Impossible d'utiliser Google!!! Help [Résolu]
Forum Sécurité - Virus : Impossible d'utiliser Google!!! Help [Résolu]
Bonjour,
Voici mon problème, je ne peux plus utiliser google ou meme yahoo, car a chaque fois que je fais une recherche, je suis redirigez vers d'autre site merdique..
Mais le plus souvent c'est marqué search-daily ou encore un truck genre Bankregister
Enfin que des truc inutile et je peux plus faire de recherche..
Je vous ai posté le rapport HiJackThis
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:26:31, on 02.01.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Stephane\Mes documents\Programme\fichier entretien ordinateur\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.f1-live.com/f1/fr/index.shtml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Dcads Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\dcads_sidebar.dll
O2 - BHO: (no name) - {2152777C-6D86-491D-A4F8-31B62DC3A483} - C:\WINDOWS\system32\avmete.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: dcads - {6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} - C:\WINDOWS\system32\nssB.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6194719E-CD43-4048-955E-EF1D2360D6FB}: NameServer = 212.247.152.6 193.12.150.6
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
--
End of file - 7615 bytes
Merci de votre aide..
Message édité par menoud le 05-01-2008 à 13:52:31
Bonjour,
Désactive tes protections résidentes (antivirus, Spybot...) !
- Télécharge Combofix (sUBs) sur ton Bureau.
- Double clique sur combofix.exe afin de le lancer.
- Tape sur la touche 1 (Yes) pour démarrer le scan.
- Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
Message édité par Angeldark le 02-01-2008 à 18:28:37
Répondre à Angeldark
Voici le rapport, c'est qqch d'assez long! Faut etre expert pour comprendre qqch lol!
Mais merci bcp c'est super sympa..
ComboFix 08-01-02.1 - Stephane 2008-01-02 18:36:45.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.577 [GMT 1:00]
Running from: C:\Documents and Settings\Stephane\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Michel\Bureau\movieland terms.lnk
C:\Documents and Settings\Michel\Bureau\movieland.url
C:\Program Files\knoxgfmh
C:\Program Files\knoxgfmh\khqvozyn.dll
C:\Program Files\mediapipe
C:\Program Files\mediapipe\Agent.dll
C:\Program Files\mediapipe\api.exe
C:\Program Files\mediapipe\install.log
C:\Program Files\mediapipe\MediaPipe.ini
C:\Program Files\mediapipe\p2pinst.exe
C:\Program Files\mediapipe\p2pl.exe
C:\WINDOWS\system32\nssB.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-02 to 2008-01-02 ))))))))))))))))))))))))))))))))))))
.
2008-01-02 18:35 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-31 18:02 . 2007-12-31 18:02 <REP> d-------- C:\Program Files\AxBx
2007-12-27 20:05 . 2007-12-27 20:05 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2007-12-27 19:55 . 2007-12-27 19:57 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-12-27 19:54 . 2006-09-05 17:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-27 19:47 . 2007-12-27 19:47 <REP> d----c--- C:\VundoFix Backups
2007-12-27 18:03 . 19,456 C:\WINDOWS\system32\drivers\pzikyexx.dat
2007-12-27 18:01 . 2007-12-27 18:01 <REP> d-------- C:\Program Files\Dcads Games Collection
2007-12-27 18:01 . 2003-04-24 13:00 84,992 --a------ C:\WINDOWS\system32\avmete.dll
2007-12-27 18:01 . 2007-12-27 21:11 80,097 --a------ C:\WINDOWS\system32\dcads-remove.exe
2007-12-27 18:01 . 2007-12-27 18:10 77,379 --a------ C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
2007-12-27 18:01 . 2007-12-27 18:10 40,731 --a------ C:\WINDOWS\system32\superiorads-uninst.exe
2007-12-27 14:58 . 2007-12-27 15:00 16,826 --ah----- C:\WINDOWS\system32\brdiag.GID
2007-12-27 14:53 . 2007-12-27 14:54 <REP> d-------- C:\Program Files\Brother
2007-12-27 14:29 . 2007-12-27 14:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-27 14:29 . 2007-12-27 14:29 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-24 14:07 . 2007-12-24 14:07 319,488 --a------ C:\WINDOWS\system32\dcads_sidebar.dll
2007-12-17 12:51 . 2000-09-14 01:00 77,824 --a------ C:\WINDOWS\system32\BROSNMP.DLL
2007-12-17 12:51 . 2002-09-19 00:00 73,728 --a------ C:\WINDOWS\system32\brrbtool.exe
2007-12-17 12:51 . 2007-12-27 14:55 13,109 --a------ C:\WINDOWS\HL-1430.INI
2007-12-11 20:41 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-12-11 20:41 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-12-11 20:25 . 2004-08-19 16:09 154,112 --a------ C:\WINDOWS\system32\irftp.exe
2007-12-11 20:25 . 2004-08-19 16:09 154,112 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2007-12-11 20:25 . 2004-08-19 16:09 28,160 --a------ C:\WINDOWS\system32\irmon.dll
2007-12-11 20:25 . 2004-08-19 16:09 28,160 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll
2007-12-11 20:25 . 2004-08-19 16:09 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-12-11 20:25 . 2004-08-19 16:09 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2007-12-10 22:27 . 2007-12-10 22:27 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2007-12-05 17:32 . 2007-12-05 17:32 184 --a------ C:\WINDOWS\system32\brsvc01a.bsi
2007-12-05 17:26 . 2007-12-27 14:55 <REP> d-------- C:\Program Files\Brownie
2007-12-05 17:25 . 2007-12-05 17:25 <REP> d-------- C:\Documents and Settings\Stephane\WINDOWS
2007-12-05 17:25 . 1998-01-23 12:20 305,664 --a------ C:\WINDOWS\IsUn040c.exe
2007-12-05 17:14 . 2003-07-31 02:05 642,944 --------- C:\WINDOWS\system32\drivers\CnxEtU.sys
2007-12-05 17:14 . 2003-07-31 19:01 159,744 --a------ C:\WINDOWS\system32\CnxHwIo.dll
2007-12-05 17:14 . 2002-08-05 22:59 118,784 --a------ C:\WINDOWS\system32\CnxMfdCo.dll
2007-12-05 17:14 . 2001-10-02 22:08 118,784 --a------ C:\WINDOWS\system32\CnxClsCo.dll
2007-12-05 17:14 . 2003-11-02 15:54 108,675 --------- C:\WINDOWS\system32\drivers\CnxTgN.sys
2007-12-05 17:14 . 2003-07-31 02:05 60,288 --------- C:\WINDOWS\system32\drivers\CnxEtP.sys
2007-12-04 23:03 . 2007-12-04 23:03 <REP> d-------- C:\Program Files\EA GAMES
2007-12-04 22:31 . 2007-12-04 22:31 <REP> dr-h-c--- C:\MSOCache
2007-12-03 20:17 . 2007-10-11 00:49 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-03 20:17 . 2007-04-17 10:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-12-03 20:17 . 2007-03-08 06:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-12-03 20:17 . 2007-10-11 00:49 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-03 20:17 . 2007-10-11 00:49 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-03 20:17 . 2007-10-11 00:49 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-03 20:17 . 2007-10-11 00:49 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-03 20:17 . 2007-10-11 00:49 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-03 20:17 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2007-12-03 20:17 . 2007-10-10 11:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-03 18:37 . 2007-07-09 14:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-12-03 17:58 . 2007-12-02 10:34 <REP> d--h----- C:\Documents and Settings\Michel\Voisinage réseau
2007-12-03 17:58 . 2007-12-02 10:34 <REP> d--h----- C:\Documents and Settings\Michel\Voisinage d'impression
2007-12-03 17:58 . 2007-12-02 10:42 <REP> d--h----- C:\Documents and Settings\Michel\Modèles
2007-12-03 17:58 . 2007-12-13 17:49 <REP> dr------- C:\Documents and Settings\Michel\Mes documents
2007-12-03 17:58 . 2007-12-10 20:22 <REP> dr------- C:\Documents and Settings\Michel\Menu Démarrer
2007-12-03 17:58 . 2007-12-13 21:20 <REP> dr------- C:\Documents and Settings\Michel\Favoris
2007-12-03 17:58 . 2008-01-02 18:40 <REP> d-------- C:\Documents and Settings\Michel\Bureau
2007-12-03 17:45 . 2006-10-04 15:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2007-12-03 17:45 . 2006-10-04 15:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2007-12-03 17:45 . 2006-10-04 15:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2007-12-02 23:36 . 2007-12-02 23:36 <REP> d-------- C:\Documents and Settings\LocalService.AUTORITE NT\Menu Démarrer
2007-12-02 21:49 . 2004-08-20 00:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-02 21:47 . 2004-08-19 16:09 452,096 --a------ C:\WINDOWS\system32\fxsapi.dll
2007-12-02 21:47 . 2004-08-19 16:09 452,096 --a--c--- C:\WINDOWS\system32\dllcache\fxsapi.dll
2007-12-02 21:47 . 2004-08-19 16:09 143,360 --a------ C:\WINDOWS\system32\fxsclnt.exe
2007-12-02 21:47 . 2004-08-19 16:09 143,360 --a--c--- C:\WINDOWS\system32\dllcache\fxsclnt.exe
2007-12-02 21:47 . 2004-08-19 16:09 72,192 --a------ C:\WINDOWS\system32\fxscom.dll
2007-12-02 21:47 . 2004-08-19 16:09 72,192 --a--c--- C:\WINDOWS\system32\dllcache\fxscom.dll
2007-12-02 21:43 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002090_.tmp
2007-12-02 21:37 . 2006-05-05 10:41 453,120 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys
2007-12-02 21:37 . 2006-05-05 10:47 174,592 -----c--- C:\WINDOWS\system32\dllcache\rdbss.sys
2007-12-02 21:36 . 2006-08-14 11:34 332,928 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2007-12-02 21:34 . 2003-06-16 10:05 765,952 -ra------ C:\WINDOWS\system\crlds3d.dll
2007-12-02 21:33 . 2006-05-19 14:23 112,128 -----c--- C:\WINDOWS\system32\dllcache\dhcpcsvc.dll
2007-12-02 21:33 . 2006-05-19 14:23 95,744 -----c--- C:\WINDOWS\system32\dllcache\iphlpapi.dll
2007-12-02 21:32 . 2006-08-25 16:51 617,472 -----c--- C:\WINDOWS\system32\dllcache\comctl32.dll
2007-12-02 21:31 . 2006-03-17 01:38 28,672 --------- C:\WINDOWS\system32\verclsid.exe
2007-12-02 21:02 . 2006-02-08 09:44 1,114,674 -ra------ C:\WINDOWS\system32\drivers\ativcaxx.cpa
2007-12-02 21:02 . 2006-06-07 10:07 307,200 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2007-12-02 21:02 . 2006-06-01 06:28 129,112 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2007-12-02 21:02 . 2005-10-14 03:10 58,560 -ra------ C:\WINDOWS\system32\drivers\ativckxx.vp
2007-12-02 21:02 . 2006-06-07 10:28 29,008 -ra------ C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-12-02 21:02 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-12-02 21:02 . 2006-05-31 14:34 6,126 -ra------ C:\WINDOWS\system32\atifglpf.xml
2007-12-02 21:02 . 2006-02-08 09:44 929 -ra------ C:\WINDOWS\system32\drivers\ativcaxx.vp
2007-12-02 20:57 . 2007-12-02 20:57 13,646 --a------ C:\WINDOWS\system32\wpa.bak
2007-12-02 20:53 . 2007-12-31 15:48 49 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-02 20:51 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-12-02 20:51 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-12-02 20:51 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2007-12-02 20:51 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-12-02 20:51 . 2004-08-03 14:00 187,160 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-12-02 20:51 . 2004-08-03 13:59 170,776 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-12-02 20:51 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2007-12-02 20:41 . 2007-12-02 20:41 <REP> d-------- C:\Documents and Settings\Monique\Application Data\Ahead
2007-12-02 20:35 . 2007-12-02 20:35 <REP> d-------- C:\Documents and Settings\Monique\Incomplete
2007-12-02 20:35 . 2007-12-05 19:03 <REP> d-------- C:\Documents and Settings\Monique\Application Data\LimeWire
2007-12-02 20:33 . 2007-12-02 20:33 <REP> d-------- C:\Documents and Settings\Stephane\Incomplete
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-27 18:26 --------- d-----w C:\Program Files\Tearoetn
2007-12-10 21:29 --------- d-----w C:\Program Files\QuickTime
2007-12-05 16:26 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-12-02 19:31 --------- d-----w C:\Program Files\Ahead
2007-12-02 19:29 --------- d-----w C:\Program Files\Java
2007-12-01 14:14 --------- d-----w C:\Program Files\PowerArchiver
2007-12-01 13:45 --------- d-----w C:\Program Files\Vstep
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
2007-02-25 21:04 19,864 ----a-w C:\Documents and Settings\Stephane\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
2007-12-24 14:07 319488 --a------ C:\WINDOWS\system32\dcads_sidebar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2152777C-6D86-491D-A4F8-31B62DC3A483}]
2003-04-24 13:00 84992 --a------ C:\WINDOWS\system32\avmete.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"CnxDslTaskBar"="C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe" [2003-07-31 19:06 458752]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-10 22:28 155648]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 16:10 110592 C:\WINDOWS\system32\bthprops.cpl]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-12-27 19:55 6731312]
"VirusKeeper"="C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe" [2007-10-24 21:23 2618240]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
R0 wkhzyzbh;wkhzyzbh;C:\WINDOWS\system32\drivers\pzikyexx.dat []
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2003-07-31 02:05]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2003-07-31 02:05]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2003-11-02 15:54]
S3 rtl8029;Pilote NT de carte Realtek PCI Ethernet à base RTL8029(AS);C:\WINDOWS\system32\DRIVERS\RTL8029.SYS [2001-08-17 20:12]
*Newly Created Service* - PROCEXP90
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-02 18:40:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-02 18:41:19
ComboFix-quarantined-files.txt 2008-01-02 17:40:57
.
2007-12-12 13:17:28 --- E O F ---
Re,
Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir
Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic
Répondre à Angeldark
Re,
Alors voici mon rapprt de antivir:
AntiVir PersonalEdition Classic
Report file date: jeudi 3 janvier 2008 15:39
Scanning for 999937 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: MENOUD
Version information:
BUILD.DAT : 270 15603 Bytes 19.09.2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23.08.2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16.08.2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14.08.2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21.08.2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18.07.2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14.12.2007 14:37:26
ANTIVIR2.VDF : 7.0.1.170 311296 Bytes 28.12.2007 14:37:26
ANTIVIR3.VDF : 7.0.1.190 81920 Bytes 03.01.2008 14:37:26
AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 03.01.2008 14:37:27
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26.02.2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18.07.2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16.04.2007 13:16:24
AVPACK32.DLL : 7.6.0.2 360488 Bytes 03.01.2008 14:37:27
AVREG.DLL : 7.0.1.6 30760 Bytes 18.07.2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28.08.2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18.07.2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08.03.2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07.08.2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21.08.2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23.07.2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: jeudi 3 janvier 2008 15:39
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'VirusKeeper.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'CnxDslTb.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'BRSS01A.EXE' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'BRSVC01A.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
33 processes with 33 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '19' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Stephane\Application Data\Sun\Java\Deployment\cache\6.0\32\50c2ce60-3e23df66
[0] Archive type: ZIP
--> BnnnnBaa.class
[DETECTION] Is the Trojan horse TR/Java.Downloader.Gen
--> VaannnaaBaa.class
[DETECTION] Is the Trojan horse TR/ClassLoader
[INFO] The file was moved to '47dff62a.qua'!
C:\Documents and Settings\Stephane\Mes documents\Incomplete\T-158449152-fifa 2005 full game.zip
[0] Archive type: ZIP SFX (self extracting)
--> fifa.ace
[1] Archive type: ACE
--> data\feart\campaign\campaign.abg
[WARNING] Error creating the file
--> data\feart\common\common.abg
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\QooBox\Quarantine\C\Program Files\knoxgfmh\khqvozyn.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47ee04bc.qua'!
C:\System Volume Information\_restore{D43BB40E-854D-47E9-81C4-BBB9248FBC9D}\RP57\A0011947.dll
[DETECTION] Is the Trojan horse TR/Spy.Agent.208896
[INFO] The file was moved to '47ad04a9.qua'!
C:\System Volume Information\_restore{D43BB40E-854D-47E9-81C4-BBB9248FBC9D}\RP58\A0011969.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47ad04ac.qua'!
C:\System Volume Information\_restore{D43BB40E-854D-47E9-81C4-BBB9248FBC9D}\RP64\A0012190.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47ad04da.qua'!
C:\WINDOWS\system32\avmete.dll
[DETECTION] Is the Trojan horse TR/BHO.agz.33
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
Begin scan in 'D:\'
End of the scan: jeudi 3 janvier 2008 17:08
Used time: 1:29:02 min
The scan has been done completely.
6000 Scanning directories
432682 Files were scanned
6 viruses and/or unwanted programs were found
1 Files were classified as suspicious:
0 files were deleted
0 files were repaired
5 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
432676 Files not concerned
1919 Archives were scanned
5 Warnings
8 Notes
Reposte un rapport Hijackthis.
Répondre à Angeldark
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:28:56, on 03.01.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Stephane\Mes documents\Programme\fichier entretien ordinateur\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.f1-live.com/f1/fr/index.shtml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Dcads Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\dcads_sidebar.dll
O2 - BHO: (no name) - {2152777C-6D86-491D-A4F8-31B62DC3A483} - C:\WINDOWS\system32\avmete.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Michel')
O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" (User 'Michel')
O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [MMSystem] c:\windows\rundll32.exe "c:\windows\system32\mmsystem.dll"", RunDll32 (User 'Michel')
O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\Msmsgs.exe" /background (User 'Michel')
O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe (User 'Michel')
O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Michel')
O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [ucqimxgwza] c:\windows\system32\ucqimxgwza.exe ucqimxgwza (User 'Michel')
O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [ibsagypmf] c:\windows\system32\ibsagypmf.exe ibsagypmf (User 'Michel')
O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [zypxuiqa] c:\windows\system32\zypxuiqa.exe zypxuiqa (User 'Michel')
O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [ntslce] c:\windows\system32\ntslce.exe ntslce (User 'Michel')
O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [yxdelcfatm] c:\windows\system32\yxdelcfatm.exe yxdelcfatm (User 'Michel')
O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [djzbmhrqf] c:\windows\system32\djzbmhrqf.exe djzbmhrqf (User 'Michel')
O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\RunServices: [virtual-machine] wini.exe (User 'Michel')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6194719E-CD43-4048-955E-EF1D2360D6FB}: NameServer = 193.12.150.6 212.247.152.6
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
--
End of file - 8999 bytes
Re,
Télécharge Navilog1.exe (IL-MAFIOSO)
Enregistre-le sur ton Bureau.
Lance l'installation en double cliquant sur navilog.exe.
Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)
Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
! N'utilise pas l'option 2, 3 et 4 sans notre accord !
Patiente jusqu'à l'apparition de ce message :
"*** Analyse Termine le ..... ***"
Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste-nous son contenu de cette manière :
-> Edition / Sélectionner tout
-> Edition / Copier
-> Clique-Droit / Coller dans ta réponse
NOTE : Le rapport se trouve également ici : C:\fixnavi.txt
Répondre à Angeldark
Voici le rapport!
Search Navipromo version 3.3.8 commencé le 03.01.2008 à 20:54:47.82
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 11.12.2007 à 18h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS
Executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans C:\WINDOWS ***
*** Recherche dossiers dans C:\Program Files ***
*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1 ***
*** Recherche dossiers dans "C:\Documents and Settings\Stephane\application data" ***
*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1.WIN\MENUDM~1\PROGRA~1 ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans C:\WINDOWS\system32 *
* Recherche dans "C:\Documents and Settings\Stephane\local settings\application data" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans C:\WINDOWS\system32 :
* Dans "C:\Documents and Settings\Stephane\local settings\application data" :
3)Recherche Certificats :
Certificat Egroup absent !
4)Recherche fichiers connus :
*** Analyse terminée le 03.01.2008 à 21:04:31.46 ***
Tu peux utiliser la dernière version d'Hijackthis ?
Répondre à Angeldark
Voila, je viens de la telecharger!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:21:48, on 03.01.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Stephane\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search [...] _id=157986
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.f1-live.com/f1/fr/index.shtml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Dcads Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\dcads_sidebar.dll
O2 - BHO: (no name) - {2152777C-6D86-491D-A4F8-31B62DC3A483} - C:\WINDOWS\system32\avmete.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Michel')
O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" (User 'Michel')
O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [MMSystem] c:\windows\rundll32.exe "c:\windows\system32\mmsystem.dll"", RunDll32 (User 'Michel')
O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\Msmsgs.exe" /background (User 'Michel')
O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe (User 'Michel')
O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Michel')
O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [ucqimxgwza] c:\windows\system32\ucqimxgwza.exe ucqimxgwza (User 'Michel')
O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [ibsagypmf] c:\windows\system32\ibsagypmf.exe ibsagypmf (User 'Michel')
O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [zypxuiqa] c:\windows\system32\zypxuiqa.exe zypxuiqa (User 'Michel')
O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [ntslce] c:\windows\system32\ntslce.exe ntslce (User 'Michel')
O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [yxdelcfatm] c:\windows\system32\yxdelcfatm.exe yxdelcfatm (User 'Michel')
O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [djzbmhrqf] c:\windows\system32\djzbmhrqf.exe djzbmhrqf (User 'Michel')
O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\RunServices: [virtual-machine] wini.exe (User 'Michel')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6194719E-CD43-4048-955E-EF1D2360D6FB}: NameServer = 193.12.150.6 212.247.152.6
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
--
End of file - 7587 bytes
Re,
Fix les lignes dans le cadre ci-dessous avec Hijackthis : AIDE EN IMAGES
O2 - BHO: Dcads Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\dcads_sidebar.dll
|
Supprime :
C:\WINDOWS\system32\dcads_sidebar.dll
Répondre à Angeldark
Je pense que j'ai réussi ce que tu m'as demandé!
Cependant, je ne suis pas parvenu a supprimer manuellement le fichier
C:\WINDOWS\system32\dcads_sidebar.dll
simplement pcq il n'existe plus! ou du moins introuvable dans le systeme mais apres le travail fait avec HiJackThis!
Par contre, il y a encore ces deux fichier qui ressemble:
C:\WINDOWS\system32\dcads_sidebar_uninstall
C:\WINDOWS\system32\dcads-remove
Bon j'y ai pas toucher par précaution..
Et re-voisi un rapport! encore merci pour tout, tu est en train de me sauver!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:45:01, on 03.01.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Stephane\LOCALS~1\Temp\Répertoire temporaire 3 pour HiJackThis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search [...] _id=157986
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.f1-live.com/f1/fr/index.shtml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {2152777C-6D86-491D-A4F8-31B62DC3A483} - C:\WINDOWS\system32\avmete.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Michel')
O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" (User 'Michel')
O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [MMSystem] c:\windows\rundll32.exe "c:\windows\system32\mmsystem.dll"", RunDll32 (User 'Michel')
O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\Msmsgs.exe" /background (User 'Michel')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6194719E-CD43-4048-955E-EF1D2360D6FB}: NameServer = 193.12.150.6 212.247.152.6
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
--
End of file - 6171 bytes
Supprime les deux fichier puis fix cette ligne :
O2 - BHO: (no name) - {2152777C-6D86-491D-A4F8-31B62DC3A483} - C:\WINDOWS\system32\avmete.dll (file missing)
Répondre à Angeldark
C'est bizarre le fichier que tu m'as demander de supprimer du rapport HiJackThis revient a chaque fois...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:24:17, on 03.01.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Stephane\LOCALS~1\Temp\Répertoire temporaire 6 pour HiJackThis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search [...] _id=157986
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.f1-live.com/f1/fr/index.shtml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {2152777C-6D86-491D-A4F8-31B62DC3A483} - C:\WINDOWS\system32\avmete.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Michel')
O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" (User 'Michel')
O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [MMSystem] c:\windows\rundll32.exe "c:\windows\system32\mmsystem.dll"", RunDll32 (User 'Michel')
O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\Msmsgs.exe" /background (User 'Michel')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6194719E-CD43-4048-955E-EF1D2360D6FB}: NameServer = 193.12.150.6 212.247.152.6
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
--
End of file - 6114 bytes
Tu as essayé en sans échec ?
Répondre à Angeldark
je viens de le faire.. meme en sans échec il revient.. ou plutot ne s'efface pas..
Pcq la procédure marche très bien mais dès que je fais un scan juste après et bien il est a nouveau la..
Est-il très important comme fichier?
Ok, refais un scan Combofix.
Répondre à Angeldark
ComboFix 08-01-02.1 - Stephane 2008-01-03 23:01:14.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.686 [GMT 1:00]
Running from: C:\Documents and Settings\Stephane\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-03 to 2008-01-03 ))))))))))))))))))))))))))))))))))))
.
2008-01-03 23:00 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-03 20:53 . 2008-01-03 21:05 <REP> d-------- C:\Program Files\Navilog1
2008-01-03 15:35 . 2008-01-03 15:35 <REP> d-------- C:\Program Files\Avira
2008-01-03 15:35 . 2008-01-03 15:35 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
2007-12-31 18:02 . 2007-12-31 18:02 <REP> d-------- C:\Program Files\AxBx
2007-12-27 20:05 . 2007-12-27 20:05 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2007-12-27 19:55 . 2007-12-27 19:57 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-12-27 19:54 . 2006-09-05 17:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-27 19:47 . 2007-12-27 19:47 <REP> d----c--- C:\VundoFix Backups
2007-12-27 18:03 . 19,456 C:\WINDOWS\system32\drivers\pzikyexx.dat
2007-12-27 18:01 . 2007-12-27 18:01 <REP> d-------- C:\Program Files\Dcads Games Collection
2007-12-27 18:01 . 2007-12-27 18:10 40,731 --a------ C:\WINDOWS\system32\superiorads-uninst.exe
2007-12-27 14:58 . 2007-12-27 15:00 16,826 --ah----- C:\WINDOWS\system32\brdiag.GID
2007-12-27 14:53 . 2007-12-27 14:54 <REP> d-------- C:\Program Files\Brother
2007-12-27 14:29 . 2007-12-27 14:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-27 14:29 . 2007-12-27 14:29 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-17 12:51 . 2000-09-14 01:00 77,824 --a------ C:\WINDOWS\system32\BROSNMP.DLL
2007-12-17 12:51 . 2002-09-19 00:00 73,728 --a------ C:\WINDOWS\system32\brrbtool.exe
2007-12-17 12:51 . 2007-12-27 14:55 13,109 --a------ C:\WINDOWS\HL-1430.INI
2007-12-11 20:41 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-12-11 20:41 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-12-11 20:25 . 2004-08-19 16:09 154,112 --a------ C:\WINDOWS\system32\irftp.exe
2007-12-11 20:25 . 2004-08-19 16:09 154,112 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2007-12-11 20:25 . 2004-08-19 16:09 28,160 --a------ C:\WINDOWS\system32\irmon.dll
2007-12-11 20:25 . 2004-08-19 16:09 28,160 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll
2007-12-11 20:25 . 2004-08-19 16:09 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-12-11 20:25 . 2004-08-19 16:09 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2007-12-10 22:27 . 2007-12-10 22:27 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2007-12-05 17:32 . 2007-12-05 17:32 184 --a------ C:\WINDOWS\system32\brsvc01a.bsi
2007-12-05 17:26 . 2007-12-27 14:55 <REP> d-------- C:\Program Files\Brownie
2007-12-05 17:25 . 2007-12-05 17:25 <REP> d-------- C:\Documents and Settings\Stephane\WINDOWS
2007-12-05 17:25 . 1998-01-23 12:20 305,664 --a------ C:\WINDOWS\IsUn040c.exe
2007-12-05 17:14 . 2003-07-31 02:05 642,944 --------- C:\WINDOWS\system32\drivers\CnxEtU.sys
2007-12-05 17:14 . 2003-07-31 19:01 159,744 --a------ C:\WINDOWS\system32\CnxHwIo.dll
2007-12-05 17:14 . 2002-08-05 22:59 118,784 --a------ C:\WINDOWS\system32\CnxMfdCo.dll
2007-12-05 17:14 . 2001-10-02 22:08 118,784 --a------ C:\WINDOWS\system32\CnxClsCo.dll
2007-12-05 17:14 . 2003-11-02 15:54 108,675 --------- C:\WINDOWS\system32\drivers\CnxTgN.sys
2007-12-05 17:14 . 2003-07-31 02:05 60,288 --------- C:\WINDOWS\system32\drivers\CnxEtP.sys
2007-12-04 23:03 . 2007-12-04 23:03 <REP> d-------- C:\Program Files\EA GAMES
2007-12-04 22:31 . 2007-12-04 22:31 <REP> dr-h-c--- C:\MSOCache
2007-12-03 20:17 . 2007-10-11 00:49 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-03 20:17 . 2007-04-17 10:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-12-03 20:17 . 2007-03-08 06:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-12-03 20:17 . 2007-10-11 00:49 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-03 20:17 . 2007-10-11 00:49 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-03 20:17 . 2007-10-11 00:49 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-03 20:17 . 2007-10-11 00:49 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-03 20:17 . 2007-10-11 00:49 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-03 20:17 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2007-12-03 20:17 . 2007-10-10 11:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-03 18:37 . 2007-07-09 14:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-12-03 17:58 . 2007-12-02 10:34 <REP> d--h----- C:\Documents and Settings\Michel\Voisinage réseau
2007-12-03 17:58 . 2007-12-02 10:34 <REP> d--h----- C:\Documents and Settings\Michel\Voisinage d'impression
2007-12-03 17:58 . 2007-12-02 10:42 <REP> d--h----- C:\Documents and Settings\Michel\Modèles
2007-12-03 17:58 . 2007-12-13 17:49 <REP> dr------- C:\Documents and Settings\Michel\Mes documents
2007-12-03 17:58 . 2007-12-10 20:22 <REP> dr------- C:\Documents and Settings\Michel\Menu Démarrer
2007-12-03 17:58 . 2007-12-13 21:20 <REP> dr------- C:\Documents and Settings\Michel\Favoris
2007-12-03 17:58 . 2008-01-02 18:40 <REP> d-------- C:\Documents and Settings\Michel\Bureau
2007-12-03 17:45 . 2006-10-04 15:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2007-12-03 17:45 . 2006-10-04 15:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2007-12-03 17:45 . 2006-10-04 15:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-27 18:26 --------- d-----w C:\Program Files\Tearoetn
2007-12-27 16:30 --------- d-----w C:\Documents and Settings\Stephane\Application Data\LimeWire
2007-12-10 21:29 --------- d-----w C:\Program Files\QuickTime
2007-12-05 18:03 --------- d-----w C:\Documents and Settings\Monique\Application Data\LimeWire
2007-12-05 16:26 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-02 19:41 --------- d-----w C:\Documents and Settings\Monique\Application Data\Ahead
2007-12-02 19:31 --------- d-----w C:\Program Files\Ahead
2007-12-02 19:29 --------- d-----w C:\Program Files\Java
2007-12-01 14:14 --------- d-----w C:\Program Files\PowerArchiver
2007-12-01 13:45 --------- d-----w C:\Program Files\Vstep
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
2007-02-25 21:04 19,864 ----a-w C:\Documents and Settings\Stephane\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((( snapshot@2008-01-02_18.40.41.10 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-27 14:15:14 593,920 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-01-02 18:51:47 593,920 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2007-12-27 14:15:14 12,288 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-01-02 18:51:48 12,288 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2007-12-27 14:15:14 86,016 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-01-02 18:51:48 86,016 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2007-12-27 14:15:14 135,168 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-01-02 18:51:47 135,168 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-12-27 14:15:14 11,264 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-01-02 18:51:48 11,264 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-12-27 14:15:14 27,136 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-01-02 18:51:48 27,136 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-12-27 14:15:14 4,096 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-01-02 18:51:49 4,096 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2007-12-27 14:15:14 794,624 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-01-02 18:51:49 794,624 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-12-27 14:15:14 249,856 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-01-02 18:51:47 249,856 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-12-27 14:15:14 61,440 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-01-02 18:51:47 61,440 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2007-12-27 14:15:14 23,040 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-01-02 18:51:49 23,040 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-12-27 14:15:14 286,720 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-01-02 18:51:47 286,720 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-12-27 14:15:13 409,600 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-01-02 18:51:46 409,600 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-01-03 14:24:58 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NtUser.dat
+ 2007-08-09 12:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2007-07-18 13:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-01-03 14:37:27 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 09:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2152777C-6D86-491D-A4F8-31B62DC3A483}]
C:\WINDOWS\system32\avmete.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"CnxDslTaskBar"="C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe" [2003-07-31 19:06 458752]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-10 22:28 155648]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 16:10 110592 C:\WINDOWS\system32\bthprops.cpl]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-12-27 19:55 6731312]
"VirusKeeper"="C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe" [2007-10-24 21:23 2618240]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
R0 wkhzyzbh;wkhzyzbh;C:\WINDOWS\system32\drivers\pzikyexx.dat []
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2003-07-31 02:05]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2003-07-31 02:05]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2003-11-02 15:54]
S3 rtl8029;Pilote NT de carte Realtek PCI Ethernet à base RTL8029(AS);C:\WINDOWS\system32\DRIVERS\RTL8029.SYS [2001-08-17 20:12]
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-03 23:04:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-03 23:05:18
ComboFix-quarantined-files.txt 2008-01-03 22:05:02
ComboFix2.txt 2008-01-02 17:41:20
.
2007-12-12 13:17:28 --- E O F ---
Re,
Désactive tes protections résidentes (antivirus...) !
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Driver::
|
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.
Répondre à Angeldark
alors la, je suis bluffé.. je comprend pas tout je doit dire mais je crois qu'il est parti..
HiJackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:18:56, on 03.01.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\DOCUME~1\Stephane\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.f1-live.com/f1/fr/index.shtml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6194719E-CD43-4048-955E-EF1D2360D6FB}: NameServer = 193.12.150.6 212.247.152.6
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
--
End of file - 5233 bytes
Combofix:
ComboFix 08-01-02.1 - Stephane 2008-01-03 23:11:42.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.650 [GMT 1:00]
Running from: C:\Documents and Settings\Stephane\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Stephane\Bureau\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\system32\avmete.dll
C:\WINDOWS\system32\drivers\pzikyexx.dat
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\pzikyexx.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_WKHZYZBH
-------\wkhzyzbh
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-03 to 2008-01-03 ))))))))))))))))))))))))))))))))))))
.
2008-01-03 23:00 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-03 20:53 . 2008-01-03 21:05 <REP> d-------- C:\Program Files\Navilog1
2008-01-03 15:35 . 2008-01-03 15:35 <REP> d-------- C:\Program Files\Avira
2008-01-03 15:35 . 2008-01-03 15:35 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
2007-12-31 18:02 . 2007-12-31 18:02 <REP> d-------- C:\Program Files\AxBx
2007-12-27 20:05 . 2007-12-27 20:05 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2007-12-27 19:55 . 2007-12-27 19:57 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-12-27 19:54 . 2006-09-05 17:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-27 19:47 . 2007-12-27 19:47 <REP> d----c--- C:\VundoFix Backups
2007-12-27 18:01 . 2007-12-27 18:01 <REP> d-------- C:\Program Files\Dcads Games Collection
2007-12-27 18:01 . 2007-12-27 18:10 40,731 --a------ C:\WINDOWS\system32\superiorads-uninst.exe
2007-12-27 14:58 . 2007-12-27 15:00 16,826 --ah----- C:\WINDOWS\system32\brdiag.GID
2007-12-27 14:53 . 2007-12-27 14:54 <REP> d-------- C:\Program Files\Brother
2007-12-27 14:29 . 2007-12-27 14:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-27 14:29 . 2007-12-27 14:29 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-17 12:51 . 2000-09-14 01:00 77,824 --a------ C:\WINDOWS\system32\BROSNMP.DLL
2007-12-17 12:51 . 2002-09-19 00:00 73,728 --a------ C:\WINDOWS\system32\brrbtool.exe
2007-12-17 12:51 . 2007-12-27 14:55 13,109 --a------ C:\WINDOWS\HL-1430.INI
2007-12-11 20:41 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-12-11 20:41 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-12-11 20:25 . 2004-08-19 16:09 154,112 --a------ C:\WINDOWS\system32\irftp.exe
2007-12-11 20:25 . 2004-08-19 16:09 154,112 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2007-12-11 20:25 . 2004-08-19 16:09 28,160 --a------ C:\WINDOWS\system32\irmon.dll
2007-12-11 20:25 . 2004-08-19 16:09 28,160 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll
2007-12-11 20:25 . 2004-08-19 16:09 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-12-11 20:25 . 2004-08-19 16:09 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2007-12-10 22:27 . 2007-12-10 22:27 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2007-12-05 17:32 . 2007-12-05 17:32 184 --a------ C:\WINDOWS\system32\brsvc01a.bsi
2007-12-05 17:26 . 2007-12-27 14:55 <REP> d-------- C:\Program Files\Brownie
2007-12-05 17:25 . 2007-12-05 17:25 <REP> d-------- C:\Documents and Settings\Stephane\WINDOWS
2007-12-05 17:25 . 1998-01-23 12:20 305,664 --a------ C:\WINDOWS\IsUn040c.exe
2007-12-05 17:14 . 2003-07-31 02:05 642,944 --------- C:\WINDOWS\system32\drivers\CnxEtU.sys
2007-12-05 17:14 . 2003-07-31 19:01 159,744 --a------ C:\WINDOWS\system32\CnxHwIo.dll
2007-12-05 17:14 . 2002-08-05 22:59 118,784 --a------ C:\WINDOWS\system32\CnxMfdCo.dll
2007-12-05 17:14 . 2001-10-02 22:08 118,784 --a------ C:\WINDOWS\system32\CnxClsCo.dll
2007-12-05 17:14 . 2003-11-02 15:54 108,675 --------- C:\WINDOWS\system32\drivers\CnxTgN.sys
2007-12-05 17:14 . 2003-07-31 02:05 60,288 --------- C:\WINDOWS\system32\drivers\CnxEtP.sys
2007-12-04 23:03 . 2007-12-04 23:03 <REP> d-------- C:\Program Files\EA GAMES
2007-12-04 22:31 . 2007-12-04 22:31 <REP> dr-h-c--- C:\MSOCache
2007-12-03 20:17 . 2007-10-11 00:49 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-03 20:17 . 2007-04-17 10:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-12-03 20:17 . 2007-03-08 06:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-12-03 20:17 . 2007-10-11 00:49 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-03 20:17 . 2007-10-11 00:49 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-03 20:17 . 2007-10-11 00:49 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-03 20:17 . 2007-10-11 00:49 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-03 20:17 . 2007-10-11 00:49 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-03 20:17 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2007-12-03 20:17 . 2007-10-10 11:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-03 18:37 . 2007-07-09 14:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-12-03 17:58 . 2007-12-02 10:34 <REP> d--h----- C:\Documents and Settings\Michel\Voisinage r‚seau
2007-12-03 17:58 . 2007-12-02 10:34 <REP> d--h----- C:\Documents and Settings\Michel\Voisinage d'impression
2007-12-03 17:58 . 2007-12-02 10:42 <REP> d--h----- C:\Documents and Settings\Michel\ModŠles
2007-12-03 17:58 . 2007-12-13 17:49 <REP> dr------- C:\Documents and Settings\Michel\Mes documents
2007-12-03 17:58 . 2007-12-10 20:22 <REP> dr------- C:\Documents and Settings\Michel\Menu D‚marrer
2007-12-03 17:58 . 2007-12-13 21:20 <REP> dr------- C:\Documents and Settings\Michel\Favoris
2007-12-03 17:58 . 2008-01-02 18:40 <REP> d-------- C:\Documents and Settings\Michel\Bureau
2007-12-03 17:45 . 2006-10-04 15:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2007-12-03 17:45 . 2006-10-04 15:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2007-12-03 17:45 . 2006-10-04 15:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-27 18:26 --------- d-----w C:\Program Files\Tearoetn
2007-12-27 16:30 --------- d-----w C:\Documents and Settings\Stephane\Application Data\LimeWire
2007-12-10 21:29 --------- d-----w C:\Program Files\QuickTime
2007-12-05 18:03 --------- d-----w C:\Documents and Settings\Monique\Application Data\LimeWire
2007-12-05 16:26 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-02 19:41 --------- d-----w C:\Documents and Settings\Monique\Application Data\Ahead
2007-12-02 19:31 --------- d-----w C:\Program Files\Ahead
2007-12-02 19:29 --------- d-----w C:\Program Files\Java
2007-12-01 14:14 --------- d-----w C:\Program Files\PowerArchiver
2007-12-01 13:45 --------- d-----w C:\Program Files\Vstep
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-02-25 21:04 19,864 ----a-w C:\Documents and Settings\Stephane\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((( snapshot_2008-01-03_23.04.44.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"CnxDslTaskBar"="C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe" [2003-07-31 19:06 458752]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-10 22:28 155648]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 16:10 110592 C:\WINDOWS\system32\bthprops.cpl]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-12-27 19:55 6731312]
"VirusKeeper"="C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe" [2007-10-24 21:23 2618240]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2003-07-31 02:05]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2003-07-31 02:05]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2003-11-02 15:54]
S3 rtl8029;Pilote NT de carte Realtek PCI Ethernet à base RTL8029(AS);C:\WINDOWS\system32\DRIVERS\RTL8029.SYS [2001-08-17 20:12]
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-03 23:15:26
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-03 23:18:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-03 22:18:23
ComboFix2.txt 2008-01-03 22:05:18
ComboFix3.txt 2008-01-02 17:41:20
.
2007-12-12 13:17:28 --- E O F ---
Tu as encore des soucis ? 
Répondre à Angeldark
Non je viens de controler, tout marche à la perfection..
T'es un vrai chef et je te remercie beaucoup pour ton aide!
Il me reste plus q'a mettre que mon problème est résolu mais je sais pas comment faire lol.. je vais chercher
Encore merci Angeldark!
Bonne continuation
- Télécharge ToolsCleaner sur ton Bureau.
- Clique sur Recherche et laisse le scan se terminer.
- Clique sur Suppression pour finaliser.
- Clique sur Quitter, pour que le rapport puisse se créer.
- Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\)
Désactive puis réactive la restauration du système : Voir aide
Ajoute maintenant [Résolu] au titre. Pour cela :
* Clique, dans ton premier message, sur le bouton "Editer" 
* Rajoute la mention [Résolu] au titre
* Clique ensuite sur "Valider votre message"
Lis le dossier dossier sur la prévention et la protection pour ne plus avoir ce genre de problème en cliquant sur l'image ci-dessous :
Répondre à Angeldark
-->- Recherche:
C:\Vundofix backups: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\Stephane\Mes documents\Programme\fichier entretien ordinateur\fsbl.exe: trouvé !
C:\Documents and Settings\Stephane\Mes documents\Programme\fichier entretien ordinateur\Navilog1.exe: trouvé !
C:\Documents and Settings\Stephane\Mes documents\Programme\fichier entretien ordinateur\Navilog1.lnk: trouvé !
C:\Documents and Settings\Stephane\Mes documents\Programme\fichier entretien ordinateur\vundoFix.exe: trouvé !
C:\Documents and Settings\Stephane\Recent\HijackThis.lnk: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Logitech\iTouch\Drivers\Clean: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !
C:\QooBox\Quarantine\C\Combofix: trouvé !
---------------------------------
-->- Suppression:
C:\Documents and Settings\Stephane\Mes documents\Programme\fichier entretien ordinateur\fsbl.exe: supprimé !
C:\Documents and Settings\Stephane\Mes documents\Programme\fichier entretien ordinateur\Navilog1.exe: supprimé !
C:\Documents and Settings\Stephane\Mes documents\Programme\fichier entretien ordinateur\Navilog1.lnk: supprimé !
C:\Documents and Settings\Stephane\Mes documents\Programme\fichier entretien ordinateur\vundoFix.exe: supprimé !
C:\Documents and Settings\Stephane\Recent\HijackThis.lnk: supprimé !
C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\Vundofix backups: supprimé !
C:\Qoobox: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Program Files\Logitech\iTouch\Drivers\Clean: supprimé !
Il y a 2642 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
