win 32 vbstat-c comment faire?
Forum Sécurité - Virus : win 32 vbstat-c comment faire?
bonjour a tous
quel qu'un pourait t'il m'aider je suis actuellement en bagarre avec mon ordi et je n'arrive pas a supprimmer ce trojan
a l'aide
que dois-je faire?
Bonjour,
Télécharge Hijackthis (de Merjin).
Dézippe-le dans un dossier ou sur ton Bureau.
Lance l'application (Hijackthis.exe) :
- Choisis l'option "Do a system scan and save a logfile"
- Le Bloc-Notes s'ouvre, poste son contenu :
- Edition / Sélectionner tout
- Edition / Copier
- Clique-Droit / Coller dans ta réponse
AIDE : Tuto en vidéo sur Hijackthis
Message édité par Angeldark le 11-06-2007 à 18:34:46
Répondre à Angeldark
bonjour et merci de repondre aussi vite
voici le contenu du bloc note:
Logfile of HijackThis v1.99.1
Scan saved at 18:35:57, on 11/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Documents and Settings\tavaron\Bureau\mes document julien\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {2BA868A8-DA4F-849C-6FF7-82AD0B0BB4C7} - C:\WINDOWS\system32\csirod.dll (file missing)
O4 - HKLM\..\Run: [Windows Process Manager] winproc.exe
O4 - HKLM\..\Run: [REGWIN32] C:\pichx.exe
O4 - HKLM\..\Run: [REGMSYS] C:\klanp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\eoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Nfo] C:\WINDOWS\system32\nfomon\nfomon.exe
O4 - HKLM\..\Run: [AmokFastMoveLogo] C:\Documents and Settings\All Users\Application Data\That heart amok fast\1 bird.exe
O4 - HKLM\..\Run: [j7211635] rundll32 C:\WINDOWS\system32\j7211635.dll sook
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\lokjcxli.dll",realset
O4 - HKLM\..\RunServices: [Windows Process Manager] winproc.exe
O4 - HKLM\..\RunServices: [Microsoft Windows 64 Bit] mswin32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Rcre] "C:\WINDOWS\system32\FNTS~1\dexplore.exe" -vt yazb
O4 - HKCU\..\Run: [Ihrcb] C:\Documents and Settings\tavaron\Application Data\s?mbols\w?crtupd.exe
O4 - HKCU\..\Run: [Once Scr] C:\DOCUME~1\tavaron\APPLIC~1\SEEKGL~1\showgram.exe
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Startup: TribalWeb.net.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SC Test Branding Service 1 - SC Test Branding 1 - C:\Program Files\Fichiers communs\SC Test Branding 1 Shared\Service\SCTestService1.exe
O23 - Service: Srv32 - Unknown owner - C:\WINDOWS\system32\srv32.exe (file missing)
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe (file missing)
Re,
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
- Double-clique VundoFix.exe afin de le lancer
- Clique sur le bouton Scan for Vundo
- Lorsque le scan est complété, clique sur le bouton Remove Vundo
- Une invite te demandera si tu veux supprimer les fichiers, clique YES
- Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
- Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
- Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
Répondre à Angeldark
rapport vundofix:
VundoFix V6.5.0
Checking Java version...
Java version is 1.4.2.1
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Java version is 1.5.0.11
Scan started at 19:11:06 11/06/2007
Listing files found while scanning....
C:\windows\system32\aitcdrqj.exe
C:\WINDOWS\system32\aricetbx.dll
C:\windows\system32\cqeeyxdn.dll
C:\WINDOWS\system32\dgjlm.bak1
C:\WINDOWS\system32\dgjlm.bak2
C:\WINDOWS\system32\dgjlm.ini
C:\WINDOWS\system32\dgjlm.ini2
C:\WINDOWS\system32\dgjlm.tmp
C:\WINDOWS\system32\fccddby.dll
C:\windows\system32\fwfcfhxn.exe
C:\WINDOWS\system32\geeby.dll
C:\WINDOWS\system32\hmwjdsnp.dll
C:\windows\system32\hvldgjau.exe
C:\windows\system32\icdjjonx.ini
C:\windows\system32\j7211635.dll
C:\WINDOWS\system32\jxxjttiu.dll
C:\WINDOWS\system32\ksfeqgqc.dll
C:\windows\system32\lvfbrdoi.dll
C:\windows\system32\mjlhhprc.dll
C:\WINDOWS\system32\mljgd.dll
C:\WINDOWS\system32\qljdemhg.dll
C:\windows\system32\qouesvwy.dll
C:\WINDOWS\system32\reoptfaq.dll
C:\WINDOWS\system32\vcbyfqsw.dll
C:\windows\system32\xnojjdci.dll
C:\WINDOWS\system32\ybeeg.bak1
C:\WINDOWS\system32\ybeeg.bak2
C:\WINDOWS\system32\ybeeg.ini
Beginning removal...
Attempting to delete C:\windows\system32\aitcdrqj.exe
C:\windows\system32\aitcdrqj.exe Has been deleted!
Attempting to delete C:\windows\system32\cqeeyxdn.dll
C:\windows\system32\cqeeyxdn.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\dgjlm.bak1
C:\WINDOWS\system32\dgjlm.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\dgjlm.bak2
C:\WINDOWS\system32\dgjlm.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\dgjlm.ini
C:\WINDOWS\system32\dgjlm.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\dgjlm.ini2
C:\WINDOWS\system32\dgjlm.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\dgjlm.tmp
C:\WINDOWS\system32\dgjlm.tmp Has been deleted!
Attempting to delete C:\windows\system32\fwfcfhxn.exe
C:\windows\system32\fwfcfhxn.exe Has been deleted!
Attempting to delete C:\windows\system32\hvldgjau.exe
C:\windows\system32\hvldgjau.exe Has been deleted!
Attempting to delete C:\windows\system32\icdjjonx.ini
C:\windows\system32\icdjjonx.ini Has been deleted!
Attempting to delete C:\windows\system32\j7211635.dll
C:\windows\system32\j7211635.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jxxjttiu.dll
C:\WINDOWS\system32\jxxjttiu.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ksfeqgqc.dll
C:\WINDOWS\system32\ksfeqgqc.dll Has been deleted!
Attempting to delete C:\windows\system32\lvfbrdoi.dll
C:\windows\system32\lvfbrdoi.dll Has been deleted!
Attempting to delete C:\windows\system32\mjlhhprc.dll
C:\windows\system32\mjlhhprc.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mljgd.dll
C:\WINDOWS\system32\mljgd.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qljdemhg.dll
C:\WINDOWS\system32\qljdemhg.dll Has been deleted!
Attempting to delete C:\windows\system32\qouesvwy.dll
C:\windows\system32\qouesvwy.dll Has been deleted!
Attempting to delete C:\windows\system32\xnojjdci.dll
C:\windows\system32\xnojjdci.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ybeeg.bak1
C:\WINDOWS\system32\ybeeg.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ybeeg.bak2
C:\WINDOWS\system32\ybeeg.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ybeeg.ini
C:\WINDOWS\system32\ybeeg.ini Has been deleted!
Performing Repairs to the registry.
Done!
rapport hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 19:21:25, on 11/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\tavaron\Bureau\mes document julien\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {2BA868A8-DA4F-849C-6FF7-82AD0B0BB4C7} - C:\WINDOWS\system32\csirod.dll (file missing)
O2 - BHO: (no name) - {2BA868A8-DA4F-849C-6FF7-82AD0B0BB4C7} - C:\WINDOWS\system32\csirod.dll (file missing)
O2 - BHO: (no name) - {3C0A21BB-E27C-4463-B325-694BB29238F2} - C:\WINDOWS\system32\mljgd.dll (file missing)
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: (no name) - {7307DA95-B922-4000-997C-B93747D29551} - C:\WINDOWS\system32\geeby.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {92A444D2-F945-4dd9-89A1-896A6C2D8D22} - C:\WINDOWS\system32\frxtqlnn.dll
O2 - BHO: (no name) - {A4CEB29F-CE87-4832-8A13-7124B81791C7} - C:\WINDOWS\system32\mjlhhprc.dll (file missing)
O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\WINDOWS\system32\lvfbrdoi.dll (file missing)
O4 - HKLM\..\Run: [Windows Process Manager] winproc.exe
O4 - HKLM\..\Run: [REGWIN32] C:\pichx.exe
O4 - HKLM\..\Run: [REGMSYS] C:\klanp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\eoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Nfo] C:\WINDOWS\system32\nfomon\nfomon.exe
O4 - HKLM\..\Run: [AmokFastMoveLogo] C:\Documents and Settings\All Users\Application Data\That heart amok fast\1 bird.exe
O4 - HKLM\..\Run: [j7211635] rundll32 C:\WINDOWS\system32\j7211635.dll sook
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\lokjcxli.dll",realset
O4 - HKLM\..\RunServices: [Windows Process Manager] winproc.exe
O4 - HKLM\..\RunServices: [Microsoft Windows 64 Bit] mswin32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Rcre] "C:\WINDOWS\system32\FNTS~1\dexplore.exe" -vt yazb
O4 - HKCU\..\Run: [Ihrcb] C:\Documents and Settings\tavaron\Application Data\s?mbols\w?crtupd.exe
O4 - HKCU\..\Run: [Once Scr] C:\DOCUME~1\tavaron\APPLIC~1\SEEKGL~1\showgram.exe
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Startup: TribalWeb.net.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: fccddby - fccddby.dll (file missing)
O20 - Winlogon Notify: geeby - C:\WINDOWS\system32\geeby.dll (file missing)
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SC Test Branding Service 1 - SC Test Branding 1 - C:\Program Files\Fichiers communs\SC Test Branding 1 Shared\Service\SCTestService1.exe
O23 - Service: Srv32 - Unknown owner - C:\WINDOWS\system32\srv32.exe (file missing)
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe (file missing)
Re,
- Télécharge combofix.exe (par sUBs) sur ton Bureau.
- Double clique combofix.exe.
- Tape sur la touche Y (Yes) pour démarrer le scan.
- Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
&
Télécharge LopResearch.zip
Dézippe-le sur ton Bureau uniquement.
Double-clique sur le fichier Scan.bat
Un rapport sera généré, poste son contenu ici.
&
Télécharge Clean.zip (de Malekal),
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.
Répondre à Angeldark
Code :
|
ComboFix 07-06-11.3 - C:\Documents and Settings\tavaron\Bureau\ComboFix.exe
"tavaron" - 2007-06-11 19:25:33 - Service Pack 2 NTFS
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\lokjcxli.dll
C:\WINDOWS\system32\oioxyqom.dll
C:\WINDOWS\system32\ilxcjkol.ini
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\nfo
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\vidmon
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\vidmon\vidmon.inf
C:\DOCUME~1\tavaron\APPLIC~1.\macromedia\Flash Player\#SharedObjects\YJ6756L9\www.broadcaster.com
C:\DOCUME~1\tavaron\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\tavaron\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\DOCUME~1\tavaron\APPLIC~1.\smbols~1
C:\lswmv.ini
C:\Program Files\dobe~1
C:\Program Files\Fichiers communs\{2B1B1~1
C:\Program Files\Fichiers communs\{2B1B1~2
C:\Program Files\Fichiers communs\{3B1B1~1
C:\Program Files\Fichiers communs\{3B1B1~2
C:\Program Files\Fichiers communs\{3B1B1~2\UnInstall.exe
C:\Program Files\Fichiers communs\Uninstall Information
C:\Program Files\Fichiers communs\Yazzle1122OinUninstaller.exe
C:\Program Files\inetget2
C:\Program Files\ipwindows
C:\Program Files\ipwins
C:\Program Files\ipwins\Uninst.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\ystem~1
C:\WINDOWS\hosts
C:\WINDOWS\smante~1
C:\WINDOWS\system32\fnts~1
C:\WINDOWS\system32\nfomon
C:\WINDOWS\system32\nfomon\License.txt
C:\WINDOWS\system32\unsvchosts.lzma
C:\WINDOWS\system32\vidmon
C:\WINDOWS\system32\wnstssv.exe
C:\WINDOWS\system32\ystem3~1
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_COM+_MESSAGES
-------\LEGACY_WINDOWS_LOG
-------\Windows Log
((((((((((((((((((((((((( Files Created from 2007-05-11 to 2007-06-11 )))))))))))))))))))))))))))))))
2007-06-11 19:25 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-11 19:14 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-06-11 19:11 <REP> d-------- C:\VundoFix Backups
2007-06-11 18:13 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-06-11 18:13 <REP> d-------- C:\Program Files\Spyware Doctor
2007-06-07 19:56 55,316 --a------ C:\WINDOWS\system32\frxtqlnn.dll
2007-06-07 08:59 55,316 --a------ C:\WINDOWS\system32\gporqcfd.dll
2007-05-27 21:29 <REP> d-------- C:\Program Files\FileZilla
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-11 14:48:36 43,840 ----a-w C:\DOCUME~1\tavaron\APPLIC~1\wklnhst.dat
2007-06-09 10:21:39 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-06-09 10:01:05 -------- d-----w C:\Program Files\AviSynth 2.5
2007-06-07 07:45:51 -------- d-----w C:\Program Files\Fichiers communs\WinAntiVirus Pro 2006
2007-06-04 10:13:29 -------- d-----w C:\Program Files\eMule
2007-05-27 17:49:58 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-05-13 08:27:11 -------- d-----w C:\Program Files\Multi_Media_France
2007-05-13 08:27:11 -------- d-----w C:\Program Files\Common Files
2007-05-12 15:16:38 -------- d-----w C:\Program Files\Elaborate Bytes
2007-05-12 15:16:03 -------- d-----w C:\Program Files\SlySoft
2007-05-12 14:24:21 -------- d-----w C:\Program Files\MSN Games
2007-05-12 14:23:23 -------- d-----w C:\DOCUME~1\tavaron\APPLIC~1\PlayFirst
2007-05-04 15:30:55 -------- d-----w C:\DOCUME~1\tavaron\APPLIC~1\Lavasoft
2007-04-30 18:35:51 -------- d-----w C:\DOCUME~1\tavaron\APPLIC~1\dvdcss
2007-04-30 17:38:15 -------- d-----w C:\DOCUME~1\tavaron\APPLIC~1\TribalWeb
2007-04-30 17:37:37 -------- d-----w C:\Program Files\TribalWeb.net
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 13:59:33 -------- d-----w C:\Program Files\TomTom HOME
2007-04-16 13:58:40 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-16 13:58:16 -------- d-----w C:\DOCUME~1\tavaron\APPLIC~1\InstallShield
2007-04-08 15:55:51 224,326 ----a-w C:\WINDOWS\UNINPIL.EXE
2007-03-25 08:51:20 64,552 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-03-25 08:51:20 446,630 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-03-17 13:44:47 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{2BA868A8-DA4F-849C-6FF7-82AD0B0BB4C7}=C:\WINDOWS\system32\csirod.dll []
{3C0A21BB-E27C-4463-B325-694BB29238F2}=C:\WINDOWS\system32\mljgd.dll []
{64F56FC1-1272-44CD-BA6E-39723696E350}=C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL []
{7307DA95-B922-4000-997C-B93747D29551}=C:\WINDOWS\system32\geeby.dll []
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-07 01:02]
{A4CEB29F-CE87-4832-8A13-7124B81791C7}=C:\WINDOWS\system32\mjlhhprc.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Process Manager"="winproc.exe" []
"REGWIN32"="C:\pichx.exe" []
"REGMSYS"="C:\klanp.exe" []
"SoundMan"="SOUNDMAN.EXE" [2003-09-23 10:09 C:\WINDOWS\SOUNDMAN.EXE]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-11-29 15:21]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 19:49]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 16:49]
"EoEngine"="C:\Program Files\eoRezo\EoEngine.exe" []
"EoRss"="" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-24 04:24]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"AmokFastMoveLogo"="C:\Documents and Settings\All Users\Application Data\That heart amok fast\1 bird.exe" [2007-03-16 11:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:54]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" []
"Spyware Cleaner"="C:\Program Files\Spyware Cleaner\SpywareCleaner.exe" []
"NBJ"="C:\Program Files\ahead\Nero BackItUp\NBJ.exe" [2004-09-07 13:55]
"Rcre"="C:\WINDOWS\system32\FNTS~1\dexplore.exe" []
"Ihrcb"="C:\Documents and Settings\tavaron\Application Data\s?mbols\w?crtupd.exe" []
"Once Scr"="C:\DOCUME~1\tavaron\APPLIC~1\SEEKGL~1\showgram.exe" [2007-03-16 11:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Windows Process Manager"=winproc.exe
"Microsoft Windows 64 Bit"=mswin32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccddby]
fccddby.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geeby]
C:\WINDOWS\system32\geeby.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=NVDESK32.DLL
Contents of the 'Scheduled Tasks' folder
2007-06-11 17:00:01 C:\WINDOWS\tasks\A8C3284A91B4DC1E.job
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-11 19:32:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-06-11 19:35:33 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-11 19:35
--- E O F ---
il me reste plus qu'a passer clean up
11/06/2007 a 19:46:01,76
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\mcrh.tmp FOUND
C:\WINDOWS\system32\SpoonUninstall.exe FOUND
C:\WINDOWS\system32\stera.job FOUND
C:\WINDOWS\system32\winocx.exe FOUND
"C:\Documents and Settings\tavaron\Application Data\WinAntivirus Pro 2006\" FOUND
*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\Fichiers communs\WinAntiVirus Pro 2006\" FOUND
"C:\Program Files\mozilla firefox\components\npclntax.xpt" FOUND
"C:\Program Files\BitDownload" FOUND
"C:\Program Files\Montorgueil\" FOUND
"C:\Program Files\Montorgueil\" FOUND
"C:\Program Files\Multi_Media_France\" FOUND
"C:\Program Files\spyware cleaner\" FOUND
*** Fin du rapport !
LopResearch ?
Message édité par Angeldark le 11-06-2007 à 20:13:46
Répondre à Angeldark
mon rapport est il clean ou je dois continuer!
rapport lop :
Rapport fait à 19:28:12.28 le 2007-06-11
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 7888-133B
R‚pertoire de C:\Documents and Settings\All Users\Application Data
2007-04-16 16:00 <REP> TomTom
2007-03-16 11:00 <REP> That heart amok fast
2007-02-16 11:29 1755 QTSBandwidthCache
2007-01-30 16:01 <REP> nfo
2007-01-27 15:25 <REP> TEMP
2007-01-03 12:57 <REP> WinAntiVirus Pro 2006
2006-12-24 14:18 <REP> vidmon
2006-12-16 13:50 <REP> Macrovision
2006-11-22 12:03 <REP> Adobe
2006-11-18 18:35 <REP> SpinTop Games
2006-10-30 17:11 <REP> Apple Computer
2006-10-22 19:33 <REP> MumboJumbo
2006-09-03 19:43 <REP> HP
2006-09-03 19:29 820 hpzinstall.log
2006-07-08 16:18 <REP> Sandlot Games
2006-07-08 16:01 <REP> PlayFirst
2006-06-30 13:34 <REP> JollyBear
2006-06-30 13:14 <REP> Windows Genuine Advantage
2006-01-18 22:52 <REP> SC Test Branding 1
2006-01-08 17:25 <REP> BOONTY
2005-11-22 11:36 <REP> MSN6
2005-08-29 14:51 <REP> Symantec
2005-07-26 12:08 <REP> CyberLink
2005-07-26 11:52 62 desktop.ini
2005-07-26 11:51 <REP> Microsoft
2005-07-26 11:51 <REP> .
2005-07-26 11:51 <REP> ..
3 fichier(s) 2637 octets
24 R‚p(s) 55332466688 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 7888-133B
R‚pertoire de C:\Documents and Settings\Default User\Application Data
2005-07-26 12:15 <REP> InterTrust
2005-07-26 12:15 <REP> Adobe
2005-07-26 12:15 <REP> Identities
2005-07-26 12:15 <REP> Sun
2005-07-26 11:52 62 desktop.ini
2005-07-26 11:51 <REP> Microsoft
2005-07-26 11:51 <REP> ..
2005-07-26 11:51 <REP> .
1 fichier(s) 62 octets
7 R‚p(s) 55332466688 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 7888-133B
R‚pertoire de C:\Documents and Settings\Propri‚taire
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 7888-133B
R‚pertoire de C:\Documents and Settings\tavaron\Application Data
2007-04-30 19:37 <REP> TribalWeb
2007-04-16 15:58 <REP> InstallShield
2007-03-16 11:00 <REP> BitDownload
2007-03-16 11:00 <REP> Seek Global Ping
2007-01-15 11:45 <REP> dvdcss
2007-01-04 20:01 <REP> Lavasoft
2007-01-03 13:24 694 update.log
2007-01-03 12:57 <REP> WinAntiVirus Pro 2006
2006-12-16 11:31 <REP> s?mbols
2006-12-09 16:04 <REP> Shareaza
2006-11-24 23:41 <REP> Leadertech
2006-11-13 19:24 801 com.kaisakura.ipsp2.plist
2006-11-13 19:24 37 com.kaisakura.ipsp2user.plist
2006-10-30 17:13 <REP> Apple Computer
2006-09-22 19:11 <REP> EoRezo
2006-08-31 12:47 <REP> ATI
2006-08-23 13:57 <REP> MysteryStudio
2006-07-19 22:32 <REP> 7Wonders
2006-07-14 17:27 <REP> pixelStorm
2006-07-08 17:40 <REP> Magic Match
2006-07-08 16:01 <REP> PlayFirst
2006-07-08 14:15 <REP> Beep
2006-07-01 16:07 <REP> Alawar
2006-03-30 19:26 0 sversion.ini
2006-03-30 18:30 <REP> Ahead
2006-03-02 15:16 <REP> AdobeUM
2006-01-04 20:16 <REP> vlc
2006-01-04 19:27 0 dm.ini
2006-01-04 19:27 2115 AdobeDLM.log
2005-12-16 22:07 <REP> Help
2005-12-12 18:32 <REP> Microsoft Web Folders
2005-11-29 15:21 <REP> Real
2005-11-26 12:38 <REP> Thunderbird
2005-11-23 00:14 <REP> Google
2005-11-23 00:11 <REP> Macromedia
2005-11-22 12:02 <REP> Mozilla
2005-11-22 11:36 <REP> MSN6
2005-11-17 18:51 117064 GDIPFONTCACHEV1.DAT
2005-09-01 17:40 43840 wklnhst.dat
2005-08-29 14:51 <REP> Symantec
2005-07-26 12:16 62 desktop.ini
2005-07-26 12:16 <REP> Microsoft
2005-07-26 12:16 <REP> Sun
2005-07-26 12:16 <REP> Adobe
2005-07-26 12:16 <REP> InterTrust
2005-07-26 12:16 <REP> Identities
2005-07-26 12:16 <REP> ..
2005-07-26 12:16 <REP> .
9 fichier(s) 164613 octets
39 R‚p(s) 55332462592 octets libres
******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 7888-133B
R‚pertoire de C:\WINDOWS\Tasks
2007-03-16 11:00 278 A8C3284A91B4DC1E.job
2005-07-26 11:59 6 SA.DAT
2005-07-26 11:58 <REP> ..
2005-07-26 11:58 <REP> .
1980-01-01 01:00 65 desktop.ini
3 fichier(s) 349 octets
2 R‚p(s) 55,332,462,592 octets libres
******************************************
Recherche dans Program files
C:\Program Files\Bitdownload Présent !
C:\Program Files\Multi_Media_France Présent !
******************************************
Recherche d'infections connues
C:\WINDOWS\system32\csrss.exe Wareout possible ! faux-positif si csrss.exe !
*************** Fin du rapport ****************
Rapport fait à 20:19:26,04 le 11/06/2007
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 7888-133B
R‚pertoire de C:\Documents and Settings\All Users\Application Data
16/04/2007 16:00 <REP> TomTom
16/03/2007 11:00 <REP> That heart amok fast
16/02/2007 11:29 1755 QTSBandwidthCache
27/01/2007 15:25 <REP> TEMP
03/01/2007 12:57 <REP> WinAntiVirus Pro 2006
16/12/2006 13:50 <REP> Macrovision
22/11/2006 12:03 <REP> Adobe
18/11/2006 18:35 <REP> SpinTop Games
30/10/2006 17:11 <REP> Apple Computer
22/10/2006 19:33 <REP> MumboJumbo
03/09/2006 19:43 <REP> HP
03/09/2006 19:29 820 hpzinstall.log
08/07/2006 16:18 <REP> Sandlot Games
08/07/2006 16:01 <REP> PlayFirst
30/06/2006 13:34 <REP> JollyBear
30/06/2006 13:14 <REP> Windows Genuine Advantage
18/01/2006 22:52 <REP> SC Test Branding 1
08/01/2006 17:25 <REP> BOONTY
22/11/2005 11:36 <REP> MSN6
29/08/2005 14:51 <REP> Symantec
26/07/2005 12:08 <REP> CyberLink
26/07/2005 11:52 62 desktop.ini
26/07/2005 11:51 <REP> Microsoft
26/07/2005 11:51 <REP> .
26/07/2005 11:51 <REP> ..
3 fichier(s) 2637 octets
22 R‚p(s) 57516433408 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 7888-133B
R‚pertoire de C:\Documents and Settings\Default User\Application Data
26/07/2005 12:15 <REP> InterTrust
26/07/2005 12:15 <REP> Adobe
26/07/2005 12:15 <REP> Identities
26/07/2005 12:15 <REP> Sun
26/07/2005 11:52 62 desktop.ini
26/07/2005 11:51 <REP> Microsoft
26/07/2005 11:51 <REP> ..
26/07/2005 11:51 <REP> .
1 fichier(s) 62 octets
7 R‚p(s) 57516433408 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 7888-133B
R‚pertoire de C:\Documents and Settings\Propri‚taire
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 7888-133B
R‚pertoire de C:\Documents and Settings\tavaron\Application Data
30/04/2007 19:37 <REP> TribalWeb
16/04/2007 15:58 <REP> InstallShield
16/03/2007 11:00 <REP> BitDownload
16/03/2007 11:00 <REP> Seek Global Ping
15/01/2007 11:45 <REP> dvdcss
04/01/2007 20:01 <REP> Lavasoft
03/01/2007 13:24 694 update.log
03/01/2007 12:57 <REP> WinAntiVirus Pro 2006
09/12/2006 16:04 <REP> Shareaza
24/11/2006 23:41 <REP> Leadertech
13/11/2006 19:24 801 com.kaisakura.ipsp2.plist
13/11/2006 19:24 37 com.kaisakura.ipsp2user.plist
30/10/2006 17:13 <REP> Apple Computer
22/09/2006 19:11 <REP> EoRezo
31/08/2006 12:47 <REP> ATI
23/08/2006 13:57 <REP> MysteryStudio
19/07/2006 22:32 <REP> 7Wonders
14/07/2006 17:27 <REP> pixelStorm
08/07/2006 17:40 <REP> Magic Match
08/07/2006 16:01 <REP> PlayFirst
08/07/2006 14:15 <REP> Beep
01/07/2006 16:07 <REP> Alawar
30/03/2006 19:26 0 sversion.ini
30/03/2006 18:30 <REP> Ahead
02/03/2006 15:16 <REP> AdobeUM
04/01/2006 20:16 <REP> vlc
04/01/2006 19:27 0 dm.ini
04/01/2006 19:27 2115 AdobeDLM.log
16/12/2005 22:07 <REP> Help
12/12/2005 18:32 <REP> Microsoft Web Folders
29/11/2005 15:21 <REP> Real
26/11/2005 12:38 <REP> Thunderbird
23/11/2005 00:14 <REP> Google
23/11/2005 00:11 <REP> Macromedia
22/11/2005 12:02 <REP> Mozilla
22/11/2005 11:36 <REP> MSN6
17/11/2005 18:51 117064 GDIPFONTCACHEV1.DAT
01/09/2005 17:40 43840 wklnhst.dat
29/08/2005 14:51 <REP> Symantec
26/07/2005 12:16 62 desktop.ini
26/07/2005 12:16 <REP> Microsoft
26/07/2005 12:16 <REP> Sun
26/07/2005 12:16 <REP> InterTrust
26/07/2005 12:16 <REP> Adobe
26/07/2005 12:16 <REP> ..
26/07/2005 12:16 <REP> .
26/07/2005 12:16 <REP> Identities
9 fichier(s) 164613 octets
38 R‚p(s) 57516429312 octets libres
******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 7888-133B
R‚pertoire de C:\WINDOWS\Tasks
16/03/2007 11:00 278 A8C3284A91B4DC1E.job
26/07/2005 11:59 6 SA.DAT
26/07/2005 11:58 <REP> ..
26/07/2005 11:58 <REP> .
01/01/1980 01:00 65 desktop.ini
3 fichier(s) 349 octets
2 R‚p(s) 57ÿ516ÿ429ÿ312 octets libres
******************************************
Recherche dans Program files
C:\Program Files\Bitdownload Présent !
C:\Program Files\Multi_Media_France Présent !
******************************************
Recherche d'infections connues
C:\WINDOWS\system32\csrss.exe Wareout possible ! faux-positif si csrss.exe !
*************** Fin du rapport ****************
sa te dit quelque chose!
Reposte un rapport Hijackthis.
Répondre à Angeldark
dernier rapport hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 20:33:52, on 11/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\tavaron\Bureau\mes document julien\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {2BA868A8-DA4F-849C-6FF7-82AD0B0BB4C7} - C:\WINDOWS\system32\csirod.dll (file missing)
O2 - BHO: (no name) - {2BA868A8-DA4F-849C-6FF7-82AD0B0BB4C7} - C:\WINDOWS\system32\csirod.dll (file missing)
O2 - BHO: (no name) - {3C0A21BB-E27C-4463-B325-694BB29238F2} - C:\WINDOWS\system32\mljgd.dll (file missing)
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: (no name) - {7307DA95-B922-4000-997C-B93747D29551} - C:\WINDOWS\system32\geeby.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A4CEB29F-CE87-4832-8A13-7124B81791C7} - C:\WINDOWS\system32\mjlhhprc.dll (file missing)
O4 - HKLM\..\Run: [Windows Process Manager] winproc.exe
O4 - HKLM\..\Run: [REGWIN32] C:\pichx.exe
O4 - HKLM\..\Run: [REGMSYS] C:\klanp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\eoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AmokFastMoveLogo] C:\Documents and Settings\All Users\Application Data\That heart amok fast\1 bird.exe
O4 - HKLM\..\RunServices: [Windows Process Manager] winproc.exe
O4 - HKLM\..\RunServices: [Microsoft Windows 64 Bit] mswin32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Rcre] "C:\WINDOWS\system32\FNTS~1\dexplore.exe" -vt yazb
O4 - HKCU\..\Run: [Ihrcb] C:\Documents and Settings\tavaron\Application Data\s?mbols\w?crtupd.exe
O4 - HKCU\..\Run: [Once Scr] C:\DOCUME~1\tavaron\APPLIC~1\SEEKGL~1\showgram.exe
O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Startup: TribalWeb.net.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: fccddby - fccddby.dll (file missing)
O20 - Winlogon Notify: geeby - C:\WINDOWS\system32\geeby.dll (file missing)
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SC Test Branding Service 1 - SC Test Branding 1 - C:\Program Files\Fichiers communs\SC Test Branding 1 Shared\Service\SCTestService1.exe
O23 - Service: Srv32 - Unknown owner - C:\WINDOWS\system32\srv32.exe (file missing)
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
faut il que je continue a faire quel que chose ou sa te parait bon
Le rapport clean.cmd ?
Répondre à Angeldark
voici le rapport clean.cmd:
11/06/2007 a 20:45:49,81
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\mcrh.tmp FOUND
C:\WINDOWS\system32\SpoonUninstall.exe FOUND
C:\WINDOWS\system32\stera.job FOUND
C:\WINDOWS\system32\winocx.exe FOUND
"C:\Documents and Settings\tavaron\Application Data\WinAntivirus Pro 2006\" FOUND
*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\Fichiers communs\WinAntiVirus Pro 2006\" FOUND
"C:\Program Files\mozilla firefox\components\npclntax.xpt" FOUND
"C:\Program Files\BitDownload" FOUND
"C:\Program Files\Montorgueil\" FOUND
"C:\Program Files\Montorgueil\" FOUND
"C:\Program Files\Multi_Media_France\" FOUND
"C:\Program Files\spyware cleaner\" FOUND
*** Fin du rapport !
le rapport clean parrait pas mal non ou alors je ne sais pas lire un rapport
je ne mis connais pas de trop en informatique
mais franchement les reponses sont rapide et precise sa c'est bien! 
Re,
Fix les lignes en italique ci-dessous avec Hijackthis : AIDE EN IMAGES
R3 - URLSearchHook: (no name) - {2BA868A8-DA4F-849C-6FF7-82AD0B0BB4C7} - C:\WINDOWS\system32\csirod.dll (file missing)
O2 - BHO: (no name) - {2BA868A8-DA4F-849C-6FF7-82AD0B0BB4C7} - C:\WINDOWS\system32\csirod.dll (file missing)
O2 - BHO: (no name) - {3C0A21BB-E27C-4463-B325-694BB29238F2} - C:\WINDOWS\system32\mljgd.dll (file missing)
O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: (no name) - {7307DA95-B922-4000-997C-B93747D29551} - C:\WINDOWS\system32\geeby.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A4CEB29F-CE87-4832-8A13-7124B81791C7} - C:\WINDOWS\system32\mjlhhprc.dll (file missing)
O4 - HKLM\..\Run: [Windows Process Manager] winproc.exe
O4 - HKLM\..\Run: [REGWIN32] C:\pichx.exe
O4 - HKLM\..\Run: [REGMSYS] C:\klanp.exe
O4 - HKLM\..\Run: [AmokFastMoveLogo] C:\Documents and Settings\All Users\Application Data\That heart amok fast\1 bird.exe
O4 - HKLM\..\RunServices: [Windows Process Manager] winproc.exe
O4 - HKLM\..\RunServices: [Microsoft Windows 64 Bit] mswin32.exe
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - HKCU\..\Run: [Rcre] "C:\WINDOWS\system32\FNTS~1\dexplore.exe" -vt yazb
O4 - HKCU\..\Run: [Ihrcb] C:\Documents and Settings\tavaron\Application Data\s?mbols\w?crtupd.exe
O4 - HKCU\..\Run: [Once Scr] C:\DOCUME~1\tavaron\APPLIC~1\SEEKGL~1\showgram.exe
O20 - Winlogon Notify: fccddby - fccddby.dll (file missing)
O20 - Winlogon Notify: geeby - C:\WINDOWS\system32\geeby.dll (file missing)
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
Sélectionne TOUS les emplacements en gras ci-dessous :
C:\Windows\System32\winproc.exe
C:\Windows\System32\mswin32.exe
C:\Program Files\Spyware Cleaner
C:\pichx.exe
C:\klanp.exe
C:\Documents and Settings\All Users\Application Data\That heart amok fast
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006
C:\Documents and Settings\All Users\Application Data\BOONTY
C:\Documents and Settings\tavaron\Application Data\BitDownload
C:\Documents and Settings\tavaron\Application Data\Seek Global Ping
C:\Documents and Settings\tavaron\Application Data\WinAntiVirus Pro 2006
C:\Documents and Settings\tavaron\Application Data\s?mbols
C:\WINDOWS\Tasks\A8C3284A91B4DC1E.job
C:\Program Files\Bitdownload
C:\Program Files\Multi_Media_France
C:\WINDOWS\system32\frxtqlnn.dll
C:\WINDOWS\system32\gporqcfd.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\SpoonUninstall.exe
C:\WINDOWS\system32\stera.job
C:\WINDOWS\system32\winocx.exe
C:\Program Files\Montorgueil
---> Clique-droit puis Copier (ou Ctrl+C)
Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
Clique maintenant sur MoveIt!
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
Informations sur le logiciel<-
Répondre à Angeldark
voici le dernier rapport :
File/Folder not found.
File/Folder C:\Windows\System32\winproc.exe not found.
File/Folder C:\Windows\System32\mswin32.exe not found.
C:\Program Files\Spyware Cleaner\Quarantine moved successfully.
C:\Program Files\Spyware Cleaner\Backup moved successfully.
C:\Program Files\Spyware Cleaner moved successfully.
File/Folder C:\pichx.exe not found.
File/Folder C:\klanp.exe not found.
Folder cleanup failed. C:\Documents and Settings\All Users\Application Data\That heart amok fast scheduled to be deleted on reboot.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006 moved successfully.
C:\Documents and Settings\All Users\Application Data\BOONTY\Licenses moved successfully.
C:\Documents and Settings\All Users\Application Data\BOONTY moved successfully.
C:\Documents and Settings\tavaron\Application Data\BitDownload\Data\TmpDir moved successfully.
C:\Documents and Settings\tavaron\Application Data\BitDownload\Data\LgDir moved successfully.
C:\Documents and Settings\tavaron\Application Data\BitDownload\Data\DataDir moved successfully.
C:\Documents and Settings\tavaron\Application Data\BitDownload\Data\BackUp\LgDir moved successfully.
C:\Documents and Settings\tavaron\Application Data\BitDownload\Data\BackUp\DataDir moved successfully.
C:\Documents and Settings\tavaron\Application Data\BitDownload\Data\BackUp moved successfully.
C:\Documents and Settings\tavaron\Application Data\BitDownload\Data moved successfully.
C:\Documents and Settings\tavaron\Application Data\BitDownload moved successfully.
C:\Documents and Settings\tavaron\Application Data\Seek Global Ping moved successfully.
C:\Documents and Settings\tavaron\Application Data\WinAntiVirus Pro 2006\Logs moved successfully.
C:\Documents and Settings\tavaron\Application Data\WinAntiVirus Pro 2006 moved successfully.
File/Folder C:\Documents and Settings\tavaron\Application Data\s?mbols not found.
C:\WINDOWS\Tasks\A8C3284A91B4DC1E.job moved successfully.
C:\Program Files\Bitdownload\ZM moved successfully.
C:\Program Files\Bitdownload moved successfully.
C:\Program Files\Multi_Media_France moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\frxtqlnn.dll
C:\WINDOWS\system32\frxtqlnn.dll NOT unregistered.
C:\WINDOWS\system32\frxtqlnn.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\gporqcfd.dll
C:\WINDOWS\system32\gporqcfd.dll NOT unregistered.
C:\WINDOWS\system32\gporqcfd.dll moved successfully.
C:\WINDOWS\system32\mcrh.tmp moved successfully.
C:\WINDOWS\system32\SpoonUninstall.exe moved successfully.
C:\WINDOWS\system32\stera.job moved successfully.
C:\WINDOWS\system32\winocx.exe moved successfully.
C:\Program Files\Montorgueil\LiveShow6 moved successfully.
C:\Program Files\Montorgueil moved successfully.
Created on 06/11/2007 21:16:36
Reposte un rapport Hijackthis.
Répondre à Angeldark
voici le dernier rapport hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 21:33:29, on 11/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\tavaron\Bureau\mes document julien\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\eoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Startup: TribalWeb.net.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SC Test Branding Service 1 - SC Test Branding 1 - C:\Program Files\Fichiers communs\SC Test Branding 1 Shared\Service\SCTestService1.exe
O23 - Service: Srv32 - Unknown owner - C:\WINDOWS\system32\srv32.exe (file missing)
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
Ton pc se comporte mieux ?
- Fais un scan en ligne Kaspersky avec Internet Explorer :
- Clique sur
- Clique maintenant sur J'accepte.
- Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
- Patiente pendant l'installation des Mises à jour.
- Choisis par la suite l'analyse du Poste de travail
- Sauvegarde puis colle le rapport généré en fin d'analyse.
AIDE : Tuto sur le scan en ligne
NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
Répondre à Angeldark
salut angeldark
me revoici hier j'ai lacher l'affaire j'en avit mar mais j'ai quand meme installé kaspersky anti virus sur mon pc
c'est une version qui dur 1 mois on verra bien ce que sa donne
et il ma trouvé 5345 fichiers infectées donc j'ai fais un truc comme traité les virus et la je refait un scan pour voir si il m'en retrouve d'autres
vois tu quel que chose d'autre a faire?
il vient de m'en retrouvé 6 pour l'instant j'en suis qua 20% de mon scan
c'est des trojan de type:
win32.Obfuscated.en
win32.BHO.o
Il y a 2866 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
