15 23:50 . 2008-02-19 17:31 102,400 --a------ c:\windows\system32\lxdxwupd.dll
2008-11-15 23:50 . 2008-02-28 01:48 17,064 --a------ c:\windows\system32\lxdxwupd.exe
2008-11-15 23:50 . 2006-12-06 18:19 44 --a------ c:\windows\system32\lxdxrwrd.ini
2008-11-15 23:49 . 2008-11-15 23:58 <REP> d-------- c:\program files\Lexmark 3600-4600 Series
2008-11-13 17:26 . 2008-11-13 17:26 <REP> d--h----- C:\BJPrinter
2008-11-13 14:49 . 2008-11-13 14:49 <REP> d-------- c:\documents and settings\All Users\Application Data\Blizzard
2008-11-13 12:49 . 2008-11-27 14:52 <REP> d-------- c:\documents and settings\All Users\Bureau
2008-11-12 12:36 . 2008-09-04 18:16 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 12:36 . 2008-10-24 12:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-10 18:02 . 2008-11-10 18:02 <REP> d-------- c:\program files\SplitCam
2008-11-10 18:02 . 2003-05-14 21:07 389,120 --a------ c:\windows\system32\actskn43.ocx
2008-11-10 18:02 . 2008-11-10 18:02 13,824 --a------ c:\windows\system32\drivers\splitcam.sys
2008-11-10 18:00 . 2008-11-10 18:00 <REP> d-------- c:\program files\Messenger Plus! Live
2008-11-10 17:48 . 2008-11-10 17:56 <REP> d-------- c:\program files\CamStudio
2008-11-07 14:31 . 2007-07-19 18:14 3,727,720 --a------ c:\windows\system32\d3dx9_35.dll
2008-11-07 14:29 . 2008-11-07 14:29 <REP> d-------- c:\windows\Logs
2008-11-04 01:18 . 2008-11-04 01:19 <REP> d-------- c:\program files\Teamspeak2_RC2

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-29 11:53 --------- d-----w c:\program files\Wanadoo
2008-11-28 16:49 --------- d-----w c:\program files\Google
2008-11-27 22:48 --------- d-----w c:\program files\World of Warcraft
2008-11-27 13:49 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-11-27 06:54 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-24 01:51 --------- d-----w c:\program files\Vuze
2008-11-24 01:51 --------- d-----w c:\documents and settings\Michel\Application Data\Azureus
2008-11-13 14:23 --------- d-----w c:\program files\Fichiers communs\Blizzard Entertainment
2008-11-13 11:48 --------- d-----w c:\program files\Windows Media Connect 2
2008-11-13 11:43 --------- d-----w c:\program files\UPS Widget
2008-11-13 11:42 --------- d-----w c:\program files\PokerStars
2008-11-13 01:34 --------- d-----w c:\documents and settings\Michel\Application Data\Skype
2008-11-11 02:43 --------- d-----w c:\documents and settings\Michel\Application Data\teamspeak2
2008-11-09 00:40 5,632 ----a-w c:\windows\system32\drivers\StarOpen.sys
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-20 14:15 --------- d-----w c:\program files\Windows Live
2008-10-20 14:13 --------- d-----w c:\program files\Microsoft
2008-10-20 14:09 --------- d-----w c:\program files\Fichiers communs\Windows Live
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-05 14:52 --------- d-----w c:\program files\Fichiers communs\Roxio Shared
2008-10-05 14:50 --------- d-----w c:\program files\INFORAD
2008-10-05 14:48 --------- d-----w c:\documents and settings\Michel\Application Data\dvdcss
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:15 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-08 22:03 51,712 ----a-w c:\windows\system32\sirenacm.dll
2008-09-05 14:04 288,768 ----a-w c:\windows\WLXPGSS.SCR
2008-09-04 17:16 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-02 17:52 256 ----a-w c:\documents and settings\Michel\pool.bin
2008-05-02 14:17 278,528 ----a-w c:\program files\Fichiers communs\FDEUnInstaller.exe
2001-11-23 04:08 712,704 ----a-w c:\windows\inf\OTHER\AUDIO3D.DLL
.

((((((((((((((((((((((((((((( snapshot_2008-11-28_18.30.53,60 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-29 11:51:30 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_444.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="c:\progra~1\Wanadoo\Shell.exe" [2004-08-23 122880]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-09-08 3513344]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1211176]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-18 81000]
"lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-03-20 668328]
"lxdxamon"="c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe" [2008-03-20 16040]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2008-03-20 320168]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
--------- 2004-08-23 13:49 20480 c:\progra~1\Wanadoo\Watch.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\lxdxcoms.exe"=
"c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxmon.exe"=
"c:\\WINDOWS\\system32\\lxdxcfg.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxtime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxjswx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"2059:UDP"= 2059:UDP:Windows Media Format SDK (iexplore.exe)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-05-02 110160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-05-19 20560]
R2 fssfltr;FssFltr;c:\windows\system32\DRIVERS\fssfltr.sys [2008-10-20 56344]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service []
S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe [2008-11-15 98984]
S3 fsssvc;Windows Live Contrôle parental;"c:\program files\Windows Live\Family Safety\fsssvc.exe" [2008-09-04 512536]
.
Contenu du dossier 'Tâches planifiées'

2008-11-29 c:\windows\Tasks\User_Feed_Synchronization-{ABD7D069-DDF8-4EF7-ADC9-068A0A5E026A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-29 20:57:45
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-11-29 20:59:15
ComboFix-quarantined-files.txt 2008-11-29 19:59:10
ComboFix2.txt 2008-11-28 17:31:52
ComboFix3.txt 2008-11-26 13:14:06
ComboFix4.txt 2008-11-25 12:54:40

Avant-CF: 36,394,045,440 octets libres
Après-CF: 36,496,400,384 octets libres

230 --- E O F --- 2008-11-12 12:23:55
0
Utilisateur anonyme
29 nov. 2008 à 21:12
hijack stp.......

a+
0
Réponse 33 / 38
krys95580 Messages postés 39 Date d'inscription vendredi 28 novembre 2008 Statut Membre Dernière intervention 1 décembre 2008 7
29 nov. 2008 à 21:21
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:21:24, on 29/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\windows\system32\ctfmon.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\windows\system32\devldr32.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\windows\system32\lxdxcoms.exe
C:\windows\system32\msiexec.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
O4 - HKLM\..\Run: [lxdxamon] "C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\windows\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\windows\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\windows\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe
O23 - Service: lxdx_device - - C:\windows\system32\lxdxcoms.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
0
Utilisateur anonyme
29 nov. 2008 à 22:43
1- Télécharges OTMoveIt3 (de Old_Timer) sur ton Bureau.

http://oldtimer.geekstogo.com/OTMoveIt3.exe

! Déconnectes toi et fermes toute tes applications en cours !

Double cliques sur "OTMoveIt3.exe" pour ouvrir le prg .
Puis copies ce qui se trouve en citation ci-dessous,




:Processes
explorer.exe

:files
C:\Program Files\Microsoft\Search Enhancement Pack



commands
[purity]
[emptytemp]
[start explorer]
[reboot]





---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : d

a+














0
Réponse 34 / 38
krys95580 Messages postés 39 Date d'inscription vendredi 28 novembre 2008 Statut Membre Dernière intervention 1 décembre 2008 7
30 nov. 2008 à 03:52
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper moved successfully.
C:\Program Files\Microsoft\Search Enhancement Pack\Search Box Extension moved successfully.
C:\Program Files\Microsoft\Search Enhancement Pack\Choice Guard moved successfully.
C:\Program Files\Microsoft\Search Enhancement Pack moved successfully.
File/Folder commands not found.
File/Folder [purity] not found.
File/Folder [emptytemp] not found.
File/Folder [start explorer] not found.
File/Folder [reboot] not found.

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11302008_034537
0
Utilisateur anonyme
30 nov. 2008 à 10:23
SUPER.....
hijack pour la forme......stp
mais la je sais que c est bon.. (meci C-XX)

a+
0
Réponse 35 / 38
krys95580 Messages postés 39 Date d'inscription vendredi 28 novembre 2008 Statut Membre Dernière intervention 1 décembre 2008 7
30 nov. 2008 à 15:24
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:24:34, on 30/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\windows\system32\ctfmon.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\windows\system32\devldr32.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\windows\system32\lxdxcoms.exe
C:\windows\system32\msiexec.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
O4 - HKLM\..\Run: [lxdxamon] "C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\windows\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\windows\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\windows\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe
O23 - Service: lxdx_device - - C:\windows\system32\lxdxcoms.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
0
Utilisateur anonyme
30 nov. 2008 à 15:38
fais ceci

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :





:processes
explorer.exe

:files
C:\Program Files\Microsoft\Search Enhancement Pack


:commands
[purity]
[emptytemp]
[start explorer]
[reboot]





---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

a+
0
Réponse 36 / 38
krys95580 Messages postés 39 Date d'inscription vendredi 28 novembre 2008 Statut Membre Dernière intervention 1 décembre 2008 7
30 nov. 2008 à 15:47
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\Program Files\Microsoft\Search Enhancement Pack not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Michel\LOCALS~1\Temp\MessengerCache\2FxfK52Fechb6ofNw4670Iu3ky5BA= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michel\LOCALS~1\Temp\MessengerCache\2sn9tqFWFaOnnwPmxgzOB8zNq1o= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michel\LOCALS~1\Temp\MessengerCache\3UEqiKKNCWgSgebLYI30ZWfllK0= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michel\LOCALS~1\Temp\MessengerCache\8Mp217ta1FvP6PQnyWaFcU4QEGI= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michel\LOCALS~1\Temp\MessengerCache\9swuUm0eHsE73deAm+L0Bbi202M= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michel\LOCALS~1\Temp\MessengerCache\SN2rgcPbNlkjFFNR2F86WZJ0wxCk= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michel\LOCALS~1\Temp\MessengerCache\V5o2Fo6SR92F2F2FUir9FIE4jSFX7es= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michel\LOCALS~1\Temp\MessengerCache\WjaYCImvurWzrORsVPrdwcut1CU= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michel\LOCALS~1\Temp\MessengerCache\WMnU5xmgkT1iK8qxzjtYGNOIKrk= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michel\LOCALS~1\Temp\MessengerCache\Yy6yswyGkL9xJpWoUvHWM8b2xD4= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michel\LOCALS~1\Temp\MessengerCache\ziWp8neS1vFbmGVXs179hY3HQO0= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michel\LOCALS~1\Temp\hsperfdata_Michel\2440 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michel\LOCALS~1\Temp\e4jF.tmp_dir2357\exe4jlib.jar scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michel\LOCALS~1\Temp\azemp-win32_2.0.30.zip scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michel\LOCALS~1\Temp\swt-gdip-win32-3448.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michel\LOCALS~1\Temp\swt-win32-3448.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michel\LOCALS~1\Temp\WCESLog.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michel\LOCALS~1\Temp\~DF3306.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michel\LOCALS~1\Temp\~DF3322.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Michel\LOCALS~1\Temp\~DFC882.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\windows\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\windows\temp\Perflib_Perfdata_43c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11302008_154305

Files moved on Reboot...
C:\DOCUME~1\Michel\LOCALS~1\Temp\MessengerCache\2FxfK52Fechb6ofNw4670Iu3ky5BA= moved successfully.
C:\DOCUME~1\Michel\LOCALS~1\Temp\MessengerCache\2sn9tqFWFaOnnwPmxgzOB8zNq1o= moved successfully.
C:\DOCUME~1\Michel\LOCALS~1\Temp\MessengerCache\3UEqiKKNCWgSgebLYI30ZWfllK0= moved successfully.
C:\DOCUME~1\Michel\LOCALS~1\Temp\MessengerCache\8Mp217ta1FvP6PQnyWaFcU4QEGI= moved successfully.
C:\DOCUME~1\Michel\LOCALS~1\Temp\MessengerCache\9swuUm0eHsE73deAm+L0Bbi202M= moved successfully.
C:\DOCUME~1\Michel\LOCALS~1\Temp\MessengerCache\SN2rgcPbNlkjFFNR2F86WZJ0wxCk= moved successfully.
C:\DOCUME~1\Michel\LOCALS~1\Temp\MessengerCache\V5o2Fo6SR92F2F2FUir9FIE4jSFX7es= moved successfully.
C:\DOCUME~1\Michel\LOCALS~1\Temp\MessengerCache\WjaYCImvurWzrORsVPrdwcut1CU= moved successfully.
C:\DOCUME~1\Michel\LOCALS~1\Temp\MessengerCache\WMnU5xmgkT1iK8qxzjtYGNOIKrk= moved successfully.
C:\DOCUME~1\Michel\LOCALS~1\Temp\MessengerCache\Yy6yswyGkL9xJpWoUvHWM8b2xD4= moved successfully.
C:\DOCUME~1\Michel\LOCALS~1\Temp\MessengerCache\ziWp8neS1vFbmGVXs179hY3HQO0= moved successfully.
File C:\DOCUME~1\Michel\LOCALS~1\Temp\hsperfdata_Michel\2440 not found!
C:\DOCUME~1\Michel\LOCALS~1\Temp\e4jF.tmp_dir2357\exe4jlib.jar moved successfully.
C:\DOCUME~1\Michel\LOCALS~1\Temp\azemp-win32_2.0.30.zip moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\Michel\LOCALS~1\Temp\swt-gdip-win32-3448.dll
C:\DOCUME~1\Michel\LOCALS~1\Temp\swt-gdip-win32-3448.dll NOT unregistered.
C:\DOCUME~1\Michel\LOCALS~1\Temp\swt-gdip-win32-3448.dll moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\Michel\LOCALS~1\Temp\swt-win32-3448.dll
C:\DOCUME~1\Michel\LOCALS~1\Temp\swt-win32-3448.dll NOT unregistered.
C:\DOCUME~1\Michel\LOCALS~1\Temp\swt-win32-3448.dll moved successfully.
C:\DOCUME~1\Michel\LOCALS~1\Temp\WCESLog.log moved successfully.
File C:\DOCUME~1\Michel\LOCALS~1\Temp\~DF3306.tmp not found!
File C:\DOCUME~1\Michel\LOCALS~1\Temp\~DF3322.tmp not found!
File C:\DOCUME~1\Michel\LOCALS~1\Temp\~DFC882.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
File move failed. C:\windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\windows\temp\Perflib_Perfdata_43c.dat moved successfully.
0
Utilisateur anonyme
30 nov. 2008 à 15:51
comme d hab....
hijack stp

a+
0
Réponse 37 / 38
krys95580 Messages postés 39 Date d'inscription vendredi 28 novembre 2008 Statut Membre Dernière intervention 1 décembre 2008 7
30 nov. 2008 à 15:52
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:52:02, on 30/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\windows\system32\lxdxcoms.exe
C:\windows\system32\msiexec.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\windows\system32\ctfmon.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\windows\system32\devldr32.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Vuze\Azureus.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
O4 - HKLM\..\Run: [lxdxamon] "C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\windows\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\windows\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\windows\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe
O23 - Service: lxdx_device - - C:\windows\system32\lxdxcoms.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
0
Réponse 38 / 38
krys95580 Messages postés 39 Date d'inscription vendredi 28 novembre 2008 Statut Membre Dernière intervention 1 décembre 2008 7
1 déc. 2008 à 01:03
Je sais pas si tout est bon. En tout cas si oui je voulais te remercier d'avoir prit du temps pour m'aider à virer ce virus c'est tres gentil à toi !
0
Utilisateur anonyme
6 déc. 2008 à 15:36
excuses pour le retard.....
pour supprimer les outils utilisés

Telecharge ToolsCleaner2--> http://pc-system.fr/

-Une fois téléchargé, installe-le et lance-le

-Clique sur Recherche et laisse le scan se terminer

-Clique sur Suppression

-Clique sur Quitter pour que le rapport puisse se créer

-Poste moi le rapport se trouvant ici--> C:\TCleaner.txt

a+
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
problême Opéra est ce un virus??
sand2504 -
sand2504 -

85 réponses
Comment savoir si j'ai attrapé un virus sur mon téléphone ?
Infolock -
bell -

66 réponses