Sujet Précédent Sujet Suivant

PC infecté? rapport hijackthis

Fermé
Dom77 - 16 déc. 2008 à 19:21
aziz242 Messages postés 494 Date d'inscription samedi 4 octobre 2008 Statut Membre Dernière intervention 24 septembre 2011 - 17 déc. 2008 à 14:23
Bonjour, je pense avoir un virus, mon ordinateur s'éteint et redémarre tout seul, voici le rapport hijackthis, merci de votre aide.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:52:42, on 16/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\PHILIP~1\VProperty.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe­­
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Aurélie\Mes documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: BoontyBox neuf telecom.lnk.disabled
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Global Startup: AOL 8.0 Icône AOL.lnk.disabled
O4 - Global Startup: AOL Compagnon.lnk.disabled
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/default.aspx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/default.aspx
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab55668.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-fr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{46DE49D4-6A04-4D4E-95C4-779B71406211}: NameServer = 192.168.1.1
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:52:42, on 16/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\PHILIP~1\VProperty.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe­­
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Aurélie\Mes documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: BoontyBox neuf telecom.lnk.disabled
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Global Startup: AOL 8.0 Icône AOL.lnk.disabled
O4 - Global Startup: AOL Compagnon.lnk.disabled
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/default.aspx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/default.aspx
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab55668.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-fr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{46DE49D4-6A04-4D4E-95C4-779B71406211}: NameServer = 192.168.1.1
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
A voir également:

2 réponses

Réponse 1 / 2
aziz242 Messages postés 494 Date d'inscription samedi 4 octobre 2008 Statut Membre Dernière intervention 24 septembre 2011 44
16 déc. 2008 à 19:28
télécharge https://www.clubic.com/telecharger-fiche68496-trojan-remover.html et fait un scan et suprime ton virus
0
Dom77
16 déc. 2008 à 20:02
Merci mais ca ne m'a pas trouvé de virus, voici le rapport :
***** THE SYSTEM HAS BEEN RESTARTED *****
16/12/2008 19:47:38: Trojan Remover has been restarted
=======================================================
Removing the following registry keys:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - already removed (or did not exist)
HKCR\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Ownership taken
HKCR\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - removed
=======================================================
16/12/2008 19:47:53: Trojan Remover closed
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.5.2555. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 19:38:05 16 déc. 2008
Using Database v7227
Operating System: Windows XP SP2 [Windows XP Home Edition Service Pack 2 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\Aurélie\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\Aurélie\Mes documents\Trojan Remover\
Logfile directory: C:\Documents and Settings\Aurélie\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Documents and Settings\Aurélie\Mes documents\Trojan Remover\
Running with Administrator privileges

************************************************************
The following Anti-Malware program(s) are loaded:
Avast! Antivirus

************************************************************


************************************************************
19:38:06: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************************
19:38:06: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************************
19:38:06: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
19:38:12: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037312 bytes
Created: 05/08/2004
Modified: 13/06/2007
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
25088 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: ToUcamVProperty
Value Data: C:\PROGRA~1\PHILIP~1\VProperty.exe
C:\PROGRA~1\PHILIP~1\VProperty.exe
131072 bytes
Created: 25/12/2005
Modified: 02/04/2003
Company: Philips PC Cameras
--------------------
Value Name: avast!
Value Data: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
81000 bytes
Created: 11/11/2007
Modified: 26/11/2008
Company: ALWIL Software
--------------------
Value Name: QuickTime Task
Value Data: "C:\Program Files\QuickTime\qttask.exe" -atboottime
C:\Program Files\QuickTime\qttask.exe
98304 bytes
Created: 31/12/2001
Modified: 31/12/2001
Company: Apple Computer, Inc.
--------------------
Value Name: KernelFaultCheck
Value Data: %systemroot%\system32\dumprep 0 -k
C:\WINDOWS\system32\dumprep.exe
10752 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
75520 bytes
Created: 11/03/2007
Modified: 15/12/2006
Company: Sun Microsystems, Inc.
--------------------
Value Name: TrojanScanner
Value Data: C:\Documents and Settings\Aurélie\Mes documents\Trojan Remover\Trjscan.exe /boot
C:\Documents and Settings\Aurélie\Mes documents\Trojan Remover\Trjscan.exe
1230728 bytes
Created: 16/12/2008
Modified: 10/12/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty

************************************************************
19:38:17: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------

************************************************************
19:38:17: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
19:38:18: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\system32\logon.scr
C:\WINDOWS\system32\logon.scr
221696 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------

************************************************************
19:38:18: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
C:\WINDOWS\INF\wmp11.inf
2441 bytes
Created: 03/11/2006
Modified: 03/11/2006
Company: [no info]
----------

************************************************************
19:38:19: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------

************************************************************
19:38:24: Scanning ----- SERVICES REGISTRY KEYS -----
Key: AmdK7
ImagePath: system32\DRIVERS\amdk7.sys
C:\WINDOWS\system32\DRIVERS\amdk7.sys
41600 bytes
Created: 04/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: aswFsBlk
ImagePath: system32\DRIVERS\aswFsBlk.sys
C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
20560 bytes
Created: 09/04/2008
Modified: 26/11/2008
Company: ALWIL Software
----------
Key: aswUpdSv
ImagePath: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
18752 bytes
Created: 11/11/2007
Modified: 26/11/2008
Company: ALWIL Software
----------
Key: atksgt
ImagePath: system32\DRIVERS\atksgt.sys
C:\WINDOWS\system32\DRIVERS\atksgt.sys
271360 bytes
Created: 03/02/2007
Modified: 03/02/2007
Company: [no info]
----------
Key: avast! Antivirus
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
C:\Program Files\Alwil Software\Avast4\ashServ.exe
155160 bytes
Created: 11/11/2007
Modified: 26/11/2008
Company: ALWIL Software
----------
Key: avast! Mail Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
254040 bytes
Created: 11/11/2007
Modified: 26/11/2008
Company: ALWIL Software
----------
Key: avast! Web Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
352920 bytes
Created: 11/11/2007
Modified: 26/11/2008
Company: ALWIL Software
----------
Key: Boonty Games
ImagePath: "C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
69120 bytes
Created: 01/08/2006
Modified: 01/08/2006
Company: BOONTY
----------
Key: C-DillaCdaC11BA
ImagePath: C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
54784 bytes
Created: 01/08/2006
Modified: 01/08/2006
Company: Macrovision
----------
Key: camvid20
ImagePath: system32\DRIVERS\camdrv21.sys
C:\WINDOWS\system32\DRIVERS\camdrv21.sys
223232 bytes
Created: 25/12/2005
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: CdaC15BA
ImagePath: \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS
C:\WINDOWS\system32\drivers\CdaC15BA.SYS
12464 bytes
Created: 17/07/2006
Modified: 17/07/2006
Company: Macrovision Europe Ltd
----------
Key: CLTNetCnService
ImagePath: "C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [file not found to scan]
----------
Key: eeCtrl
ImagePath: \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys
C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys
395312 bytes
Created: 26/06/2007
Modified: 30/08/2007
Company: Symantec Corporation
----------
Key: fbxusb
ImagePath: system32\DRIVERS\fbxusb32.sys
C:\WINDOWS\system32\DRIVERS\fbxusb32.sys
21344 bytes
Created: 20/10/2004
Modified: 20/10/2004
Company: FreeBox SA
----------
Key: HPZid412
ImagePath: system32\DRIVERS\HPZid412.sys
C:\WINDOWS\system32\DRIVERS\HPZid412.sys
-R- 50960 bytes
Created: 07/07/2005
Modified: 15/02/2002
Company: HP
----------
Key: HPZipr12
ImagePath: system32\DRIVERS\HPZipr12.sys
C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
-R- 16112 bytes
Created: 07/07/2005
Modified: 21/03/2002
Company: HP
----------
Key: HPZius12
ImagePath: system32\DRIVERS\HPZius12.sys
C:\WINDOWS\system32\DRIVERS\HPZius12.sys
-R- 22512 bytes
Created: 07/07/2005
Modified: 08/03/2002
Company: HP
----------
Key: JL2005
ImagePath: System32\Drivers\toywdm.sys
C:\WINDOWS\System32\Drivers\toywdm.sys [file not found to scan]
----------
Key: lirsgt
ImagePath: system32\DRIVERS\lirsgt.sys
C:\WINDOWS\system32\DRIVERS\lirsgt.sys
18048 bytes
Created: 03/02/2007
Modified: 03/02/2007
Company: [no info]
----------
Key: LiveUpdate
ImagePath: "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
2528960 bytes
Created: 24/10/2006
Modified: 08/09/2006
Company: Symantec Corporation
----------
Key: LiveUpdate Notice Ex
ImagePath: "C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [file not found to scan]
----------
Key: LiveUpdate Notice Service
ImagePath: "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll"
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
517768 bytes
Created: 12/03/2007
Modified: 12/03/2007
Company: Symantec Corporation
----------
Key: MR97310_VGA_DUAL_CAMERA
ImagePath: system32\DRIVERS\mr97310v.sys
C:\WINDOWS\system32\DRIVERS\mr97310v.sys [file not found to scan]
----------
Key: ms_mpu401
ImagePath: system32\drivers\msmpu401.sys
C:\WINDOWS\system32\drivers\msmpu401.sys
2944 bytes
Created: 05/07/2005
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: Mtlmnt5
ImagePath: system32\DRIVERS\Mtlmnt5.sys
C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
172708 bytes
Created: 06/07/2005
Modified: 29/11/2001
Company:
----------
Key: Mtlstrm
ImagePath: system32\DRIVERS\Mtlstrm.sys
C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
2383460 bytes
Created: 06/07/2005
Modified: 29/11/2001
Company:
----------
Key: NtMtlFax
ImagePath: system32\DRIVERS\NtMtlFax.sys
C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
607732 bytes
Created: 06/07/2005
Modified: 29/11/2001
Company:
----------
Key: PALLADIA
ImagePath: system32\DRIVERS\usbiad.sys
C:\WINDOWS\system32\DRIVERS\usbiad.sys
31547 bytes
Created: 27/07/2005
Modified: 14/07/2004
Company: Centillium Communications, Inc.
----------
Key: Planificateur LiveUpdate automatique
ImagePath: "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
198336 bytes
Created: 24/10/2006
Modified: 08/09/2006
Company: Symantec Corporation
----------
Key: Pml Driver HPZ12
ImagePath: C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\HPZipm12.exe
-R- 81920 bytes
Created: 07/07/2005
Modified: 15/03/2002
Company: HP
----------
Key: sfdrv01
ImagePath: System32\drivers\sfdrv01.sys
C:\WINDOWS\System32\drivers\sfdrv01.sys
50688 bytes
Created: 10/08/2005
Modified: 10/08/2005
Company: Protection Technology
----------
Key: sfhlp02
ImagePath: System32\drivers\sfhlp02.sys
C:\WINDOWS\System32\drivers\sfhlp02.sys
6656 bytes
Created: 16/05/2005
Modified: 16/05/2005
Company: Protection Technology
----------
Key: Slntamr
ImagePath: system32\DRIVERS\slntamr.sys
C:\WINDOWS\system32\DRIVERS\slntamr.sys
-R- 220432 bytes
Created: 06/07/2005
Modified: 29/01/2002
Company:
----------
Key: SlNtHal
ImagePath: system32\DRIVERS\Slnthal.sys
C:\WINDOWS\system32\DRIVERS\Slnthal.sys
175160 bytes
Created: 06/07/2005
Modified: 29/11/2001
Company:
----------
Key: SLService
ImagePath: slserv.exe
C:\WINDOWS\system32\slserv.exe
45056 bytes
Created: 06/07/2005
Modified: 29/11/2001
Company:
----------
Key: SlWdmSup
ImagePath: system32\DRIVERS\SlWdmSup.sys
C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
-R- 33028 bytes
Created: 06/07/2005
Modified: 29/11/2001
Company: Vireo Software
----------
Key: SQTECH905C
ImagePath: System32\Drivers\Capt905c.sys
C:\WINDOWS\System32\Drivers\Capt905c.sys
647072 bytes
Created: 19/12/2005
Modified: 27/08/2004
Company: Service & Quality Technology.
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{864CE732-8534-4BF6-B774-FD73D7E5D6D4}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: usnjsvc
ImagePath: "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
C:\Program Files\Windows Live\Messenger\usnsvc.exe
98328 bytes
Created: 18/10/2007
Modified: 18/10/2007
Company: Microsoft Corporation
----------
Key: V90drv
ImagePath: system32\DRIVERS\v90drv.sys
C:\WINDOWS\system32\DRIVERS\v90drv.sys
1432836 bytes
Created: 06/07/2005
Modified: 29/11/2001
Company:
----------
Key: viaagp
ImagePath: system32\DRIVERS\viaagp.sys
C:\WINDOWS\system32\DRIVERS\viaagp.sys
42240 bytes
Created: 05/07/2005
Modified: 04/08/2004
Company: Microsoft Corporation
----------
Key: viaagp1
ImagePath: system32\DRIVERS\viaagp1.sys
C:\WINDOWS\system32\DRIVERS\viaagp1.sys
27904 bytes
Created: 02/07/2003
Modified: 06/07/2005
Company: VIA Technologies, Inc.
----------
Key: VIAudio
ImagePath: system32\drivers\vinyl97.sys
C:\WINDOWS\system32\drivers\vinyl97.sys
179968 bytes
Created: 08/04/2005
Modified: 06/07/2005
Company: VIA Technologies, Inc.
----------
Key: WlanUIG
ImagePath: system32\DRIVERS\WlanUIG.sys
C:\WINDOWS\system32\DRIVERS\WlanUIG.sys
379456 bytes
Created: 15/07/2008
Modified: 15/07/2008
Company: Conexant Systems, Inc.
----------
Key: WLSetupSvc
ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
266240 bytes
Created: 25/10/2007
Modified: 25/10/2007
Company: Microsoft Corporation
----------

************************************************************
19:38:45: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:
C:\WINDOWS\system32\JAVASUP.VXD
7315 bytes
Created: 03/08/2005
Modified: 28/02/2003
Company: [no info]
VxD Key = JAVASUP
----------
----------

************************************************************
19:38:45: Scanning ----- WINLOGON\NOTIFY DLLS -----

************************************************************
19:38:46: Scanning ----- CONTEXTMENUHANDLERS -----
Key: avast
CLSID: {472083B0-C522-11CF-8763-00608CC02F24}
Path: C:\Program Files\Alwil Software\Avast4\ashShell.dll
C:\Program Files\Alwil Software\Avast4\ashShell.dll
76880 bytes
Created: 11/11/2007
Modified: 26/11/2008
Company: ALWIL Software
----------
Key: Trojan Remover
CLSID: {52B87208-9CCF-42C9-B88E-069281105805}
Path: C:\DOCUME~1\AURLIE~1\MESDOC~1\TROJAN~1\Trshlex.dll
C:\DOCUME~1\AURLIE~1\MESDOC~1\TROJAN~1\Trshlex.dll
467552 bytes
Created: 16/12/2008
Modified: 05/02/2007
Company: Simply Super Software
----------

************************************************************
19:38:47: Scanning ----- FOLDER\COLUMNHANDLERS -----

************************************************************
19:38:47: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - this BHO was being loaded by the following key:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - this key has been removed [file not found to scan]
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - this BHO is referenced by the following key:
HKEY_CLASSES_ROOT\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Trojan Remover was unable to remove this key
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
440056 bytes
Created: 15/12/2006
Modified: 15/12/2006
Company: Sun Microsystems, Inc.
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
328752 bytes
Created: 20/09/2007
Modified: 20/09/2007
Company: Microsoft Corporation
----------
Key: {9394EDE7-C8B5-483E-8773-474BF36AF6E4}
BHO: C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
155648 bytes
Created: 04/10/2005
Modified: 13/08/2004
Company: Microsoft Corporation
----------
Key: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
BHO: C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
282624 bytes
Created: 09/02/2006
Modified: 17/01/2006
Company: Microsoft Corporation
----------

************************************************************
19:39:33: Scanning ----- SHELLSERVICEOBJECTS -----

************************************************************
19:39:33: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
19:39:33: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
19:39:33: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist

************************************************************
19:39:35: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
19:39:36: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL 8.0 Icône AOL.lnk.disabled
730 bytes
Created: 09/07/2005
Modified: 09/07/2005
Company: [no info]
--------------------
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AOL Compagnon.lnk.disabled
1646 bytes
Created: 31/12/2001
Modified: 20/08/2005
Company: [no info]
--------------------
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 05/07/2005
Modified: 05/07/2005
Company: [no info]
--------------------
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
323646 bytes
Created: 11/06/2002
Modified: 11/06/2002
Company: Hewlett-Packard Co.
hp psc 2000 Series.lnk - links to C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
--------------------
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk.disabled
1757 bytes
Created: 14/07/2008
Modified: 14/07/2008
Company: [no info]
--------------------
C:\Program Files\Microsoft Office\Office\OSA9.EXE
65588 bytes
Created: 17/02/1999
Modified: 17/02/1999
Company: Microsoft Corporation
Microsoft Office.lnk - links to C:\Program Files\Microsoft Office\Office\OSA9.EXE
--------------------
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
147456 bytes
Created: 11/06/2002
Modified: 11/06/2002
Company: Hewlett-Packard Co.
officejet 6100.lnk - links to C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
--------------------

************************************************************
No User Startup Groups were located to check

************************************************************
19:39:38: Scanning ----- SCHEDULED TASKS -----
Taskname: FRU Task #Hewlett-Packard#hp psc 2200 series#1120754494.job
File: C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
61440 bytes
Created: 11/06/2002
Modified: 11/06/2002
Company:
Parameters: -I "#Hewlett-Packard#hp psc 2200 series#1120754494"
Next Run Time: 17/12/2008 18:42:00
Status: La tâche n'a pas encore été exécutée
Creator: prevost
Comments: [blank]
----------
Taskname: WebReg 20050707184256.job
File: C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqwrg.exe
53248 bytes
Created: 18/04/2002
Modified: 18/04/2002
Company: Hewlett-Packard
Parameters: /TaskName 20050707184256 /N "psc 2210v" /M C8660A /S MY27ND10T90G
Next Run Time: 17/12/2008 18:42:00
Status: La tâche n'a pas encore été exécutée
Creator: prevost
Comments: [blank]
----------

************************************************************
19:39:39: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
19:39:39: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Aurélie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Aurélie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
1501834 bytes
Created: 02/08/2008
Modified: 03/12/2008
Company: [no info]
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Aurélie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
1501834 bytes
Created: 02/08/2008
Modified: 03/12/2008
Company: [no info]
----------
Checks for rogue DNS NameServers completed
----------
Additional checks completed

************************************************************
19:39:41: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe - file already scanned
--------------------
C:\Program Files\Alwil Software\Avast4\ashServ.exe - file already scanned
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
C:\PROGRA~1\PHILIP~1\VProperty.exe - file already scanned
--------------------
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe - file already scanned
--------------------
C:\Program Files\QuickTime\qttask.exe - file already scanned
--------------------
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe - file already scanned
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
--------------------
C:\WINDOWS\system32\drivers\CDAC11BA.EXE - file already scanned
--------------------
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe - file already scanned
--------------------
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
--------------------
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
--------------------
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
--------------------
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe - file already scanned
--------------------
C:\WINDOWS\system32\slserv.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
--------------------
C:\Program Files\Messenger\msmsgs.exe
--------------------
C:\WINDOWS\system32\HPZipm12.exe - file already scanned
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe - file already scanned
--------------------
C:\WINDOWS\system32\wuauclt.exe
--------------------
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
--------------------
C:\Program Files\Internet Explorer\iexplore.exe
--------------------
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
--------------------
C:\Documents and Settings\Aurélie\Application Data\Simply Super Software\Trojan Remover\dls2.exe
FileSize: 2884472
[This is a Trojan Remover component]
--------------------
C:\WINDOWS\system32\wscntfy.exe
--------------------

************************************************************
19:39:51: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

************************************************************
19:39:51: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

************************************************************
19:39:52: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.free.fr/freebox/index.html
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.bing.com/spresults.aspx
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=isearch

************************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
Scan completed at: 19:39:52 16 déc. 2008
Total Scan time: 00:01:46
-------------------------------------------------------------------------
One or more files could not be moved or renamed as requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
16/12/2008 19:40:02: restart commenced
************************************************************




par contre depuis j'ai des fenetres "microsoft windows" qui n'arretent pas d'apparaitre : "le systeme a recupéré d'une erreur serieuse" ...
0
Réponse 2 / 2
aziz242 Messages postés 494 Date d'inscription samedi 4 octobre 2008 Statut Membre Dernière intervention 24 septembre 2011 44
17 déc. 2008 à 14:23
telecharge https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
0