plus de bureau ni barre des taches
Forum Sécurité - Virus : plus de bureau ni barre des taches
bonjour à tous!
Comme le dit le titre du sujet j'ai un problème avec mon ordinateur (celui de ma cousine plutôt), son bureau a disparu, il n'y a que l'image de fond le clic de droite de marche pas, le bureau semble inactif...
J'ai déjà vu d'autres messages du genre ou ça disait de taper c:\\windows\explorer.exe, je compte le faire pour essayer mais aussi de faire une une analyse hijackthis pour voir si l'ordinateur n'est pas infecté... je vais cet après-midi chez ma cousine et vers 2h30 je posterai le rapport d'erreur et l'évolution avec l'inscription de explorer.exe.
Sur ce, à toute pour ceux qui pourraient m'aider.
merci beaucoup d'avance.
Bonjour,
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Répondre à Angeldark
voici le rapport hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:07:17, on 12/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\windows-kb890830-v1.42-delta.exe
c:\d28654a1ecfa5bc9300bfe\mrtstub.exe
C:\WINDOWS\system32\MRT.exe
C:\Documents and Settings\jeremy\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = France Télécom Câble
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [REV] c:\documents and settings\jeremy\mes documents\jeux\conter\steamapps\fafgremy\counter-strike\Revolution_Script.exe
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Steam] C:\Documents and Settings\jeremy\Mes documents\jeux\Steam.exe -silent
O4 - HKCU\..\Run: [VoipBuster] "C:\program files\voipbuster.com\voipbuster\voipbuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Documents and Settings\jeremy\Bureau\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Documents and Settings\jeremy\Bureau\Titan Poker\casino.exe
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.linkautomatici.com
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.skymasters.biz
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 9656 bytes
Apparemment propre.
Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir
Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic
Répondre à Angeldark
Mais commet j'accède au panneau de configuration pour pouvoir désinstaller avast si je n'ai aps accès au bureau et au menu démarrer, je n'ai pas trouvé. Sinon je ne fais rien avec Hijackthis rien à checkfix?
Tu as regardé mon lien pour désinstaller ?
Répondre à Angeldark
ok j'ai installé antivir et maintenant je fais l'analyse, je poste le rapport ensuite !
Oki 
Répondre à Angeldark
voici le rapport de antivir :
Avira AntiVir Personal
Report file date: vendredi 13 juin 2008 11:53
Scanning for 1329971 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PC
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
ANTIVIR2.VDF : 7.0.4.120 2206720 Bytes 01/06/2008 09:46:57
ANTIVIR3.VDF : 7.0.4.189 361984 Bytes 13/06/2008 09:47:03
Engineversion : 8.1.0.55
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.40 266618 Bytes 13/06/2008 09:47:42
AESCN.DLL : 8.1.0.21 119156 Bytes 13/06/2008 09:47:40
AERDL.DLL : 8.1.0.20 418165 Bytes 13/06/2008 09:47:39
AEPACK.DLL : 8.1.1.5 364918 Bytes 13/06/2008 09:47:34
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 13/06/2008 09:47:27
AEHEUR.DLL : 8.1.0.30 1253750 Bytes 13/06/2008 09:47:24
AEHELP.DLL : 8.1.0.15 115063 Bytes 13/06/2008 09:47:14
AEGEN.DLL : 8.1.0.28 307572 Bytes 13/06/2008 09:47:13
AEEMU.DLL : 8.1.0.6 430451 Bytes 13/06/2008 09:47:09
AECORE.DLL : 8.1.0.31 168310 Bytes 13/06/2008 09:47:06
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: vendredi 13 juin 2008 11:53
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'taskmgr.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'StarWindService.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'pctspk.exe' - '1' Module(s) have been scanned
Scan process 'MSCamS32.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
26 processes with 26 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '32' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\jeremy\bnfijaob.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\hbtwallpaper.exe
[DETECTION] Is the Trojan horse TR/Agent.154032
[NOTE] The file was deleted!
C:\Documents and Settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\2\hbtwallpaper.exe
[DETECTION] Is the Trojan horse TR/Agent.154032
[NOTE] The file was deleted!
C:\Documents and Settings\jeremy\Local Settings\Temp\dllhost.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\jeremy\Mes documents\Nero Burning ROM 6.6.0.8\KeyGen\MultiKeyGen.exe
[DETECTION] Contains detection pattern of a probably damaged sample CC/00233
[NOTE] The file was deleted!
C:\Documents and Settings\mathieu\bnfijaob.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\mathieu\Mes documents\youtube.com
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\utilisateur\bnfijaob.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\utilisateur\Local Settings\Temporary Internet Files\Content.IE5\SXAZW5UB\trace[1].htm
[DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen
[NOTE] The file was deleted!
C:\Program Files\eMule\Incoming\Nero Burning Rom 6.6.0.8 Multilang Incl Keygen.rar
[0] Archive type: RAR
--> Nero Burning ROM 6.6.0.8\KeyGen\MultiKeyGen.exe
[DETECTION] Contains detection pattern of a probably damaged sample CC/00233
[NOTE] The file was deleted!
C:\Program Files\HbTools\HBTV\uninstaller.exe
[DETECTION] Contains detection pattern of the dropper DR/180Solutions.AY.2
[NOTE] The file was deleted!
C:\Program Files\Montorgueil\archives-stars-nues\archives-stars-nues.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/302366
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP708\A0368514.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP708\A0369514.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP708\A0369526.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP708\A0369533.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP709\A0369558.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP709\A0369571.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP710\A0369586.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP710\A0369607.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP710\A0369620.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP711\A0369669.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP711\A0369673.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP711\A0370659.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP711\A0370665.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP712\A0370668.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP712\A0370683.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP713\A0370709.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP714\A0370724.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP714\A0370740.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP715\A0370767.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP715\A0370788.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP716\A0370792.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP716\A0370823.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP717\A0370838.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP717\A0370849.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP718\A0371850.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP718\A0371859.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP718\A0371872.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP718\A0371887.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP719\A0371920.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP719\A0372918.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP719\A0372925.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP720\A0372943.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP720\A0372959.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP721\A0372963.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP721\A0373001.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP722\A0373009.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP722\A0373025.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP722\A0373045.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP723\A0373076.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP723\A0373081.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP724\A0373099.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP724\A0373114.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP725\A0373132.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP726\A0373158.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP726\A0373172.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP727\A0373189.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP727\A0373197.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP728\A0373226.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP728\A0373240.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP729\A0373258.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP729\A0373291.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP729\A0373294.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP729\A0373306.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP730\A0373329.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP730\A0373334.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP730\A0374329.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP750\A0380532.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP750\A0380533.exe
[DETECTION] Is the Trojan horse TR/Agent.154032
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP750\A0380534.exe
[DETECTION] Is the Trojan horse TR/Agent.154032
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP750\A0380535.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP750\A0380536.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP750\A0380537.exe
[DETECTION] Contains detection pattern of the dropper DR/180Solutions.AY.2
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP750\A0380538.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/302366
[NOTE] The file was deleted!
C:\WINDOWS\Downloaded Program Files\AUTO_598_N.exe
[DETECTION] Is the Trojan horse TR/Dialer.HH.557
[NOTE] The file was deleted!
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\AUTO_598_N.exe
[DETECTION] Is the Trojan horse TR/Dialer.HH.557
[NOTE] The file was deleted!
C:\WINDOWS\system32\drivers\dtscsi.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd7533.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\vaxscsi.sys
[WARNING] The file could not be opened!
C:\WINDOWS\Temp\NSIS_Install_WMP.exe
[DETECTION] Contains detection pattern of the dropper DR/Agent.bdo.1
[NOTE] The file was deleted!
C:\WINDOWS\Temp\MT\archives-stars-nues.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/302366
[WARNING] 'Contains detection pattern of the dial-up program DIAL/302366'. This detection is probably an error. Please send us this file immediately for further analysis.
End of the scan: vendredi 13 juin 2008 13:23
Used time: 1:29:28 min
The scan has been done completely.
8608 Scanning directories
353649 Files were scanned
79 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
78 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
6 Files cannot be scanned
353570 Files not concerned
2622 Archives were scanned
7 Warnings
78 Notes
Reposte un rapport Hijackthis.
Répondre à Angeldark
rapport Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:31:13, on 13/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\jeremy\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = France Télécom Câble
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [REV] c:\documents and settings\jeremy\mes documents\jeux\conter\steamapps\fafgremy\counter-strike\Revolution_Script.exe
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Steam] C:\Documents and Settings\jeremy\Mes documents\jeux\Steam.exe -silent
O4 - HKCU\..\Run: [VoipBuster] "C:\program files\voipbuster.com\voipbuster\voipbuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Documents and Settings\jeremy\Bureau\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Documents and Settings\jeremy\Bureau\Titan Poker\casino.exe
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.linkautomatici.com
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.skymasters.biz
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 9396 bytes
Re,
Télécharge DelDomains.inf (de Mike Burgess) sur ton Bureau.
**Si tu utilises FireFox : fais un clic droit sur le lien et choisis "Enregistrer la cible du lien sous..."**
- Fais un clique droit sur le fichier, puis choisis "Installer" du menu contextuel.
- Le script s'installe rapidement et aucune confirmation ne sera affichée à l'écran, ceci est normal.
Répondre à Angeldark
ok et ensuite?
Reposte un rapport Hijackthis.
Répondre à Angeldark
nouveau rapport Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:40:33, on 14/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\jeremy\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = France Télécom Câble
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [REV] c:\documents and settings\jeremy\mes documents\jeux\conter\steamapps\fafgremy\counter-strike\Revolution_Script.exe
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Steam] C:\Documents and Settings\jeremy\Mes documents\jeux\Steam.exe -silent
O4 - HKCU\..\Run: [VoipBuster] "C:\program files\voipbuster.com\voipbuster\voipbuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Documents and Settings\jeremy\Bureau\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Documents and Settings\jeremy\Bureau\Titan Poker\casino.exe
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
--
End of file - 9113 bytes
Encore des soucis ?
Répondre à Angeldark
ben les icones et la barre des taches ne sont toujours pas revenu je ne peux rien faire sur le bureau...
merci encore de ton aide
Gestionnaire des Tâches > Nouvelle tâche > explorer
Répondre à Angeldark
ben désolé mais ça ne marche pas je met explorer, explorer.exe ne marche pas...
Tu as le CD de Windows ?
Télécharge Smitfraudfix (de S!ri).
Enregistre-le sur ton bureau.
Lance SmitfraudFix.exe (le .exe peut ne pas apparaitre).
Choisis l'Option 1 (Recherche)
Poste le premier rapport ici.
**Si le lien ne fonctionne pas, clique ici**
Répondre à Angeldark
rapport Smitfraudfix :
SmitFraudFix v2.324
Rapport fait à 18:10:45,29, 14/06/2008
Executé à partir de C:\Documents and Settings\jeremy\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\jeremy\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\jeremy
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\jeremy\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\jeremy\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: SiS 900-Based PCI Fast Ethernet Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{82381EBB-BFA4-42BF-8E91-E604AF839C0B}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E72828CA-7B0F-4252-8BD1-801A051237BB}: DhcpNameServer=82.216.111.124 82.216.111.125
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F40A3FBE-FFA4-45B7-B642-773B273A908E}: DhcpNameServer=85.68.0.7 85.68.0.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{82381EBB-BFA4-42BF-8E91-E604AF839C0B}: DhcpNameServer=82.216.111.125 82.216.111.123 82.216.111.122 82.216.111.121
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E72828CA-7B0F-4252-8BD1-801A051237BB}: DhcpNameServer=82.216.111.124 82.216.111.125
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F40A3FBE-FFA4-45B7-B642-773B273A908E}: DhcpNameServer=85.68.0.7 85.68.0.8
HKLM\SYSTEM\CS2\Services\Tcpip\..\{82381EBB-BFA4-42BF-8E91-E604AF839C0B}: DhcpNameServer=82.216.111.125 82.216.111.123 82.216.111.122 82.216.111.121
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E72828CA-7B0F-4252-8BD1-801A051237BB}: DhcpNameServer=82.216.111.124 82.216.111.125
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F40A3FBE-FFA4-45B7-B642-773B273A908E}: DhcpNameServer=85.68.0.7 85.68.0.8
HKLM\SYSTEM\CS3\Services\Tcpip\..\{82381EBB-BFA4-42BF-8E91-E604AF839C0B}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E72828CA-7B0F-4252-8BD1-801A051237BB}: DhcpNameServer=82.216.111.124 82.216.111.125
HKLM\SYSTEM\CS3\Services\Tcpip\..\{F40A3FBE-FFA4-45B7-B642-773B273A908E}: DhcpNameServer=85.68.0.7 85.68.0.8
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.125 82.216.111.123 82.216.111.122 82.216.111.121
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.125 82.216.111.123 82.216.111.122 82.216.111.121
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
et non je n'ai pas de cd de windows...
Passe l'option 2 en mode sans échec pour voir.
Répondre à Angeldark
L'analyse n'a pu finir car ça m'a dit que le fichier explorer.exe ne pouvait être trouver, qu'il fallait que je fasse une recherche de ce fichier. Le problème est comment je fais la recherche si je ne peux pas accéder au menu démarrer...
voici quand même le rapport :
SmitFraudFix v2.324
Rapport fait à 15:06:30,03, 15/06/2008
Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{82381EBB-BFA4-42BF-8E91-E604AF839C0B}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E72828CA-7B0F-4252-8BD1-801A051237BB}: DhcpNameServer=82.216.111.124 82.216.111.125
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F40A3FBE-FFA4-45B7-B642-773B273A908E}: DhcpNameServer=85.68.0.7 85.68.0.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{82381EBB-BFA4-42BF-8E91-E604AF839C0B}: DhcpNameServer=82.216.111.125 82.216.111.123 82.216.111.122 82.216.111.121
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E72828CA-7B0F-4252-8BD1-801A051237BB}: DhcpNameServer=82.216.111.124 82.216.111.125
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F40A3FBE-FFA4-45B7-B642-773B273A908E}: DhcpNameServer=85.68.0.7 85.68.0.8
HKLM\SYSTEM\CS2\Services\Tcpip\..\{82381EBB-BFA4-42BF-8E91-E604AF839C0B}: DhcpNameServer=82.216.111.125 82.216.111.123 82.216.111.122 82.216.111.121
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E72828CA-7B0F-4252-8BD1-801A051237BB}: DhcpNameServer=82.216.111.124 82.216.111.125
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F40A3FBE-FFA4-45B7-B642-773B273A908E}: DhcpNameServer=85.68.0.7 85.68.0.8
HKLM\SYSTEM\CS3\Services\Tcpip\..\{82381EBB-BFA4-42BF-8E91-E604AF839C0B}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E72828CA-7B0F-4252-8BD1-801A051237BB}: DhcpNameServer=82.216.111.124 82.216.111.125
HKLM\SYSTEM\CS3\Services\Tcpip\..\{F40A3FBE-FFA4-45B7-B642-773B273A908E}: DhcpNameServer=85.68.0.7 85.68.0.8
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.125 82.216.111.123 82.216.111.122 82.216.111.121
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.125 82.216.111.123 82.216.111.122 82.216.111.121
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Tu as le fichier explorer.exe dans ton System32 ?
Répondre à Angeldark
non justement je ne l'ai pas du tout. (c'est bien juste dans le disque dur(il y en a qu'un)/windows ? car j'ai regardé sur mon ordi et c'est dans windows et pas dans windows/system32, voila donc il n'y ai pas...)
Tu as un autre pc sous la main ?
Répondre à Angeldark
oui j'ai deux autres pc mais vista et non xp je ne sais pas si ça change ou pas.
Tu peux toujours tenter de copier le fichier explorer afin de le mettre sur le pc.
Répondre à Angeldark
re. désolé pour hier je n'étais pas chez moi.
Donc j'ai copier coller l'explorer.exe dans c://windows/ sur le pc ou le bureau n'apparait pas et quand je tente de l'exécuter, cela me dit que ce n'est pas une application win32 valide. J'ai reessayé de faire l'analyse avec smitfraudfix (option 2) mais pareil ça ne finit pas et ça me dit que explorer.exe n'est pas une application valide...
voici quand même le rapport smitfraudfix (option 2) :
SmitFraudFix v2.324
Rapport fait à 10:11:19,46, 17/06/2008
Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{82381EBB-BFA4-42BF-8E91-E604AF839C0B}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E72828CA-7B0F-4252-8BD1-801A051237BB}: DhcpNameServer=82.216.111.124 82.216.111.125
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F40A3FBE-FFA4-45B7-B642-773B273A908E}: DhcpNameServer=85.68.0.7 85.68.0.8
HKLM\SYSTEM\CS1\Services\Tcpip\..\{82381EBB-BFA4-42BF-8E91-E604AF839C0B}: DhcpNameServer=82.216.111.125 82.216.111.123 82.216.111.122 82.216.111.121
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E72828CA-7B0F-4252-8BD1-801A051237BB}: DhcpNameServer=82.216.111.124 82.216.111.125
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F40A3FBE-FFA4-45B7-B642-773B273A908E}: DhcpNameServer=85.68.0.7 85.68.0.8
HKLM\SYSTEM\CS2\Services\Tcpip\..\{82381EBB-BFA4-42BF-8E91-E604AF839C0B}: DhcpNameServer=82.216.111.125 82.216.111.123 82.216.111.122 82.216.111.121
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E72828CA-7B0F-4252-8BD1-801A051237BB}: DhcpNameServer=82.216.111.124 82.216.111.125
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F40A3FBE-FFA4-45B7-B642-773B273A908E}: DhcpNameServer=85.68.0.7 85.68.0.8
HKLM\SYSTEM\CS3\Services\Tcpip\..\{82381EBB-BFA4-42BF-8E91-E604AF839C0B}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E72828CA-7B0F-4252-8BD1-801A051237BB}: DhcpNameServer=82.216.111.124 82.216.111.125
HKLM\SYSTEM\CS3\Services\Tcpip\..\{F40A3FBE-FFA4-45B7-B642-773B273A908E}: DhcpNameServer=85.68.0.7 85.68.0.8
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.125 82.216.111.123 82.216.111.122 82.216.111.121
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.125 82.216.111.123 82.216.111.122 82.216.111.121
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Ce n'est pas un problème d'infection, tu devrais voir dans la section OS.
Répondre à Angeldark
ok je vais reposter le message dans cette partie.
merciencore de ton aide
Bonne chance.
Répondre à Angeldark
merci beaucoup
Il y a 1873 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
