Se connecter avec
S'enregistrer | Connectez-vous

virus Rootkit.Win32.Agent.P

Dernière réponse : dans Sécurité
Lassé par la pub ? Créez un compte

comme tu me le conceille voila ce fameu rapport dont tous le monde parle dans les forum sur les virus

Logfile of HijackThis v1.99.1
Scan saved at 20:40:13, on 26/07/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\SYSTEM32\DNTUS26.EXE
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\SYSTEM32\DWRCST.exe
C:\WINNT\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\USISrv.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\tcaa\aean.exe
C:\Program Files\epson\EPSON CardMonitor\EPSON CardMonitor1.2.exe
C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
C:\WINNT\explorer.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\moi\Bureau\dossier non utilise\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: IEHlprObj Class - {F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - LineAudio.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Fichiers communs\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [TerraTec Remote Control] C:\Program Files\Fichiers communs\TerraTec\Remote\TTTVRC.exe
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [Configuration32 Loader32] winamp32.exe
O4 - HKLM\..\Run: [StartupLog] wmfdng.exe
O4 - HKLM\..\Run: [Whitechix] brightx.exe
O4 - HKLM\..\Run: [Microsoft xpsp2] Networksystem.exe
O4 - HKLM\..\Run: [Hollaback] slvhosts.exe
O4 - HKLM\..\Run: [Vsample] winxpsock.exe
O4 - HKLM\..\Run: [services6] c:\WINNT\system32\drivers\start.bat
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Login Screen Saver] login.scr
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Services] C:\system.exe
O4 - HKLM\..\RunServices: [Magicke] sexfeqa.exe
O4 - HKLM\..\RunServices: [Voidier] bvbxcvsd.exe
O4 - HKLM\..\RunServices: [TmNetDriver Monitor] exbce.exe
O4 - HKLM\..\RunServices: [Configuration32 Loader32] winamp32.exe
O4 - HKLM\..\RunServices: [cvxvdsfw] vasdfd.exe
O4 - HKLM\..\RunServices: [dwqdwq] bfbsdd.exe
O4 - HKLM\..\RunServices: [GSeries] boulze.exe
O4 - HKLM\..\RunServices: [Whitechix] brightx.exe
O4 - HKLM\..\RunServices: [DownNow] downite.exe
O4 - HKLM\..\RunServices: [SoilSouth] Saxcas.exe
O4 - HKLM\..\RunServices: [Hollaback] slvhosts.exe
O4 - HKLM\..\RunServices: [Vsample] winxpsock.exe
O4 - HKLM\..\RunServices: [Screen Saver] SCRNSA~1.SCR
O4 - HKLM\..\RunServices: [MS Screen Saver] scrsave.scr
O4 - HKLM\..\RunServices: [Martini] pinmart.exe
O4 - HKLM\..\RunServices: [sayimici] yujixit.exe
O4 - HKLM\..\RunServices: [Loading] gates32.exe
O4 - HKLM\..\RunServices: [uneri] yujixit.exe
O4 - HKLM\..\RunServices: [services6] c:\WINNT\system32\drivers\start.bat
O4 - HKLM\..\RunServices: [Login Screen Saver] login.scr
O4 - HKLM\..\RunServices: [Windows spoolservr Service] spoolservr.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Magicke] sexfeqa.exe
O4 - HKCU\..\Run: [Voidier] bvbxcvsd.exe
O4 - HKCU\..\Run: [cvxvdsfw] vasdfd.exe
O4 - HKCU\..\Run: [dwqdwq] bfbsdd.exe
O4 - HKCU\..\Run: [TmNetDriver Monitor] exbce.exe
O4 - HKCU\..\Run: [Configuration32 Loader32] winamp32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [GSeries] boulze.exe
O4 - HKCU\..\Run: [Whitechix] brightx.exe
O4 - HKCU\..\Run: [DownNow] downite.exe
O4 - HKCU\..\Run: [Uzza] C:\WINNT\system32\??plorer.exe
O4 - HKCU\..\Run: [SoilSouth] Saxcas.exe
O4 - HKCU\..\Run: [Hollaback] slvhosts.exe
O4 - HKCU\..\Run: [Vsample] winxpsock.exe
O4 - HKCU\..\Run: [uneri] yujixit.exe
O4 - HKCU\..\Run: [Login Screen Saver] login.scr
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Aecs] C:\Program Files\tcaa\aean.exe
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Program Files\epson\EPSON CardMonitor\EPSON CardMonitor1.2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAID Manager.lnk = C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall...
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare NT Utilities 2.6 (DNTUS26) - DameWare Development LLC - C:\WINNT\SYSTEM32\DNTUS26.EXE
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Labs - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Windows Configuration Loader - Unknown owner - C:\WINNT\svchost.exe

La vie de famille est peut compatible avec la pratique de l'informatique surtout equipe depuis peut je ne serait de retour que dans 1h a 1h30 en tous cas merci d'avance d'avance a ceux qui voudront bien m'aider a ressoudre mon ou mes probleme.
bon appetit

bonsoir esteban54 je crois que c'est un peut le bordel je viens de passer ad-aware se personnal et spybot and destroy et voila le nouveau rapport
une question est-ce que kaspersky a un firewall


Logfile of HijackThis v1.99.1
Scan saved at 21:40:39, on 26/07/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\SYSTEM32\DNTUS26.EXE
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\SYSTEM32\DWRCST.exe
C:\WINNT\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\USISrv.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\tcaa\aean.exe
C:\Program Files\epson\EPSON CardMonitor\EPSON CardMonitor1.2.exe
C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
C:\WINNT\explorer.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\moi\Bureau\dossier non utilise\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: IEHlprObj Class - {F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - LineAudio.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Fichiers communs\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [TerraTec Remote Control] C:\Program Files\Fichiers communs\TerraTec\Remote\TTTVRC.exe
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [Configuration32 Loader32] winamp32.exe
O4 - HKLM\..\Run: [StartupLog] wmfdng.exe
O4 - HKLM\..\Run: [Whitechix] brightx.exe
O4 - HKLM\..\Run: [Microsoft xpsp2] Networksystem.exe
O4 - HKLM\..\Run: [Hollaback] slvhosts.exe
O4 - HKLM\..\Run: [Vsample] winxpsock.exe
O4 - HKLM\..\Run: [services6] c:\WINNT\system32\drivers\start.bat
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Login Screen Saver] login.scr
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Services] C:\system.exe
O4 - HKLM\..\RunServices: [Magicke] sexfeqa.exe
O4 - HKLM\..\RunServices: [Voidier] bvbxcvsd.exe
O4 - HKLM\..\RunServices: [TmNetDriver Monitor] exbce.exe
O4 - HKLM\..\RunServices: [Configuration32 Loader32] winamp32.exe
O4 - HKLM\..\RunServices: [cvxvdsfw] vasdfd.exe
O4 - HKLM\..\RunServices: [dwqdwq] bfbsdd.exe
O4 - HKLM\..\RunServices: [GSeries] boulze.exe
O4 - HKLM\..\RunServices: [Whitechix] brightx.exe
O4 - HKLM\..\RunServices: [DownNow] downite.exe
O4 - HKLM\..\RunServices: [SoilSouth] Saxcas.exe
O4 - HKLM\..\RunServices: [Hollaback] slvhosts.exe
O4 - HKLM\..\RunServices: [Vsample] winxpsock.exe
O4 - HKLM\..\RunServices: [Screen Saver] SCRNSA~1.SCR
O4 - HKLM\..\RunServices: [MS Screen Saver] scrsave.scr
O4 - HKLM\..\RunServices: [Martini] pinmart.exe
O4 - HKLM\..\RunServices: [sayimici] yujixit.exe
O4 - HKLM\..\RunServices: [Loading] gates32.exe
O4 - HKLM\..\RunServices: [uneri] yujixit.exe
O4 - HKLM\..\RunServices: [services6] c:\WINNT\system32\drivers\start.bat
O4 - HKLM\..\RunServices: [Login Screen Saver] login.scr
O4 - HKLM\..\RunServices: [Windows spoolservr Service] spoolservr.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Magicke] sexfeqa.exe
O4 - HKCU\..\Run: [Voidier] bvbxcvsd.exe
O4 - HKCU\..\Run: [cvxvdsfw] vasdfd.exe
O4 - HKCU\..\Run: [dwqdwq] bfbsdd.exe
O4 - HKCU\..\Run: [TmNetDriver Monitor] exbce.exe
O4 - HKCU\..\Run: [Configuration32 Loader32] winamp32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [GSeries] boulze.exe
O4 - HKCU\..\Run: [Whitechix] brightx.exe
O4 - HKCU\..\Run: [DownNow] downite.exe
O4 - HKCU\..\Run: [Uzza] C:\WINNT\system32\??plorer.exe
O4 - HKCU\..\Run: [SoilSouth] Saxcas.exe
O4 - HKCU\..\Run: [Hollaback] slvhosts.exe
O4 - HKCU\..\Run: [Vsample] winxpsock.exe
O4 - HKCU\..\Run: [uneri] yujixit.exe
O4 - HKCU\..\Run: [Login Screen Saver] login.scr
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Aecs] C:\Program Files\tcaa\aean.exe
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Program Files\epson\EPSON CardMonitor\EPSON CardMonitor1.2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAID Manager.lnk = C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall...
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare NT Utilities 2.6 (DNTUS26) - DameWare Development LLC - C:\WINNT\SYSTEM32\DNTUS26.EXE
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Labs - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Windows Configuration Loader - Unknown owner - C:\WINNT\svchost.exe

ok je viens de refaire ad-aware et spybot je terenvois mon rapport mais faut-il mettre les fichier sur ad-aware forcement en quarantaine car je ne le faisai jamais


Logfile of HijackThis v1.99.1
Scan saved at 22:15:01, on 26/07/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\SYSTEM32\DNTUS26.EXE
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINNT\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SYSTEM32\DWRCST.exe
C:\WINNT\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\USISrv.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\??plorer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\tcaa\aean.exe
C:\Program Files\epson\EPSON CardMonitor\EPSON CardMonitor1.2.exe
C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\moi\Bureau\dossier non utilise\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: IEHlprObj Class - {F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - LineAudio.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Fichiers communs\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [TerraTec Remote Control] C:\Program Files\Fichiers communs\TerraTec\Remote\TTTVRC.exe
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [Configuration32 Loader32] winamp32.exe
O4 - HKLM\..\Run: [StartupLog] wmfdng.exe
O4 - HKLM\..\Run: [Whitechix] brightx.exe
O4 - HKLM\..\Run: [Microsoft xpsp2] Networksystem.exe
O4 - HKLM\..\Run: [Hollaback] slvhosts.exe
O4 - HKLM\..\Run: [Vsample] winxpsock.exe
O4 - HKLM\..\Run: [services6] c:\WINNT\system32\drivers\start.bat
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Login Screen Saver] login.scr
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Services] C:\system.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [Magicke] sexfeqa.exe
O4 - HKLM\..\RunServices: [Voidier] bvbxcvsd.exe
O4 - HKLM\..\RunServices: [TmNetDriver Monitor] exbce.exe
O4 - HKLM\..\RunServices: [Configuration32 Loader32] winamp32.exe
O4 - HKLM\..\RunServices: [cvxvdsfw] vasdfd.exe
O4 - HKLM\..\RunServices: [dwqdwq] bfbsdd.exe
O4 - HKLM\..\RunServices: [GSeries] boulze.exe
O4 - HKLM\..\RunServices: [Whitechix] brightx.exe
O4 - HKLM\..\RunServices: [DownNow] downite.exe
O4 - HKLM\..\RunServices: [SoilSouth] Saxcas.exe
O4 - HKLM\..\RunServices: [Hollaback] slvhosts.exe
O4 - HKLM\..\RunServices: [Vsample] winxpsock.exe
O4 - HKLM\..\RunServices: [Screen Saver] SCRNSA~1.SCR
O4 - HKLM\..\RunServices: [MS Screen Saver] scrsave.scr
O4 - HKLM\..\RunServices: [Martini] pinmart.exe
O4 - HKLM\..\RunServices: [sayimici] yujixit.exe
O4 - HKLM\..\RunServices: [Loading] gates32.exe
O4 - HKLM\..\RunServices: [uneri] yujixit.exe
O4 - HKLM\..\RunServices: [services6] c:\WINNT\system32\drivers\start.bat
O4 - HKLM\..\RunServices: [Login Screen Saver] login.scr
O4 - HKLM\..\RunServices: [Windows spoolservr Service] spoolservr.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Magicke] sexfeqa.exe
O4 - HKCU\..\Run: [Voidier] bvbxcvsd.exe
O4 - HKCU\..\Run: [cvxvdsfw] vasdfd.exe
O4 - HKCU\..\Run: [dwqdwq] bfbsdd.exe
O4 - HKCU\..\Run: [TmNetDriver Monitor] exbce.exe
O4 - HKCU\..\Run: [Configuration32 Loader32] winamp32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [GSeries] boulze.exe
O4 - HKCU\..\Run: [Whitechix] brightx.exe
O4 - HKCU\..\Run: [DownNow] downite.exe
O4 - HKCU\..\Run: [Uzza] C:\WINNT\system32\??plorer.exe
O4 - HKCU\..\Run: [SoilSouth] Saxcas.exe
O4 - HKCU\..\Run: [Hollaback] slvhosts.exe
O4 - HKCU\..\Run: [Vsample] winxpsock.exe
O4 - HKCU\..\Run: [uneri] yujixit.exe
O4 - HKCU\..\Run: [Login Screen Saver] login.scr
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Aecs] C:\Program Files\tcaa\aean.exe
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Program Files\epson\EPSON CardMonitor\EPSON CardMonitor1.2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAID Manager.lnk = C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall...
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare NT Utilities 2.6 (DNTUS26) - DameWare Development LLC - C:\WINNT\SYSTEM32\DNTUS26.EXE
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Labs - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Configuration Loader - Unknown owner - C:\WINNT\svchost.exe

je viens de passer ccleaner que je viens de telecharger et j'ai installer zone alarme je remerci alessio et esteban54 pour leur aide et je poste un mouvaeu rapport si quelqu'un peur m'aider merci beaucoup

sur ce bonne nuit a tous


Logfile of HijackThis v1.99.1
Scan saved at 23:48:42, on 26/07/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\SYSTEM32\DNTUS26.EXE
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\SYSTEM32\DWRCST.exe
C:\WINNT\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\USISrv.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\tcaa\aean.exe
C:\Program Files\epson\EPSON CardMonitor\EPSON CardMonitor1.2.exe
C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
C:\WINNT\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\moi\Bureau\dossier non utilise\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: IEHlprObj Class - {F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - LineAudio.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Fichiers communs\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [TerraTec Remote Control] C:\Program Files\Fichiers communs\TerraTec\Remote\TTTVRC.exe
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [Configuration32 Loader32] winamp32.exe
O4 - HKLM\..\Run: [StartupLog] wmfdng.exe
O4 - HKLM\..\Run: [Whitechix] brightx.exe
O4 - HKLM\..\Run: [Microsoft xpsp2] Networksystem.exe
O4 - HKLM\..\Run: [Hollaback] slvhosts.exe
O4 - HKLM\..\Run: [Vsample] winxpsock.exe
O4 - HKLM\..\Run: [services6] c:\WINNT\system32\drivers\start.bat
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Login Screen Saver] login.scr
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Services] C:\system.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [Magicke] sexfeqa.exe
O4 - HKLM\..\RunServices: [Voidier] bvbxcvsd.exe
O4 - HKLM\..\RunServices: [TmNetDriver Monitor] exbce.exe
O4 - HKLM\..\RunServices: [Configuration32 Loader32] winamp32.exe
O4 - HKLM\..\RunServices: [cvxvdsfw] vasdfd.exe
O4 - HKLM\..\RunServices: [dwqdwq] bfbsdd.exe
O4 - HKLM\..\RunServices: [GSeries] boulze.exe
O4 - HKLM\..\RunServices: [Whitechix] brightx.exe
O4 - HKLM\..\RunServices: [DownNow] downite.exe
O4 - HKLM\..\RunServices: [SoilSouth] Saxcas.exe
O4 - HKLM\..\RunServices: [Hollaback] slvhosts.exe
O4 - HKLM\..\RunServices: [Vsample] winxpsock.exe
O4 - HKLM\..\RunServices: [Screen Saver] SCRNSA~1.SCR
O4 - HKLM\..\RunServices: [MS Screen Saver] scrsave.scr
O4 - HKLM\..\RunServices: [Martini] pinmart.exe
O4 - HKLM\..\RunServices: [sayimici] yujixit.exe
O4 - HKLM\..\RunServices: [Loading] gates32.exe
O4 - HKLM\..\RunServices: [uneri] yujixit.exe
O4 - HKLM\..\RunServices: [services6] c:\WINNT\system32\drivers\start.bat
O4 - HKLM\..\RunServices: [Login Screen Saver] login.scr
O4 - HKLM\..\RunServices: [Windows spoolservr Service] spoolservr.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Magicke] sexfeqa.exe
O4 - HKCU\..\Run: [Voidier] bvbxcvsd.exe
O4 - HKCU\..\Run: [cvxvdsfw] vasdfd.exe
O4 - HKCU\..\Run: [dwqdwq] bfbsdd.exe
O4 - HKCU\..\Run: [TmNetDriver Monitor] exbce.exe
O4 - HKCU\..\Run: [Configuration32 Loader32] winamp32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [GSeries] boulze.exe
O4 - HKCU\..\Run: [Whitechix] brightx.exe
O4 - HKCU\..\Run: [DownNow] downite.exe
O4 - HKCU\..\Run: [Uzza] C:\WINNT\system32\??plorer.exe
O4 - HKCU\..\Run: [SoilSouth] Saxcas.exe
O4 - HKCU\..\Run: [Hollaback] slvhosts.exe
O4 - HKCU\..\Run: [Vsample] winxpsock.exe
O4 - HKCU\..\Run: [uneri] yujixit.exe
O4 - HKCU\..\Run: [Login Screen Saver] login.scr
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Aecs] C:\Program Files\tcaa\aean.exe
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Program Files\epson\EPSON CardMonitor\EPSON CardMonitor1.2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAID Manager.lnk = C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall...
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare NT Utilities 2.6 (DNTUS26) - DameWare Development LLC - C:\WINNT\SYSTEM32\DNTUS26.EXE
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Labs - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: Windows Configuration Loader - Unknown owner - C:\WINNT\svchost.exe

1/ Télécharge a-squared Free (a² Free) : http://www.emsisoft.net/fr/software/download/
installe et mets à jour

2/ Mets à jour ad-aware SE et Spybot Search and Destroy si tu l'as pas déjà fait

3/ Redémarre en mode sans échec en tapotant sur la touche F8 (ou F5 selon le PC) au démarrage

4/ Lance un scan de a-squared Free, puis supprime tout ce qu'il trouve
idem avec ad-aware SE (à la fin du scan, clic sur Next puis clic droit dans la fenêtre et Select All Objects puis Next puis OK)
idem avec Spybot Search and Destroy (clic sur Corriger les problèmes à la fin du scan)

5/ Redémarre normalement

6/ Fais un scan en ligne sur Panda >>ici<<

7/ Colle son rapport ici avec un nouveau log HijackThis

8/ Ensuite on fera le ménage à la main...

impossible de faire lescan avec panda il me dit erreur lors du telechargement mem avec kaspersky desactive.J'ai par contre fait le demarrage sans echec ect...

je remet mon nouveau rapport merci a celui ou celle qui voudrat bien m'aider

Logfile of HijackThis v1.99.1
Scan saved at 20:53:29, on 27/07/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\SYSTEM32\DNTUS26.EXE
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\mousecrm.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\1E.tmp
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\USISrv.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\a2\a2guard.exe
C:\Program Files\epson\EPSON CardMonitor\EPSON CardMonitor1.2.exe
C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\moi\Bureau\dossier non utilise\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: IEHlprObj Class - {F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - LineAudio.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Fichiers communs\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [TerraTec Remote Control] C:\Program Files\Fichiers communs\TerraTec\Remote\TTTVRC.exe
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [Configuration32 Loader32] winamp32.exe
O4 - HKLM\..\Run: [StartupLog] wmfdng.exe
O4 - HKLM\..\Run: [Whitechix] brightx.exe
O4 - HKLM\..\Run: [Microsoft xpsp2] Networksystem.exe
O4 - HKLM\..\Run: [Hollaback] slvhosts.exe
O4 - HKLM\..\Run: [Vsample] winxpsock.exe
O4 - HKLM\..\Run: [services6] c:\WINNT\system32\drivers\start.bat
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Login Screen Saver] login.scr
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Services] C:\WINNT\system32\1E.tmp
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [Magicke] sexfeqa.exe
O4 - HKLM\..\RunServices: [Voidier] bvbxcvsd.exe
O4 - HKLM\..\RunServices: [TmNetDriver Monitor] exbce.exe
O4 - HKLM\..\RunServices: [Configuration32 Loader32] winamp32.exe
O4 - HKLM\..\RunServices: [cvxvdsfw] vasdfd.exe
O4 - HKLM\..\RunServices: [dwqdwq] bfbsdd.exe
O4 - HKLM\..\RunServices: [GSeries] boulze.exe
O4 - HKLM\..\RunServices: [Whitechix] brightx.exe
O4 - HKLM\..\RunServices: [DownNow] downite.exe
O4 - HKLM\..\RunServices: [SoilSouth] Saxcas.exe
O4 - HKLM\..\RunServices: [Hollaback] slvhosts.exe
O4 - HKLM\..\RunServices: [Vsample] winxpsock.exe
O4 - HKLM\..\RunServices: [Screen Saver] SCRNSA~1.SCR
O4 - HKLM\..\RunServices: [MS Screen Saver] scrsave.scr
O4 - HKLM\..\RunServices: [Martini] pinmart.exe
O4 - HKLM\..\RunServices: [sayimici] yujixit.exe
O4 - HKLM\..\RunServices: [Loading] gates32.exe
O4 - HKLM\..\RunServices: [uneri] yujixit.exe
O4 - HKLM\..\RunServices: [services6] c:\WINNT\system32\drivers\start.bat
O4 - HKLM\..\RunServices: [Login Screen Saver] login.scr
O4 - HKLM\..\RunServices: [Windows spoolservr Service] spoolservr.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Magicke] sexfeqa.exe
O4 - HKCU\..\Run: [Voidier] bvbxcvsd.exe
O4 - HKCU\..\Run: [cvxvdsfw] vasdfd.exe
O4 - HKCU\..\Run: [dwqdwq] bfbsdd.exe
O4 - HKCU\..\Run: [TmNetDriver Monitor] exbce.exe
O4 - HKCU\..\Run: [Configuration32 Loader32] winamp32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [GSeries] boulze.exe
O4 - HKCU\..\Run: [Whitechix] brightx.exe
O4 - HKCU\..\Run: [DownNow] downite.exe
O4 - HKCU\..\Run: [Uzza] C:\WINNT\system32\??plorer.exe
O4 - HKCU\..\Run: [SoilSouth] Saxcas.exe
O4 - HKCU\..\Run: [Hollaback] slvhosts.exe
O4 - HKCU\..\Run: [Vsample] winxpsock.exe
O4 - HKCU\..\Run: [uneri] yujixit.exe
O4 - HKCU\..\Run: [Login Screen Saver] login.scr
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Aecs] C:\Program Files\tcaa\aean.exe
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Program Files\epson\EPSON CardMonitor\EPSON CardMonitor1.2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAID Manager.lnk = C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare NT Utilities 2.6 (DNTUS26) - DameWare Development LLC - C:\WINNT\SYSTEM32\DNTUS26.EXE
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Labs - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Mouse Cursor Monitor (mousecrm) - Unknown owner - C:\WINNT\system32\mousecrm.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

Bonsoir,

Continu se que hardware te dit mais execute s'est tâches :

Vu l'état de ton infection, je pense que tous reprendre à zero est nécessaire.

1) Va éffectué toutes les manips faites par Cyrrus ici

2) Lorsque les scans antivirus en ligne te seront proposé, choisi celui de trend micro.

3) Après avoir fait toutes ses manips, ré-éxécute les en mode sans échec, avec un autre scan a²Free

4) Je sai que s'est long mais s'est pour la santé de ton pc, ensuite reposte encore un autre rapport hijackthis, il sera plus simple a interprété.

me revoila avec du nouveau apres les scan en ligne qui non rien donner,ad-aware en mode sans echec qui ne trouve rien,a2free qui trouve 2 fichiers infectes,j'ai du redemarrer la machine 3 fois pour recupere mes icones et un ecran tout bleu c'est beaucoup moins sympa a regarder.

voici mon nouveau rapport

Logfile of HijackThis v1.99.1
Scan saved at 22:50:39, on 27/07/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\SYSTEM32\DNTUS26.EXE
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\mousecrm.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\USISrv.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\a2\a2guard.exe
C:\Program Files\epson\EPSON CardMonitor\EPSON CardMonitor1.2.exe
C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
C:\WINNT\system32\6.tmp
C:\Documents and Settings\moi\Bureau\dossier non utilise\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: IEHlprObj Class - {F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - LineAudio.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Fichiers communs\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [TerraTec Remote Control] C:\Program Files\Fichiers communs\TerraTec\Remote\TTTVRC.exe
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [Configuration32 Loader32] winamp32.exe
O4 - HKLM\..\Run: [StartupLog] wmfdng.exe
O4 - HKLM\..\Run: [Whitechix] brightx.exe
O4 - HKLM\..\Run: [Microsoft xpsp2] Networksystem.exe
O4 - HKLM\..\Run: [Hollaback] slvhosts.exe
O4 - HKLM\..\Run: [Vsample] winxpsock.exe
O4 - HKLM\..\Run: [services6] c:\WINNT\system32\drivers\start.bat
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Login Screen Saver] login.scr
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Services] C:\WINNT\system32\6.tmp
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [Magicke] sexfeqa.exe
O4 - HKLM\..\RunServices: [Voidier] bvbxcvsd.exe
O4 - HKLM\..\RunServices: [TmNetDriver Monitor] exbce.exe
O4 - HKLM\..\RunServices: [Configuration32 Loader32] winamp32.exe
O4 - HKLM\..\RunServices: [cvxvdsfw] vasdfd.exe
O4 - HKLM\..\RunServices: [dwqdwq] bfbsdd.exe
O4 - HKLM\..\RunServices: [GSeries] boulze.exe
O4 - HKLM\..\RunServices: [Whitechix] brightx.exe
O4 - HKLM\..\RunServices: [DownNow] downite.exe
O4 - HKLM\..\RunServices: [SoilSouth] Saxcas.exe
O4 - HKLM\..\RunServices: [Hollaback] slvhosts.exe
O4 - HKLM\..\RunServices: [Vsample] winxpsock.exe
O4 - HKLM\..\RunServices: [Screen Saver] SCRNSA~1.SCR
O4 - HKLM\..\RunServices: [MS Screen Saver] scrsave.scr
O4 - HKLM\..\RunServices: [Martini] pinmart.exe
O4 - HKLM\..\RunServices: [sayimici] yujixit.exe
O4 - HKLM\..\RunServices: [Loading] gates32.exe
O4 - HKLM\..\RunServices: [uneri] yujixit.exe
O4 - HKLM\..\RunServices: [services6] c:\WINNT\system32\drivers\start.bat
O4 - HKLM\..\RunServices: [Login Screen Saver] login.scr
O4 - HKLM\..\RunServices: [Windows spoolservr Service] spoolservr.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Magicke] sexfeqa.exe
O4 - HKCU\..\Run: [Voidier] bvbxcvsd.exe
O4 - HKCU\..\Run: [cvxvdsfw] vasdfd.exe
O4 - HKCU\..\Run: [dwqdwq] bfbsdd.exe
O4 - HKCU\..\Run: [TmNetDriver Monitor] exbce.exe
O4 - HKCU\..\Run: [Configuration32 Loader32] winamp32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [GSeries] boulze.exe
O4 - HKCU\..\Run: [Whitechix] brightx.exe
O4 - HKCU\..\Run: [DownNow] downite.exe
O4 - HKCU\..\Run: [Uzza] C:\WINNT\system32\??plorer.exe
O4 - HKCU\..\Run: [SoilSouth] Saxcas.exe
O4 - HKCU\..\Run: [Hollaback] slvhosts.exe
O4 - HKCU\..\Run: [Vsample] winxpsock.exe
O4 - HKCU\..\Run: [uneri] yujixit.exe
O4 - HKCU\..\Run: [Login Screen Saver] login.scr
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Aecs] C:\Program Files\tcaa\aean.exe
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Program Files\epson\EPSON CardMonitor\EPSON CardMonitor1.2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAID Manager.lnk = C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare NT Utilities 2.6 (DNTUS26) - DameWare Development LLC - C:\WINNT\SYSTEM32\DNTUS26.EXE
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Labs - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Mouse Cursor Monitor (mousecrm) - Unknown owner - C:\WINNT\system32\mousecrm.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

merci

pas de virus pour les scan en ligne rien pour ad-aware en mode sans echec a2free trouve deux fichier infectes

voici mon nouveau rapport merci

Logfile of HijackThis v1.99.1
Scan saved at 22:50:39, on 27/07/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\SYSTEM32\DNTUS26.EXE
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\mousecrm.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\USISrv.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\a2\a2guard.exe
C:\Program Files\epson\EPSON CardMonitor\EPSON CardMonitor1.2.exe
C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
C:\WINNT\system32\6.tmp
C:\Documents and Settings\moi\Bureau\dossier non utilise\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: IEHlprObj Class - {F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - LineAudio.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Fichiers communs\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [TerraTec Remote Control] C:\Program Files\Fichiers communs\TerraTec\Remote\TTTVRC.exe
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [Configuration32 Loader32] winamp32.exe
O4 - HKLM\..\Run: [StartupLog] wmfdng.exe
O4 - HKLM\..\Run: [Whitechix] brightx.exe
O4 - HKLM\..\Run: [Microsoft xpsp2] Networksystem.exe
O4 - HKLM\..\Run: [Hollaback] slvhosts.exe
O4 - HKLM\..\Run: [Vsample] winxpsock.exe
O4 - HKLM\..\Run: [services6] c:\WINNT\system32\drivers\start.bat
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Login Screen Saver] login.scr
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Services] C:\WINNT\system32\6.tmp
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [Magicke] sexfeqa.exe
O4 - HKLM\..\RunServices: [Voidier] bvbxcvsd.exe
O4 - HKLM\..\RunServices: [TmNetDriver Monitor] exbce.exe
O4 - HKLM\..\RunServices: [Configuration32 Loader32] winamp32.exe
O4 - HKLM\..\RunServices: [cvxvdsfw] vasdfd.exe
O4 - HKLM\..\RunServices: [dwqdwq] bfbsdd.exe
O4 - HKLM\..\RunServices: [GSeries] boulze.exe
O4 - HKLM\..\RunServices: [Whitechix] brightx.exe
O4 - HKLM\..\RunServices: [DownNow] downite.exe
O4 - HKLM\..\RunServices: [SoilSouth] Saxcas.exe
O4 - HKLM\..\RunServices: [Hollaback] slvhosts.exe
O4 - HKLM\..\RunServices: [Vsample] winxpsock.exe
O4 - HKLM\..\RunServices: [Screen Saver] SCRNSA~1.SCR
O4 - HKLM\..\RunServices: [MS Screen Saver] scrsave.scr
O4 - HKLM\..\RunServices: [Martini] pinmart.exe
O4 - HKLM\..\RunServices: [sayimici] yujixit.exe
O4 - HKLM\..\RunServices: [Loading] gates32.exe
O4 - HKLM\..\RunServices: [uneri] yujixit.exe
O4 - HKLM\..\RunServices: [services6] c:\WINNT\system32\drivers\start.bat
O4 - HKLM\..\RunServices: [Login Screen Saver] login.scr
O4 - HKLM\..\RunServices: [Windows spoolservr Service] spoolservr.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Magicke] sexfeqa.exe
O4 - HKCU\..\Run: [Voidier] bvbxcvsd.exe
O4 - HKCU\..\Run: [cvxvdsfw] vasdfd.exe
O4 - HKCU\..\Run: [dwqdwq] bfbsdd.exe
O4 - HKCU\..\Run: [TmNetDriver Monitor] exbce.exe
O4 - HKCU\..\Run: [Configuration32 Loader32] winamp32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [GSeries] boulze.exe
O4 - HKCU\..\Run: [Whitechix] brightx.exe
O4 - HKCU\..\Run: [DownNow] downite.exe
O4 - HKCU\..\Run: [Uzza] C:\WINNT\system32\??plorer.exe
O4 - HKCU\..\Run: [SoilSouth] Saxcas.exe
O4 - HKCU\..\Run: [Hollaback] slvhosts.exe
O4 - HKCU\..\Run: [Vsample] winxpsock.exe
O4 - HKCU\..\Run: [uneri] yujixit.exe
O4 - HKCU\..\Run: [Login Screen Saver] login.scr
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Aecs] C:\Program Files\tcaa\aean.exe
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Program Files\epson\EPSON CardMonitor\EPSON CardMonitor1.2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAID Manager.lnk = C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare NT Utilities 2.6 (DNTUS26) - DameWare Development LLC - C:\WINNT\SYSTEM32\DNTUS26.EXE
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Labs - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Mouse Cursor Monitor (mousecrm) - Unknown owner - C:\WINNT\system32\mousecrm.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

on vas d'abord s'occuper de ton bureau:

Télécharge SmitfraudFix de S!Ri:
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Tu le dézippes sur le Bureau.

Tu double cliques dessus et tu choisis l’option 1
Sauvegarde le rapport.

Redémarre en mode sans échec

Relance le et choisis cette fois l’option 2 et réponds oui à tout.

Redémarre normalement et communique les rapports avec un nouveau rapport Hijackthis.

puis dis moi si pour ton bureau c'est bon.

me revoila j'ai suivi tes instructions et voila ce qu'il en ressort

Logfile of HijackThis v1.99.1
Scan saved at 23:21:47, on 27/07/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\SYSTEM32\DNTUS26.EXE
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\mousecrm.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\USISrv.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\a2\a2guard.exe
C:\Program Files\epson\EPSON CardMonitor\EPSON CardMonitor1.2.exe
C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
C:\Documents and Settings\moi\Bureau\dossier non utilise\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: IEHlprObj Class - {F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - LineAudio.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Fichiers communs\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [TerraTec Remote Control] C:\Program Files\Fichiers communs\TerraTec\Remote\TTTVRC.exe
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [Configuration32 Loader32] winamp32.exe
O4 - HKLM\..\Run: [StartupLog] wmfdng.exe
O4 - HKLM\..\Run: [Whitechix] brightx.exe
O4 - HKLM\..\Run: [Microsoft xpsp2] Networksystem.exe
O4 - HKLM\..\Run: [Hollaback] slvhosts.exe
O4 - HKLM\..\Run: [Vsample] winxpsock.exe
O4 - HKLM\..\Run: [services6] c:\WINNT\system32\drivers\start.bat
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Login Screen Saver] login.scr
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Services] C:\WINNT\system32\6.tmp
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [Magicke] sexfeqa.exe
O4 - HKLM\..\RunServices: [Voidier] bvbxcvsd.exe
O4 - HKLM\..\RunServices: [TmNetDriver Monitor] exbce.exe
O4 - HKLM\..\RunServices: [Configuration32 Loader32] winamp32.exe
O4 - HKLM\..\RunServices: [cvxvdsfw] vasdfd.exe
O4 - HKLM\..\RunServices: [dwqdwq] bfbsdd.exe
O4 - HKLM\..\RunServices: [GSeries] boulze.exe
O4 - HKLM\..\RunServices: [Whitechix] brightx.exe
O4 - HKLM\..\RunServices: [DownNow] downite.exe
O4 - HKLM\..\RunServices: [SoilSouth] Saxcas.exe
O4 - HKLM\..\RunServices: [Hollaback] slvhosts.exe
O4 - HKLM\..\RunServices: [Vsample] winxpsock.exe
O4 - HKLM\..\RunServices: [Screen Saver] SCRNSA~1.SCR
O4 - HKLM\..\RunServices: [MS Screen Saver] scrsave.scr
O4 - HKLM\..\RunServices: [Martini] pinmart.exe
O4 - HKLM\..\RunServices: [sayimici] yujixit.exe
O4 - HKLM\..\RunServices: [Loading] gates32.exe
O4 - HKLM\..\RunServices: [uneri] yujixit.exe
O4 - HKLM\..\RunServices: [services6] c:\WINNT\system32\drivers\start.bat
O4 - HKLM\..\RunServices: [Login Screen Saver] login.scr
O4 - HKLM\..\RunServices: [Windows spoolservr Service] spoolservr.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Magicke] sexfeqa.exe
O4 - HKCU\..\Run: [Voidier] bvbxcvsd.exe
O4 - HKCU\..\Run: [cvxvdsfw] vasdfd.exe
O4 - HKCU\..\Run: [dwqdwq] bfbsdd.exe
O4 - HKCU\..\Run: [TmNetDriver Monitor] exbce.exe
O4 - HKCU\..\Run: [Configuration32 Loader32] winamp32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [GSeries] boulze.exe
O4 - HKCU\..\Run: [Whitechix] brightx.exe
O4 - HKCU\..\Run: [DownNow] downite.exe
O4 - HKCU\..\Run: [Uzza] C:\WINNT\system32\??plorer.exe
O4 - HKCU\..\Run: [SoilSouth] Saxcas.exe
O4 - HKCU\..\Run: [Hollaback] slvhosts.exe
O4 - HKCU\..\Run: [Vsample] winxpsock.exe
O4 - HKCU\..\Run: [uneri] yujixit.exe
O4 - HKCU\..\Run: [Login Screen Saver] login.scr
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Aecs] C:\Program Files\tcaa\aean.exe
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Program Files\epson\EPSON CardMonitor\EPSON CardMonitor1.2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAID Manager.lnk = C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare NT Utilities 2.6 (DNTUS26) - DameWare Development LLC - C:\WINNT\SYSTEM32\DNTUS26.EXE
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Labs - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Mouse Cursor Monitor (mousecrm) - Unknown owner - C:\WINNT\system32\mousecrm.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe


rapport en choix n 1

SmitFraudFix v1.3

Rapport fait à 23:03:07,34 le mer. 27/07/2005
Executé à partir de C:\Documents and Settings\moi\Bureau\dossier non utilise\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195]

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINNT


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINNT\system


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINNT\Web


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINNT\system32


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINNT\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\moi\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport

et en choix n 2

SmitFraudFix v1.3

Rapport fait à 23:10:35,81 le mer. 27/07/2005
Executé à partir de C:\Documents and Settings\moi\Bureau\dossier non utilise\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195]

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés



»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport

et voila voila

comprend pas pourquoi mon rapport hijackthis serait amuvais et pourquoi dans le systeme 32 le fichier rdriv.sys et infecter par mon virus rootkit

j'ai eut le meme probleme que tout a l'heure pour recupere mes iconnes

finalment je vais rester un peut

copie colle ceci dans le bloc note attention respect la ligne vide avant regedit et la derniere a la fin du reg
------------

REGEDIT4

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinAwk"=-
"WinAwk.exe"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\virus]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\virus]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\virus]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\virus]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdriv]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iTunesMusic]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentContro lSet\Control\Lsa]
"restrictanonymous" =-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM" =-

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_ITUNESMUSIC\0000]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\Legacy_RDRIV\0000]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Lanmanger\parameters\AutoShareServer]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Lanmanger\parameters\AutoShareWks]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Lanmanworkstation\parameters\AutoShareServer]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Lanmanworkstation\parameters\AutoShareWks]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
"DoNotAllowXPSP2" =-
"AUOptions" =-

---------------
enregistre le sur ton bureau met lui comme nom
regspy.reg
et sur type tu met tous fichiers
-------------
deconnecte toi
double clik sur le fichier reg que tu vient de faire et confirme


recherche et suppr ceci

iTunesMusic.exe
et
rdriv.sys

C:\WINDOWS\winxphost.exe

tu passe un coup de spybot, A² et ad-aware ainsi que ton antivirus et panda.puis reposte un log hijackthis et dis nous si le probleme persiste(smitfraud est tres coriace!!! :-x :-x )si ca ne marche pas donc faudra nettoyer le log a la main comme le dis esteben54(que je salue au passage)lol

j'ai fait reussi a creer le fichier j'ai double cliquer dessus il m'a donner une info dont je ne me souvient plus mes ca avait l'etre d'etre ok.
puis j'ai fait demarrer rechercher fichier ou dossier et je n'ai rien trouver

vous etes pas arrive je ne dois pas etre tres doue pour l'informatique

Bon c clair il faudra "nettoyer" tout ça à la main...
mais je n'ai pas le temps de le faire - sorry - car je pars en vacances demain pour 15 jours :biggrin: :biggrin:
J'espère que Hardware (que je salue à mon tour) ou d'autres pourront t'aider à t'en sortir...

a+

Salut je posterer un nouveau log en rentrant chez moi ce soir.Par contre on ma dit qu'il fallait que formate mon disque parce que des fichiers de windows avait etait endommage ou modifier et que j'installe windows xp.Je ne mis connait pas assez pour apprecier cette remarque si tu pouvait me dire ce que tu en pense.

merci d'avance et a ce soir

salut j'habite a toulouse le temps est pourri et il se prepare un deluge.
il ma fallut exactement 9 minutes pour atteindre cette etape c'est pas mal.
j'ai refait la manip de hardware avec le fichier regspy.reg et en fait voila ce qu'il me dit

Impossible d'importer C:\DOCUME~1\moi\bureau\regspy.reg : le fichier specifier n'est pas un scripte du registre.vous ne pouvez importer que des fichiers du registre.

j'en profite pour coller mon nouveau log

Logfile of HijackThis v1.99.1
Scan saved at 19:18:58, on 28/07/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\SYSTEM32\DNTUS26.EXE
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\SYSTEM32\DWRCST.exe
C:\WINNT\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\USISrv.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\A.tmp
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\moi\Bureau\dossier non utilise\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: IEHlprObj Class - {F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - LineAudio.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Fichiers communs\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [TerraTec Remote Control] C:\Program Files\Fichiers communs\TerraTec\Remote\TTTVRC.exe
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [Configuration32 Loader32] winamp32.exe
O4 - HKLM\..\Run: [StartupLog] wmfdng.exe
O4 - HKLM\..\Run: [Whitechix] brightx.exe
O4 - HKLM\..\Run: [Microsoft xpsp2] Networksystem.exe
O4 - HKLM\..\Run: [Hollaback] slvhosts.exe
O4 - HKLM\..\Run: [Vsample] winxpsock.exe
O4 - HKLM\..\Run: [services6] c:\WINNT\system32\drivers\start.bat
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Login Screen Saver] login.scr
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Services] C:\WINNT\system32\A.tmp
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [Magicke] sexfeqa.exe
O4 - HKLM\..\RunServices: [Voidier] bvbxcvsd.exe
O4 - HKLM\..\RunServices: [TmNetDriver Monitor] exbce.exe
O4 - HKLM\..\RunServices: [Configuration32 Loader32] winamp32.exe
O4 - HKLM\..\RunServices: [cvxvdsfw] vasdfd.exe
O4 - HKLM\..\RunServices: [dwqdwq] bfbsdd.exe
O4 - HKLM\..\RunServices: [GSeries] boulze.exe
O4 - HKLM\..\RunServices: [Whitechix] brightx.exe
O4 - HKLM\..\RunServices: [DownNow] downite.exe
O4 - HKLM\..\RunServices: [SoilSouth] Saxcas.exe
O4 - HKLM\..\RunServices: [Hollaback] slvhosts.exe
O4 - HKLM\..\RunServices: [Vsample] winxpsock.exe
O4 - HKLM\..\RunServices: [Screen Saver] SCRNSA~1.SCR
O4 - HKLM\..\RunServices: [MS Screen Saver] scrsave.scr
O4 - HKLM\..\RunServices: [Martini] pinmart.exe
O4 - HKLM\..\RunServices: [sayimici] yujixit.exe
O4 - HKLM\..\RunServices: [Loading] gates32.exe
O4 - HKLM\..\RunServices: [uneri] yujixit.exe
O4 - HKLM\..\RunServices: [services6] c:\WINNT\system32\drivers\start.bat
O4 - HKLM\..\RunServices: [Login Screen Saver] login.scr
O4 - HKLM\..\RunServices: [Windows spoolservr Service] spoolservr.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Magicke] sexfeqa.exe
O4 - HKCU\..\Run: [Voidier] bvbxcvsd.exe
O4 - HKCU\..\Run: [cvxvdsfw] vasdfd.exe
O4 - HKCU\..\Run: [dwqdwq] bfbsdd.exe
O4 - HKCU\..\Run: [TmNetDriver Monitor] exbce.exe
O4 - HKCU\..\Run: [Configuration32 Loader32] winamp32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [GSeries] boulze.exe
O4 - HKCU\..\Run: [Whitechix] brightx.exe
O4 - HKCU\..\Run: [DownNow] downite.exe
O4 - HKCU\..\Run: [Uzza] C:\WINNT\system32\??plorer.exe
O4 - HKCU\..\Run: [SoilSouth] Saxcas.exe
O4 - HKCU\..\Run: [Hollaback] slvhosts.exe
O4 - HKCU\..\Run: [Vsample] winxpsock.exe
O4 - HKCU\..\Run: [uneri] yujixit.exe
O4 - HKCU\..\Run: [Login Screen Saver] login.scr
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Aecs] C:\Program Files\tcaa\aean.exe
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Program Files\epson\EPSON CardMonitor\EPSON CardMonitor1.2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAID Manager.lnk = C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare NT Utilities 2.6 (DNTUS26) - DameWare Development LLC - C:\WINNT\SYSTEM32\DNTUS26.EXE
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Labs - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Mouse Cursor Monitor (mousecrm) - Unknown owner - C:\WINNT\system32\mousecrm.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe


aidez moi je perd ma connexion internet je n'ai que la moitier des textes qui s'affiche et un nouveau virus Backdoor.Win32.Agent.mo vient d'etre decouvert par kaspersky mais il ne peut pas le supprimer

j'espere que mon texte va passer comme il faut

au secours merci

Bonjour,

En analysant ton rapport j'ai trouvé d'énormes difficultées avec les lignes 04: 98% des 04 ne figuraient pas dans les startups listes de et les bases de données. En attendant un analyste plus expérimenté que moi, (je te conseille d'attendre chercheurPCA, c'est le meilleur d'après moi)je préfère ne pas faire de bêtises puisque les lignes ne figurent nulle part.

Bonne soirée!

bonsoir il me poe la question suivante que dois-je faire

le fichierc:\WINNT\systeme.32\myversion.exe\enslaved.exe ne peut pas etre enlever parce qu'il fait partie de l'archive C:\WINNT\systeme32\myversion.exe.Voulez vous eliminer la totalite de l'archive.

merci

je poste quand meme mes deux rapport et j'ai repondu non a la question

---------------------------------------------------------
ewido security suite - Rapport de scan
---------------------------------------------------------

+ Créé le: 23:44:58, 28/07/2005
+ Somme de contrôle: A45E9F1D

+ Résultats du scan:

C:\Documents and Settings\moi\Cookies\moi@adtech[2].txt -> Spyware.Cookie.Adtech : Nettoyer et sauvegarder
C:\Documents and Settings\moi\Cookies\moi@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Nettoyer et sauvegarder
C:\WINNT\system32\bside\devcheck.exe -> Backdoor.Cl4 : Nettoyer et sauvegarder
C:\WINNT\system32\myversion.exe/enslaved.exe -> Heuristic.Win32.Morphine-Crypted : Erreur durant le nettoyage


::Fin du rapport

Logfile of HijackThis v1.99.1
Scan saved at 23:45:58, on 28/07/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\SYSTEM32\DNTUS26.EXE
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SYSTEM32\DWRCST.exe
C:\WINNT\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\USISrv.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\internat.exe
C:\Program Files\a2\a2guard.exe
C:\Program Files\epson\EPSON CardMonitor\EPSON CardMonitor1.2.exe
C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Documents and Settings\moi\Bureau\dossier non utilise\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: IEHlprObj Class - {F62A47A7-4CA3-9D00-95A3-6724d43a9E8C} - LineAudio.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Fichiers communs\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [TerraTec Remote Control] C:\Program Files\Fichiers communs\TerraTec\Remote\TTTVRC.exe
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [Configuration32 Loader32] winamp32.exe
O4 - HKLM\..\Run: [StartupLog] wmfdng.exe
O4 - HKLM\..\Run: [Whitechix] brightx.exe
O4 - HKLM\..\Run: [Microsoft xpsp2] Networksystem.exe
O4 - HKLM\..\Run: [Hollaback] slvhosts.exe
O4 - HKLM\..\Run: [Vsample] winxpsock.exe
O4 - HKLM\..\Run: [services6] c:\WINNT\system32\drivers\start.bat
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Login Screen Saver] login.scr
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Services] C:\WINNT\system32\A.tmp
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [Magicke] sexfeqa.exe
O4 - HKLM\..\RunServices: [Voidier] bvbxcvsd.exe
O4 - HKLM\..\RunServices: [TmNetDriver Monitor] exbce.exe
O4 - HKLM\..\RunServices: [Configuration32 Loader32] winamp32.exe
O4 - HKLM\..\RunServices: [cvxvdsfw] vasdfd.exe
O4 - HKLM\..\RunServices: [dwqdwq] bfbsdd.exe
O4 - HKLM\..\RunServices: [GSeries] boulze.exe
O4 - HKLM\..\RunServices: [Whitechix] brightx.exe
O4 - HKLM\..\RunServices: [DownNow] downite.exe
O4 - HKLM\..\RunServices: [SoilSouth] Saxcas.exe
O4 - HKLM\..\RunServices: [Hollaback] slvhosts.exe
O4 - HKLM\..\RunServices: [Vsample] winxpsock.exe
O4 - HKLM\..\RunServices: [Screen Saver] SCRNSA~1.SCR
O4 - HKLM\..\RunServices: [MS Screen Saver] scrsave.scr
O4 - HKLM\..\RunServices: [Martini] pinmart.exe
O4 - HKLM\..\RunServices: [sayimici] yujixit.exe
O4 - HKLM\..\RunServices: [Loading] gates32.exe
O4 - HKLM\..\RunServices: [uneri] yujixit.exe
O4 - HKLM\..\RunServices: [services6] c:\WINNT\system32\drivers\start.bat
O4 - HKLM\..\RunServices: [Login Screen Saver] login.scr
O4 - HKLM\..\RunServices: [Windows spoolservr Service] spoolservr.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Magicke] sexfeqa.exe
O4 - HKCU\..\Run: [Voidier] bvbxcvsd.exe
O4 - HKCU\..\Run: [cvxvdsfw] vasdfd.exe
O4 - HKCU\..\Run: [dwqdwq] bfbsdd.exe
O4 - HKCU\..\Run: [TmNetDriver Monitor] exbce.exe
O4 - HKCU\..\Run: [Configuration32 Loader32] winamp32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [GSeries] boulze.exe
O4 - HKCU\..\Run: [Whitechix] brightx.exe
O4 - HKCU\..\Run: [DownNow] downite.exe
O4 - HKCU\..\Run: [Uzza] C:\WINNT\system32\??plorer.exe
O4 - HKCU\..\Run: [SoilSouth] Saxcas.exe
O4 - HKCU\..\Run: [Hollaback] slvhosts.exe
O4 - HKCU\..\Run: [Vsample] winxpsock.exe
O4 - HKCU\..\Run: [uneri] yujixit.exe
O4 - HKCU\..\Run: [Login Screen Saver] login.scr
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Aecs] C:\Program Files\tcaa\aean.exe
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Program Files\epson\EPSON CardMonitor\EPSON CardMonitor1.2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAID Manager.lnk = C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdown...
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DameWare NT Utilities 2.6 (DNTUS26) - DameWare Development LLC - C:\WINNT\SYSTEM32\DNTUS26.EXE
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Labs - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

merci encore


Bonsoir

Tu va recommencer le scan d'Ewido et dire oui pour supprimer le fichier.

Il y a un très lèger mieux avec le rapport Hijackthis.

On va continuer le ménage, car sinon, tu va avoir beaucoup de fichiers à chercher sur l'ordinateur pour les supprimer. Car on ne connais pas leur localisation !
Cela correspond à la plupart des lignes 04.

Télécharge
Stinger
http://download.nai.com/products/mcafee-avert/s-t-i-n-g...
Installe le dans un répertoire dédié

About Buster
http://www.malwarebytes.biz/index.php?page=downloads
Une fois téléchargé,tu le dézippe,et tu mets un raccourci sur le bureau.

The Cleaner
http://telechargement1.pcastuces.com/temp6bs2/cleaner3....
C'est une version free limitée à 30 jours.
Installes le dans un répertoire dédié.
Lances le scan.

Lance le scan de Stinger.

Double clique sur About:Buster.
Clique sur Begin Removal
Un scan est exécuté.
Refaire un second scan.

Poste le rapport ici, avec un nouveau rapport HijackThis.
Et là, on supprime.
Lassé par la pub ? Créez un compte

Créer un nouveau sujet

Tom's guide dans le monde