Impossible d'utiliser Google!!! Help [Résolu] - Sécurité - Virus
Ceci répond-il à votre question ? Oui | Non
Se connecter | Inscription
 

Ajouter une réponse



 Mot :   Pseudo :  
 
Bas de page
Auteur
 Sujet : Impossible d'utiliser Google!!! Help [Résolu]
 
menoud
Profil : IDNaute
Plus d'informations
n°269283
02-01-2008 à 18:26:52

Bonjour,  
 
Voici mon problème, je ne peux plus utiliser google ou meme yahoo, car a chaque fois que je fais une recherche, je suis redirigez vers d'autre site merdique..  
 
Mais le plus souvent c'est marqué search-daily ou encore un truck genre Bankregister  
 
Enfin que des truc inutile et je peux plus faire de recherche..  
 
Je vous ai posté le rapport HiJackThis  
 
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:26:31, on 02.01.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Stephane\Mes documents\Programme\fichier entretien ordinateur\HiJackThis_v2.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.f1-live.com/f1/fr/index.shtml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Dcads Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\dcads_sidebar.dll
O2 - BHO: (no name) - {2152777C-6D86-491D-A4F8-31B62DC3A483} - C:\WINDOWS\system32\avmete.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: dcads - {6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} - C:\WINDOWS\system32\nssB.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6194719E-CD43-4048-955E-EF1D2360D6FB}: NameServer = 212.247.152.6 193.12.150.6
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
 
--
End of file - 7615 bytes
 
Merci de votre aide..


Message édité par menoud le 05-01-2008 à 13:52:31
Liens

Angeldark
Profil : Helper
Plus d'informations
n°269284
02-01-2008 à 18:28:27

Bonjour,

 

Désactive tes protections résidentes (antivirus, Spybot...) !

  • Télécharge Combofix (sUBs) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.


Message édité par Angeldark le 02-01-2008 à 18:28:37

---------------
Prévention & Protection|Les logiciels gratuits|L'homme  du FLCCF
menoud
Profil : IDNaute
Plus d'informations
n°269300
02-01-2008 à 18:44:52

Voici le rapport, c'est qqch d'assez long! Faut etre expert pour comprendre qqch lol!
 
Mais merci bcp c'est super sympa..
 
ComboFix 08-01-02.1 - Stephane 2008-01-02 18:36:45.1 - NTFSx86
Microsoft Windows XP Édition familiale  5.1.2600.2.1252.1.1036.18.577 [GMT 1:00]
Running from: C:\Documents and Settings\Stephane\Bureau\ComboFix.exe
 * Created a new restore point
.
 
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\Documents and Settings\Michel\Bureau\movieland terms.lnk
C:\Documents and Settings\Michel\Bureau\movieland.url
C:\Program Files\knoxgfmh
C:\Program Files\knoxgfmh\khqvozyn.dll
C:\Program Files\mediapipe
C:\Program Files\mediapipe\Agent.dll
C:\Program Files\mediapipe\api.exe
C:\Program Files\mediapipe\install.log
C:\Program Files\mediapipe\MediaPipe.ini
C:\Program Files\mediapipe\p2pinst.exe
C:\Program Files\mediapipe\p2pl.exe
C:\WINDOWS\system32\nssB.dll
 
.
(((((((((((((((((((((((((((((   Fichiers créés 2007-12-02 to 2008-01-02  ))))))))))))))))))))))))))))))))))))
.
 
2008-01-02 18:35 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-31 18:02 . 2007-12-31 18:02 <REP> d-------- C:\Program Files\AxBx
2007-12-27 20:05 . 2007-12-27 20:05 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2007-12-27 19:55 . 2007-12-27 19:57 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-12-27 19:54 . 2006-09-05 17:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-27 19:47 . 2007-12-27 19:47 <REP> d----c--- C:\VundoFix Backups
2007-12-27 18:03 .  19,456  C:\WINDOWS\system32\drivers\pzikyexx.dat
2007-12-27 18:01 . 2007-12-27 18:01 <REP> d-------- C:\Program Files\Dcads Games Collection
2007-12-27 18:01 . 2003-04-24 13:00 84,992 --a------ C:\WINDOWS\system32\avmete.dll
2007-12-27 18:01 . 2007-12-27 21:11 80,097 --a------ C:\WINDOWS\system32\dcads-remove.exe
2007-12-27 18:01 . 2007-12-27 18:10 77,379 --a------ C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
2007-12-27 18:01 . 2007-12-27 18:10 40,731 --a------ C:\WINDOWS\system32\superiorads-uninst.exe
2007-12-27 14:58 . 2007-12-27 15:00 16,826 --ah----- C:\WINDOWS\system32\brdiag.GID
2007-12-27 14:53 . 2007-12-27 14:54 <REP> d-------- C:\Program Files\Brother
2007-12-27 14:29 . 2007-12-27 14:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-27 14:29 . 2007-12-27 14:29 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-24 14:07 . 2007-12-24 14:07 319,488 --a------ C:\WINDOWS\system32\dcads_sidebar.dll
2007-12-17 12:51 . 2000-09-14 01:00 77,824 --a------ C:\WINDOWS\system32\BROSNMP.DLL
2007-12-17 12:51 . 2002-09-19 00:00 73,728 --a------ C:\WINDOWS\system32\brrbtool.exe
2007-12-17 12:51 . 2007-12-27 14:55 13,109 --a------ C:\WINDOWS\HL-1430.INI
2007-12-11 20:41 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-12-11 20:41 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-12-11 20:25 . 2004-08-19 16:09 154,112 --a------ C:\WINDOWS\system32\irftp.exe
2007-12-11 20:25 . 2004-08-19 16:09 154,112 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2007-12-11 20:25 . 2004-08-19 16:09 28,160 --a------ C:\WINDOWS\system32\irmon.dll
2007-12-11 20:25 . 2004-08-19 16:09 28,160 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll
2007-12-11 20:25 . 2004-08-19 16:09 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-12-11 20:25 . 2004-08-19 16:09 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2007-12-10 22:27 . 2007-12-10 22:27 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2007-12-05 17:32 . 2007-12-05 17:32 184 --a------ C:\WINDOWS\system32\brsvc01a.bsi
2007-12-05 17:26 . 2007-12-27 14:55 <REP> d-------- C:\Program Files\Brownie
2007-12-05 17:25 . 2007-12-05 17:25 <REP> d-------- C:\Documents and Settings\Stephane\WINDOWS
2007-12-05 17:25 . 1998-01-23 12:20 305,664 --a------ C:\WINDOWS\IsUn040c.exe
2007-12-05 17:14 . 2003-07-31 02:05 642,944 --------- C:\WINDOWS\system32\drivers\CnxEtU.sys
2007-12-05 17:14 . 2003-07-31 19:01 159,744 --a------ C:\WINDOWS\system32\CnxHwIo.dll
2007-12-05 17:14 . 2002-08-05 22:59 118,784 --a------ C:\WINDOWS\system32\CnxMfdCo.dll
2007-12-05 17:14 . 2001-10-02 22:08 118,784 --a------ C:\WINDOWS\system32\CnxClsCo.dll
2007-12-05 17:14 . 2003-11-02 15:54 108,675 --------- C:\WINDOWS\system32\drivers\CnxTgN.sys
2007-12-05 17:14 . 2003-07-31 02:05 60,288 --------- C:\WINDOWS\system32\drivers\CnxEtP.sys
2007-12-04 23:03 . 2007-12-04 23:03 <REP> d-------- C:\Program Files\EA GAMES
2007-12-04 22:31 . 2007-12-04 22:31 <REP> dr-h-c--- C:\MSOCache
2007-12-03 20:17 . 2007-10-11 00:49 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-03 20:17 . 2007-04-17 10:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-12-03 20:17 . 2007-03-08 06:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-12-03 20:17 . 2007-10-11 00:49 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-03 20:17 . 2007-10-11 00:49 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-03 20:17 . 2007-10-11 00:49 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-03 20:17 . 2007-10-11 00:49 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-03 20:17 . 2007-10-11 00:49 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-03 20:17 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2007-12-03 20:17 . 2007-10-10 11:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-03 18:37 . 2007-07-09 14:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-12-03 17:58 . 2007-12-02 10:34 <REP> d--h----- C:\Documents and Settings\Michel\Voisinage réseau
2007-12-03 17:58 . 2007-12-02 10:34 <REP> d--h----- C:\Documents and Settings\Michel\Voisinage d'impression
2007-12-03 17:58 . 2007-12-02 10:42 <REP> d--h----- C:\Documents and Settings\Michel\Modèles
2007-12-03 17:58 . 2007-12-13 17:49 <REP> dr------- C:\Documents and Settings\Michel\Mes documents
2007-12-03 17:58 . 2007-12-10 20:22 <REP> dr------- C:\Documents and Settings\Michel\Menu Démarrer
2007-12-03 17:58 . 2007-12-13 21:20 <REP> dr------- C:\Documents and Settings\Michel\Favoris
2007-12-03 17:58 . 2008-01-02 18:40 <REP> d-------- C:\Documents and Settings\Michel\Bureau
2007-12-03 17:45 . 2006-10-04 15:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2007-12-03 17:45 . 2006-10-04 15:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2007-12-03 17:45 . 2006-10-04 15:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2007-12-02 23:36 . 2007-12-02 23:36 <REP> d-------- C:\Documents and Settings\LocalService.AUTORITE NT\Menu Démarrer
2007-12-02 21:49 . 2004-08-20 00:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-02 21:47 . 2004-08-19 16:09 452,096 --a------ C:\WINDOWS\system32\fxsapi.dll
2007-12-02 21:47 . 2004-08-19 16:09 452,096 --a--c--- C:\WINDOWS\system32\dllcache\fxsapi.dll
2007-12-02 21:47 . 2004-08-19 16:09 143,360 --a------ C:\WINDOWS\system32\fxsclnt.exe
2007-12-02 21:47 . 2004-08-19 16:09 143,360 --a--c--- C:\WINDOWS\system32\dllcache\fxsclnt.exe
2007-12-02 21:47 . 2004-08-19 16:09 72,192 --a------ C:\WINDOWS\system32\fxscom.dll
2007-12-02 21:47 . 2004-08-19 16:09 72,192 --a--c--- C:\WINDOWS\system32\dllcache\fxscom.dll
2007-12-02 21:43 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002090_.tmp
2007-12-02 21:37 . 2006-05-05 10:41 453,120 -----c--- C:\WINDOWS\system32\dllcache\mrxsmb.sys
2007-12-02 21:37 . 2006-05-05 10:47 174,592 -----c--- C:\WINDOWS\system32\dllcache\rdbss.sys
2007-12-02 21:36 . 2006-08-14 11:34 332,928 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2007-12-02 21:34 . 2003-06-16 10:05 765,952 -ra------ C:\WINDOWS\system\crlds3d.dll
2007-12-02 21:33 . 2006-05-19 14:23 112,128 -----c--- C:\WINDOWS\system32\dllcache\dhcpcsvc.dll
2007-12-02 21:33 . 2006-05-19 14:23 95,744 -----c--- C:\WINDOWS\system32\dllcache\iphlpapi.dll
2007-12-02 21:32 . 2006-08-25 16:51 617,472 -----c--- C:\WINDOWS\system32\dllcache\comctl32.dll
2007-12-02 21:31 . 2006-03-17 01:38 28,672 --------- C:\WINDOWS\system32\verclsid.exe
2007-12-02 21:02 . 2006-02-08 09:44 1,114,674 -ra------ C:\WINDOWS\system32\drivers\ativcaxx.cpa
2007-12-02 21:02 . 2006-06-07 10:07 307,200 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2007-12-02 21:02 . 2006-06-01 06:28 129,112 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2007-12-02 21:02 . 2005-10-14 03:10 58,560 -ra------ C:\WINDOWS\system32\drivers\ativckxx.vp
2007-12-02 21:02 . 2006-06-07 10:28 29,008 -ra------ C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-12-02 21:02 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-12-02 21:02 . 2006-05-31 14:34 6,126 -ra------ C:\WINDOWS\system32\atifglpf.xml
2007-12-02 21:02 . 2006-02-08 09:44 929 -ra------ C:\WINDOWS\system32\drivers\ativcaxx.vp
2007-12-02 20:57 . 2007-12-02 20:57 13,646 --a------ C:\WINDOWS\system32\wpa.bak
2007-12-02 20:53 . 2007-12-31 15:48 49 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-02 20:51 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-12-02 20:51 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-12-02 20:51 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2007-12-02 20:51 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-12-02 20:51 . 2004-08-03 14:00 187,160 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-12-02 20:51 . 2004-08-03 13:59 170,776 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-12-02 20:51 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2007-12-02 20:41 . 2007-12-02 20:41 <REP> d-------- C:\Documents and Settings\Monique\Application Data\Ahead
2007-12-02 20:35 . 2007-12-02 20:35 <REP> d-------- C:\Documents and Settings\Monique\Incomplete
2007-12-02 20:35 . 2007-12-05 19:03 <REP> d-------- C:\Documents and Settings\Monique\Application Data\LimeWire
2007-12-02 20:33 . 2007-12-02 20:33 <REP> d-------- C:\Documents and Settings\Stephane\Incomplete
 
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-27 18:26 --------- d-----w C:\Program Files\Tearoetn
2007-12-10 21:29 --------- d-----w C:\Program Files\QuickTime
2007-12-05 16:26 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-12-02 19:31 --------- d-----w C:\Program Files\Ahead
2007-12-02 19:29 --------- d-----w C:\Program Files\Java
2007-12-01 14:14 --------- d-----w C:\Program Files\PowerArchiver
2007-12-01 13:45 --------- d-----w C:\Program Files\Vstep
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
2007-02-25 21:04 19,864 ----a-w C:\Documents and Settings\Stephane\Application Data\GDIPFONTCACHEV1.DAT
.
 
(((((((((((((((((((((((((((((((((   Point de chargement Reg   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
 
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
2007-12-24 14:07 319488 --a------ C:\WINDOWS\system32\dcads_sidebar.dll
 
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2152777C-6D86-491D-A4F8-31B62DC3A483}]
2003-04-24 13:00 84992 --a------ C:\WINDOWS\system32\avmete.dll
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"CnxDslTaskBar"="C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe" [2003-07-31 19:06 458752]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-10 22:28 155648]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 16:10 110592 C:\WINDOWS\system32\bthprops.cpl]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-12-27 19:55 6731312]
"VirusKeeper"="C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe" [2007-10-24 21:23 2618240]
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
 
R0 wkhzyzbh;wkhzyzbh;C:\WINDOWS\system32\drivers\pzikyexx.dat []
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2003-07-31 02:05]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2003-07-31 02:05]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2003-11-02 15:54]
S3 rtl8029;Pilote NT de carte Realtek PCI Ethernet à base RTL8029(AS);C:\WINDOWS\system32\DRIVERS\RTL8029.SYS [2001-08-17 20:12]
 
*Newly Created Service* - PROCEXP90  
.
**************************************************************************
 
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-02 18:40:29
Windows 5.1.2600 Service Pack 2 NTFS
 
scanning hidden processes ...
 
scanning hidden autostart entries ...
 
scanning hidden files ...
 
scan completed successfully  
hidden files: 0  
 
**************************************************************************
.
Completion time: 2008-01-02 18:41:19
ComboFix-quarantined-files.txt  2008-01-02 17:40:57
.
2007-12-12 13:17:28 --- E O F ---  

Angeldark
Profil : Helper
Plus d'informations
n°269329
02-01-2008 à 20:35:36

Re,
 
Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir
 
Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic


---------------
Prévention & Protection|Les logiciels gratuits|L'homme  du FLCCF
menoud
Profil : IDNaute
Plus d'informations
n°269568
03-01-2008 à 17:21:28

Re,  
 
Alors voici mon rapprt de antivir:
 
AntiVir PersonalEdition Classic
Report file date: jeudi 3 janvier 2008  15:39
 
Scanning for 999937 virus strains and unwanted programs.
 
Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (Service Pack 2)  [5.1.2600]
Username:         SYSTEM
Computer name:    MENOUD
 
Version information:
BUILD.DAT    : 270           15603 Bytes  19.09.2007 13:32:00
AVSCAN.EXE   : 7.0.6.1      290856 Bytes  23.08.2007 13:16:29
AVSCAN.DLL   : 7.0.6.0       49192 Bytes  16.08.2007 12:23:51
LUKE.DLL     : 7.0.5.3      147496 Bytes  14.08.2007 15:32:47
LUKERES.DLL  : 7.0.6.1       10280 Bytes  21.08.2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0    11030528 Bytes  18.07.2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95    3367424 Bytes  14.12.2007 14:37:26
ANTIVIR2.VDF : 7.0.1.170    311296 Bytes  28.12.2007 14:37:26
ANTIVIR3.VDF : 7.0.1.190     81920 Bytes  03.01.2008 14:37:26
AVEWIN32.DLL : 7.6.0.46    3084800 Bytes  03.01.2008 14:37:27
AVWINLL.DLL  : 1.0.0.7       14376 Bytes  26.02.2007 10:36:26
AVPREF.DLL   : 7.0.2.2       25640 Bytes  18.07.2007 07:39:17
AVREP.DLL    : 7.0.0.1      155688 Bytes  16.04.2007 13:16:24
AVPACK32.DLL : 7.6.0.2      360488 Bytes  03.01.2008 14:37:27
AVREG.DLL    : 7.0.1.6       30760 Bytes  18.07.2007 07:17:06
AVARKT.DLL   : 1.0.0.20     278568 Bytes  28.08.2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20      86056 Bytes  18.07.2007 07:10:18
NETNT.DLL    : 7.0.0.0        7720 Bytes  08.03.2007 11:09:42
RCIMAGE.DLL  : 7.0.1.30    2342952 Bytes  07.08.2007 12:38:13
RCTEXT.DLL   : 7.0.62.0      86056 Bytes  21.08.2007 12:50:37
SQLITE3.DLL  : 3.3.17.1     339968 Bytes  23.07.2007 09:37:21
 
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,  
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
 
Start of the scan: jeudi 3 janvier 2008  15:39
 
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'VirusKeeper.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'CnxDslTb.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'BRSS01A.EXE' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'BRSVC01A.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
33 processes with 33 modules were scanned
 
Start scanning boot sectors:
Boot sector 'C:\'
      [NOTE]      No virus was found!
Boot sector 'D:\'
      [NOTE]      No virus was found!
 
Starting to scan the registry.
The registry was scanned ( '19' files ).
 
 
Starting the file scan:
 
Begin scan in 'C:\'
C:\pagefile.sys
      [WARNING]   The file could not be opened!
C:\Documents and Settings\Stephane\Application Data\Sun\Java\Deployment\cache\6.0\32\50c2ce60-3e23df66
  [0] Archive type: ZIP
  --> BnnnnBaa.class
      [DETECTION] Is the Trojan horse TR/Java.Downloader.Gen
  --> VaannnaaBaa.class
      [DETECTION] Is the Trojan horse TR/ClassLoader
      [INFO]      The file was moved to '47dff62a.qua'!
C:\Documents and Settings\Stephane\Mes documents\Incomplete\T-158449152-fifa 2005 full game.zip
  [0] Archive type: ZIP SFX (self extracting)
    --> fifa.ace
      [1] Archive type: ACE
      --> data\feart\campaign\campaign.abg
          [WARNING]   Error creating the file
      --> data\feart\common\common.abg
          [WARNING]   No further files can be extracted from this archive. The archive will be closed
        [WARNING]   No further files can be extracted from this archive. The archive will be closed
C:\QooBox\Quarantine\C\Program Files\knoxgfmh\khqvozyn.dll.vir
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [INFO]      The file was moved to '47ee04bc.qua'!
C:\System Volume Information\_restore{D43BB40E-854D-47E9-81C4-BBB9248FBC9D}\RP57\A0011947.dll
      [DETECTION] Is the Trojan horse TR/Spy.Agent.208896
      [INFO]      The file was moved to '47ad04a9.qua'!
C:\System Volume Information\_restore{D43BB40E-854D-47E9-81C4-BBB9248FBC9D}\RP58\A0011969.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [INFO]      The file was moved to '47ad04ac.qua'!
C:\System Volume Information\_restore{D43BB40E-854D-47E9-81C4-BBB9248FBC9D}\RP64\A0012190.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [INFO]      The file was moved to '47ad04da.qua'!
C:\WINDOWS\system32\avmete.dll
      [DETECTION] Is the Trojan horse TR/BHO.agz.33
      [WARNING]   An error has occurred and the file was not deleted. ErrorID: 16003
      [WARNING]   The file could not be deleted!
Begin scan in 'D:\'
 
 
End of the scan: jeudi 3 janvier 2008  17:08
Used time:  1:29:02 min
 
The scan has been done completely.
 
   6000 Scanning directories
 432682 Files were scanned
      6 viruses and/or unwanted programs were found
      1 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      5 files were moved to quarantine
      0 files were renamed
      1 Files cannot be scanned
 432676 Files not concerned
   1919 Archives were scanned
      5 Warnings
      8 Notes
 
Angeldark
Profil : Helper
Plus d'informations
n°269590
03-01-2008 à 18:29:12

Reposte un rapport Hijackthis.


---------------
Prévention & Protection|Les logiciels gratuits|L'homme  du FLCCF
menoud
Profil : IDNaute
Plus d'informations
n°269638
03-01-2008 à 20:29:14

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:28:56, on 03.01.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Stephane\Mes documents\Programme\fichier entretien ordinateur\HiJackThis_v2.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.f1-live.com/f1/fr/index.shtml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Dcads Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\dcads_sidebar.dll
O2 - BHO: (no name) - {2152777C-6D86-491D-A4F8-31B62DC3A483} - C:\WINDOWS\system32\avmete.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Michel')
O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" (User 'Michel')
O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [MMSystem] c:\windows\rundll32.exe "c:\windows\system32\mmsystem.dll"", RunDll32 (User 'Michel')
O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\Msmsgs.exe" /background (User 'Michel')
O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe (User 'Michel')
O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Michel')
O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [ucqimxgwza] c:\windows\system32\ucqimxgwza.exe ucqimxgwza (User 'Michel')
O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [ibsagypmf] c:\windows\system32\ibsagypmf.exe ibsagypmf (User 'Michel')
O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [zypxuiqa] c:\windows\system32\zypxuiqa.exe zypxuiqa (User 'Michel')
O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [ntslce] c:\windows\system32\ntslce.exe ntslce (User 'Michel')
O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [yxdelcfatm] c:\windows\system32\yxdelcfatm.exe yxdelcfatm (User 'Michel')
O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\Run: [djzbmhrqf] c:\windows\system32\djzbmhrqf.exe djzbmhrqf (User 'Michel')
O4 - HKUS\S-1-5-21-583907252-1454471165-839522115-1005\..\RunServices: [virtual-machine] wini.exe (User 'Michel')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6194719E-CD43-4048-955E-EF1D2360D6FB}: NameServer = 193.12.150.6 212.247.152.6
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
 
--
End of file - 8999 bytes

Angeldark
Profil : Helper
Plus d'informations
n°269642
03-01-2008 à 20:36:19

Re,
 
Télécharge Navilog1.exe (IL-MAFIOSO)
Enregistre-le sur ton Bureau.
Lance l'installation en double cliquant sur navilog.exe.
Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)
 
Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
! N'utilise pas l'option 2, 3 et 4 sans notre accord !
Patiente jusqu'à l'apparition de ce message :
"*** Analyse Termine le ..... ***"
Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste-nous son contenu de cette manière :
 
-> Edition / Sélectionner tout
-> Edition / Copier
-> Clique-Droit / Coller dans ta réponse
 
NOTE : Le rapport se trouve également ici : C:\fixnavi.txt


---------------
Prévention & Protection|Les logiciels gratuits|L'homme  du FLCCF
menoud
Profil : IDNaute
Plus d'informations
n°269655
03-01-2008 à 21:07:38

Voici le rapport!
 
Search Navipromo version 3.3.8 commencé le 03.01.2008 à 20:54:47.82
 
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
 
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 11.12.2007 à 18h00 par IL-MAFIOSO
 
 
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13  
Système de fichiers : NTFS
 
Executé en mode normal
 
*** Recherche Programmes installés ***
 
 
 
 
*** Recherche dossiers dans C:\WINDOWS ***
 
 
 
*** Recherche dossiers dans C:\Program Files ***
 
 
 
*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1 ***
 
 
 
 
*** Recherche dossiers dans "C:\Documents and Settings\Stephane\application data" ***  
 
 
*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1.WIN\MENUDM~1\PROGRA~1 ***
 
 
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
 
Aucun Fichier trouvé
 
 
 
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
 
* Recherche dans C:\WINDOWS\system32 *
 
* Recherche dans "C:\Documents and Settings\Stephane\local settings\application data" *  
 
 
 
*** Recherche fichiers ***  
 
 
 
 
*** Recherche clés spécifiques dans le Registre ***
 
 
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
 
1)Recherche nouveaux fichiers Instant Access :
 
 
2)Recherche Heuristique :
 
* Dans C:\WINDOWS\system32 :
 
 
* Dans "C:\Documents and Settings\Stephane\local settings\application data" :  
 
 
3)Recherche Certificats :
 
Certificat Egroup absent !
 
4)Recherche fichiers connus :
 
 
 
*** Analyse terminée le 03.01.2008 à 21:04:31.46 ***

Angeldark
Profil : Helper
Plus d'informations
n°269656
03-01-2008 à 21:10:58