Aller au contenu

Fracoutu

Membres
  • Compteur de contenus

    40
  • Inscription

  • Dernière visite

Tout ce qui a été posté par Fracoutu

  1. Ah ben tiens..du nouveau : antivir me signale à nouveau la présence de TR/Crypt.XPACK.Gen... Il me l'avait d'ailleurs signalé à la fin de la première analyse, pendant que SDFix "rechargeait" le bureau...et je n'avais pas donné suite, pensant qu'il valait mieux que je n'intervienne pas pendant le travail de SDFix et que celui ci faisait son boulot.. Après avoir fait tout ça, que TR/Crypt.XPACK.Gen... soit encore là...quelque chose m'échappe...?
  2. Merci, ça devient bon ! Voila donc le rapport DSS, ci dessous...mais ce n'était pas un oubli : je n'ai pas exécuté le point n°3 ... parce que je n'avais pas pu exécuter le point n°2 : ligne F2-REG...etc .. introuvable dans le rapport hijackthis, et comme je suis bête et discipliné (ça vaut mieux pour moi vu ma connaissance de la chose...) et que je fais les choses dans l'ordre où elles me sont demandées, je n'ai donc pas été plus loin. En tout cas, merci encore !... Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professionnel (build 2600) SP 2.0 Architecture: X86; Language: French CPU 0: AMD Athlon XP 2800+ Percentage of Memory in Use: 50% Physical Memory (total/avail): 511.53 MiB / 253.53 MiB Pagefile Memory (total/avail): 1249.5 MiB / 974.88 MiB Virtual Memory (total/avail): 2047.88 MiB / 1923.92 MiB A: is Removable (No Media) D: is Removable (No Media) E: is Removable (No Media) F: is Removable (No Media) H: is CDROM (No Media) I: is Fixed (NTFS) - 58.59 GiB total, 14.72 GiB free. J: is Fixed (Unformatted) - 0 GiB total, 0 GiB free. K: is Removable (No Media) \\.\PHYSICALDRIVE0 - MAXTOR STM3160212A - 149.05 GiB - 2 partitions \PARTITION0 (bootable) - Système de fichiers installable - 58.59 GiB - I: \PARTITION1 - Étendu avec Inter. 13 étendue - 90.45 GiB - J: \\.\PHYSICALDRIVE1 - Generic STORAGE DEVICE USB Device \\.\PHYSICALDRIVE2 - Generic STORAGE DEVICE USB Device \\.\PHYSICALDRIVE3 - Generic STORAGE DEVICE USB Device \\.\PHYSICALDRIVE4 - Generic STORAGE DEVICE USB Device -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. FirstRunDisabled is set. AV: Avira AntiVir PersonalEdition v8.0.1.18 (Avira GmbH) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "I:\\Program Files\\MSN Messenger\\msnmsgr.exe"="I:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "I:\\Program Files\\MSN Messenger\\livecall.exe"="I:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "I:\\Program Files\\MSN Messenger\\msnmsgr.exe"="I:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "I:\\Program Files\\MSN Messenger\\livecall.exe"="I:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "I:\\Program Files\\iTunes\\iTunes.exe"="I:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" ""="" "I:\\WINDOWS\\system32\\dpvsetup.exe"="I:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "I:\\WINDOWS\\system32\\rundll32.exe"="I:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application" "I:\\Program Files\\Skype\\Phone\\Skype.exe"="I:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath " -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=I:\Documents and Settings\All Users APPDATA=I:\Documents and Settings\Administrateur\Application Data CLASSPATH=.;I:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip CLIENTNAME=Console CommonProgramFiles=I:\Program Files\Fichiers communs COMPUTERNAME=CRYSTALIZ ComSpec=I:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=I: HOMEPATH=\Documents and Settings\Administrateur LOGONSERVER=\\CRYSTALIZ NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=I:\WINDOWS\system32;I:\WINDOWS;I:\WINDOWS\System32\Wbem;I:\Program Files\QuickTime\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0a00 ProgramFiles=I:\Program Files PROMPT=$P$G QTJAVA=I:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip SESSIONNAME=Console SystemDrive=I: SystemRoot=I:\WINDOWS TEMP=I:\DOCUME~1\ADMINI~1\LOCALS~1\Temp TMP=I:\DOCUME~1\ADMINI~1\LOCALS~1\Temp USERDOMAIN=CRYSTALIZ USERNAME=Administrateur USERPROFILE=I:\Documents and Settings\Administrateur windir=I:\WINDOWS -- User Profiles --------------------------------------------------------------- Administrateur (admin) -- Add/Remove Programs --------------------------------------------------------- --> I:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER --> I:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 01-mp3search 4.0 --> I:\PROGRA~1\01-MP3~1\Setup.exe /remove 7-Zip 4.58 alpha 4 --> "I:\Program Files\7-Zip\Uninstall.exe" Ad-Aware SE Personal --> I:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE I:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG Adobe Flash Player 9 ActiveX --> I:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock Adobe Flash Player Plugin --> I:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 8.1.2 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003} Adobe Shockwave Player --> I:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE I:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543} Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F} Audacity 1.2.6 --> "I:\Program Files\Audacity\unins000.exe" Aureon 5.1 --> I:\WINDOWS\system32\Cmeaupci.exe /rm /ppci8768 Aureon 5.1 Fun ControlPanel --> RunDll32 I:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{17A87ED9-129A-4516-A3BF-5E513D23C3BB}\setup.exe" -l0x9 Avira AntiVir Personal – Free Antivirus --> I:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE AVS Audio Tools version 4.4 --> "I:\Program Files\AVSMedia\AudioTools\unins000.exe" AVS Cover Editor 1.3.1.79 (AVSMedia) --> "I:\Program Files\AVSMedia\CoverEditor\unins000.exe" AVS DVD Copy version 1.4 --> "I:\Program Files\AVSMedia\DVDCopy\unins000.exe" Barre d'outils MSN --> I:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\mtbs.exe c Bibliothèques GTK+ 2.10.13 rev a (supprimer uniquement) --> I:\Program Files\Fichiers communs\GTK\2.0\uninst.exe Burn4Free CD and DVD --> "I:\Program Files\Burn4Free\uninstall.exe" Burn4Free Toolbar --> "I:\WINDOWS\Burn4Free_Toolbar_Uninstaller_8453.exe" _?=I:\Program Files\Burn4Free Toolbar Canon MP Drivers 7.0 --> RunDll32 I:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{D335AC77-6F59-46D6-9082-F74A9F7E0FC3}\Setup.exe" -l0x40c -Uninstall Canon MP Navigator 1.1 --> RunDll32 I:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{8653730A-683D-4C42-BB18-6471291D5DEA}\setup.exe" /SUUninstall Canon ScanGear Starter --> RunDll32 I:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}\setup.exe" -l0x40c anything Canon Utilities Easy-PhotoPrint --> I:\Program Files\Canon\Easy-PhotoPrint\uninst.exe I:\Program Files\Canon\Easy-PhotoPrint\uninst.ini Compositeur Studio 2 --> MsiExec.exe /I{C51465EE-011E-4673-A668-48EABD39D431} DeepBurner Pro v1.8.0.225 --> "I:\Program Files\Astonsoft\DeepBurner Pro\Uninstall.exe" "I:\Program Files\Astonsoft\DeepBurner Pro\install.log" DivX Codec --> I:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Converter --> I:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player --> I:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player --> I:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN Easy-WebPrint --> I:\WINDOWS\IsUn040c.exe -f"I:\Program Files\Canon\Easy-WebPrint\Uninst.isu" Firebird SQL Server - MAGIX Edition 2.0.0.1 (F) --> I:\Program Files\MAGIX\Common\Database\uninstall.exe Free Mp3 Wma Converter V 1.6.3 --> "I:\Program Files\Free Audio Pack\unins000.exe" Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72} Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} Google Toolbar for Internet Explorer --> regsvr32 /u /s "i:\program files\google\googletoolbar1.dll" HijackThis 2.0.2 --> "I:\Documents and Settings\Administrateur\Bureau\HijackThis.exe" /uninstall ImageMixer VCD2 --> RunDll32 I:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}\setup.exe" -l0x40c UNINSTALL iTunes --> MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306} Java 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Java SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} Logiciel QuickCam de Logitech --> RunDll32 I:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x40c Logitech Print Service --> I:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE I:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG Micro Application - Compositeur --> I:\WINDOWS\unin040c.exe -fi:\DeIsL4.isu -ci:\_ISREG32.DLL Microsoft Compression Client Pack 1.0 for Windows XP --> "I:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Office 2000 CD-ROM 2 --> MsiExec.exe /I{0004040C-78E1-11D2-B60F-006097C998E7} Microsoft Office 2000 Small Business --> MsiExec.exe /I{0003040C-78E1-11D2-B60F-006097C998E7} Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF040C-6000-11D3-8CFE-0150048383C9} Microsoft Office Word Viewer 2003 --> MsiExec.exe /I{9085040C-6000-11D3-8CFE-0150048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "I:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Mozilla Firefox (2.0.0.14) --> I:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe My Pictures And Sounds 7.15 --> I:\Program Files\SAGEM\My Pictures And Sounds\Uninstall.exe neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} NVIDIA Windows 95/98/ME/2000/XP Stereo Drivers --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 I:\WINDOWS\INF\nvstereo.inf Oxemis CD Ripper --> MsiExec.exe /X{E3C38444-BDAC-40E2-9C48-F946B8D8E2AE} Pack Haut-Débit Téléphonie Club-internet --> RunDll32 I:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{5F494400-933C-4B57-AE55-05C929D15546}\setup.exe" -l0x40c -eth -pri Picture Package --> RunDll32 I:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}\setup.exe" -l0x40c UNINSTALL Pidgin --> I:\Program Files\Pidgin\pidgin-uninst.exe PowerDVD --> RunDll32 I:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall Programme de gestion Camera de Logitech® --> "I:\Program Files\Fichiers communs\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD} RealPlayer --> I:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Rio Internet Update --> MsiExec.exe /X{493F2531-C2E5-4B73-8B11-66E9CFDA9AFA} Rio Music Manager --> MsiExec.exe /X{282EF7E3-AE54-48AE-A11D-27F512F23AB3} SAGEM Full USB v3.4.5.0 --> "I:\Program Files\SAGEM\FullUSB\Drivers\uninstall.exe" /ID=FullUSB_x86 Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} Sony USB Driver --> RunDll32 I:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "I:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" UNINSTALL SPAMfighter --> "I:\Program Files\SPAMfighter\uninstall.exe" Remove Steinberg Cubase SX 1.01 --> I:\PROGRA~1\STEINB~1\CUBASE~1\UNWISE.EXE I:\PROGRA~1\STEINB~1\CUBASE~1\INSTALL.LOG VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027} VirginMega DownloadManager --> "I:\Program Files\VirginMega\DownloadManager\Uninstall.exe" "I:\Program Files\VirginMega\DownloadManager\install.log" VSO CopyToDVD 4 --> "I:\Program Files\VSO\unins000.exe" Windows Media Format 11 runtime --> "I:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" winLAME prerelease4 --> MsiExec.exe /I{062BFFA1-0CCC-400B-B840-F162328D8C00} WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5} WinZip Self-Extractor --> "I:\Program Files\WinZip Self-Extractor\setup.exe" /uninstall -- Application Event Log ------------------------------------------------------- Event Record #/Type549 / Warning Event Submitted/Written: 06/07/2008 01:23:22 PM Event ID/Source: 4113 / Avira AntiVir Event Description: TR/Crypt.XPACK.GenI:\SDFix\backups\oenmlbo.exe Event Record #/Type548 / Warning Event Submitted/Written: 06/07/2008 01:22:59 PM Event ID/Source: 4113 / Avira AntiVir Event Description: TR/Crypt.XPACK.GenI:\SDFix\backups\oenmlbo.exe Event Record #/Type540 / Warning Event Submitted/Written: 06/07/2008 01:01:59 PM Event ID/Source: 4113 / Avira AntiVir Event Description: TR/Crypt.XPACK.GenI:\WINDOWS\system32\oenmlbo.exe Event Record #/Type536 / Warning Event Submitted/Written: 06/06/2008 11:57:03 PM Event ID/Source: 4113 / Avira AntiVir Event Description: TR/Crypt.XPACK.GenI:\WINDOWS\system32\oenmlbo.exe Event Record #/Type531 / Warning Event Submitted/Written: 06/06/2008 06:20:30 PM Event ID/Source: 4113 / Avira AntiVir Event Description: TR/Crypt.XPACK.GenI:\WINDOWS\system32\oenmlbo.exe -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type38210 / Warning Event Submitted/Written: 06/07/2008 08:55:21 PM Event ID/Source: 1003 / Dhcp Event Description: Votre ordinateur n'a pas pu renouveler son adresse à partir du réseau (à partir du serveur DHCP) pour la carte réseau dont l'adresse réseau est 0011D807E548. Il s'est produit l'erreur suivante : %%121. Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du serveur d'adresse réseau (DHCP). Event Record #/Type38176 / Warning Event Submitted/Written: 06/07/2008 02:37:41 PM Event ID/Source: 1003 / Dhcp Event Description: Votre ordinateur n'a pas pu renouveler son adresse à partir du réseau (à partir du serveur DHCP) pour la carte réseau dont l'adresse réseau est 0011D807E548. Il s'est produit l'erreur suivante : %%121. Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du serveur d'adresse réseau (DHCP). Event Record #/Type38146 / Warning Event Submitted/Written: 06/07/2008 01:20:57 PM Event ID/Source: 1003 / Dhcp Event Description: Votre ordinateur n'a pas pu renouveler son adresse à partir du réseau (à partir du serveur DHCP) pour la carte réseau dont l'adresse réseau est 0011D807E548. Il s'est produit l'erreur suivante : %%121. Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du serveur d'adresse réseau (DHCP). Event Record #/Type38142 / Error Event Submitted/Written: 06/07/2008 01:12:01 PM Event ID/Source: 7026 / Service Control Manager Event Description: Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger : AFD AmdK7 avgio avipbb DumaNT Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip Event Record #/Type38141 / Error Event Submitted/Written: 06/07/2008 01:12:01 PM Event ID/Source: 7001 / Service Control Manager Event Description: Le service Apple Mobile Device dépend du service Pilote du protocole TCP/IP qui n'a pas pu démarrer en raison de l'erreur : %%31 -- End of Deckard's System Scanner: finished at 2008-06-07 21:09:15 ------------
  3. Mille excuses, je n'avais pas envoyé le nouveau log hijackthis, avec le rapport "report.txt" (ci dessus) le voici, ci dessous :(et je n'y trouve pas la ligne "F2-REG:system.ini...(etc) à enlever avec "fix checked"...je n'ai donc touchà à rien en attendant d'en savoir plus) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:44:20, on 07/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: I:\WINDOWS\System32\smss.exe I:\WINDOWS\system32\winlogon.exe I:\WINDOWS\system32\services.exe I:\WINDOWS\system32\lsass.exe I:\WINDOWS\system32\svchost.exe I:\WINDOWS\System32\svchost.exe I:\WINDOWS\system32\spoolsv.exe I:\WINDOWS\Explorer.EXE I:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe I:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe I:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe I:\WINDOWS\system32\RioMSC.exe I:\Program Files\SPAMfighter\sfus.exe I:\WINDOWS\system32\svchost.exe I:\WINDOWS\system32\wscntfy.exe I:\WINDOWS\system32\notepad.exe I:\WINDOWS\system32\RunDll32.exe I:\WINDOWS\system32\LVCOMSX.EXE I:\Program Files\Logitech\Video\LogiTray.exe I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe I:\Program Files\iTunes\iTunesHelper.exe I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe I:\Program Files\SPAMfighter\SFAgent.exe I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe I:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe I:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe I:\Program Files\WinZip\WZQKPICK.EXE I:\Program Files\Logitech\Video\FxSvr2.exe I:\Program Files\iPod\bin\iPodService.exe I:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.icrfast.com/index.php?rvs=hompag R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Reloaded Lite V2 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O4 - HKLM\..\Run: [Vistadrv] I:\WINDOWS\system32\Vistadrive\vsdrv.exe O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 cmicnfg3.cpl,CMICtrlWnd O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [LVCOMSX] I:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] I:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] I:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sPAMfighter Agent] "I:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "I:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "I:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WellPhone XT Sagem] "I:\Program Files\SmartCom\WellPhone XT Sagem\WellPhone2.exe" /background O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "I:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "I:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = I:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Picture Package VCD Maker.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = I:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://I:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://I:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://I:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://I:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O16 - DPF: {343CE214-9998-4B21-A151-FFE970167297} (WebInstall Class) - http://xscanner.shredder-scanner.com/setup/webinst.cab O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega.DMFacade.Interface) - https://www.virginmega.fr/DownloadManager/R...rod/DownMan.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - I:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - I:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - I:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - I:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - I:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe O23 - Service: RIO Mass Storage C (RioMSC) - Digital Networks North America, Inc. - I:\WINDOWS\system32\RioMSC.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - I:\Program Files\SPAMfighter\sfus.exe O23 - Service: StarOpen - Avira GmbH - (no file) O23 - Service: UPnPService - Magix AG - I:\Program Files\Fichiers communs\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 6593 bytes
  4. Merci ! Voila donc le nouveau rapport "report. txt" , après avoir effectué SDFIX : SDFix: Version 1.189 Run by Administrateur on 07/06/2008 at 13:16 Microsoft Windows XP [version 5.1.2600] Running From: I:\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File msconfig.exe restored from dllcache Rebooting Checking Files : Trojan Files Found: I:\WINDOWS\system32\OENMLBO.exe - Deleted I:\Documents and Settings\Administrateur\Local Settings\Temp\aax384.tmp.exe - Deleted I:\Documents and Settings\Administrateur\Local Settings\Temp\aaxA8.tmp.exe - Deleted I:\Documents and Settings\Administrateur\real.txt - Deleted I:\WINDOWS\system32\real.txt - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-07 13:23:39 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "I:\\Program Files\\MSN Messenger\\msnmsgr.exe"="I:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "I:\\Program Files\\MSN Messenger\\livecall.exe"="I:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "I:\\Program Files\\iTunes\\iTunes.exe"="I:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" @="" "I:\\WINDOWS\\system32\\dpvsetup.exe"="I:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "I:\\WINDOWS\\system32\\rundll32.exe"="I:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application" "I:\\Program Files\\Skype\\Phone\\Skype.exe"="I:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath " [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "I:\\Program Files\\MSN Messenger\\msnmsgr.exe"="I:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "I:\\Program Files\\MSN Messenger\\livecall.exe"="I:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files : File Backups: - I:\SDFix\backups\backups.zip Files with Hidden Attributes : Mon 2 Jun 2008 24 A.SH. --- I:\WINDOWS\SA2B55~1.TMP Sun 7 Oct 2007 70,144 ..SHR --- I:\PROGRA~1\01-MP3~1\SETUP.EXE Tue 8 Mar 2005 16,384 A.SHR --- I:\PROGRA~1\01-MP3~1\_SETUP.DLL Wed 21 May 2008 0 A.SH. --- I:\DOCUME~1\ALLUSE~1\DRM\CACHE\INDIV01.TMP Finished!
  5. Merci ! Nos messages d'hier se sont croisés. J'ai fait toutes les opérations avec hijackthis (élimination de pas mal de toolbar inutiles) ci-dessous nouveau log : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:30:45, on 05/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: I:\WINDOWS\System32\smss.exe I:\WINDOWS\system32\winlogon.exe I:\WINDOWS\system32\services.exe I:\WINDOWS\system32\lsass.exe I:\WINDOWS\system32\svchost.exe I:\WINDOWS\System32\svchost.exe I:\WINDOWS\Explorer.EXE I:\WINDOWS\system32\spoolsv.exe I:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe I:\WINDOWS\system32\RunDll32.exe I:\WINDOWS\system32\LVCOMSX.EXE I:\Program Files\Logitech\Video\LogiTray.exe I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe I:\Program Files\iTunes\iTunesHelper.exe I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe I:\Program Files\SPAMfighter\SFAgent.exe I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe I:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe I:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe I:\Program Files\WinZip\WZQKPICK.EXE I:\Program Files\Logitech\Video\FxSvr2.exe I:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe I:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe I:\WINDOWS\system32\RioMSC.exe I:\Program Files\SPAMfighter\sfus.exe I:\WINDOWS\system32\svchost.exe I:\Program Files\iPod\bin\iPodService.exe I:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.icrfast.com/index.php?rvs=hompag R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Reloaded Lite V2 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: UserInit=I:\WINDOWS\system32\userinit.exe,I:\WINDOWS\system32\oenmlbo.exe O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O4 - HKLM\..\Run: [Vistadrv] I:\WINDOWS\system32\Vistadrive\vsdrv.exe O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 cmicnfg3.cpl,CMICtrlWnd O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [LVCOMSX] I:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] I:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] I:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [au] I:\Program Files\Dealio\DealioAU.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sPAMfighter Agent] "I:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "I:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "I:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WellPhone XT Sagem] "I:\Program Files\SmartCom\WellPhone XT Sagem\WellPhone2.exe" /background O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "I:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "I:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = I:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Picture Package VCD Maker.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = I:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Compare Prices with &Dealio - I:\Documents and Settings\Administrateur\Application Data\Dealio\kb124\res\DealioSearch.html O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://I:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://I:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://I:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://I:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - I:\Program Files\Dealio\kb124\Dealio.dll (file missing) O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - I:\Program Files\Dealio\kb124\Dealio.dll (file missing) O16 - DPF: {343CE214-9998-4B21-A151-FFE970167297} (WebInstall Class) - http://xscanner.shredder-scanner.com/setup/webinst.cab O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega.DMFacade.Interface) - https://www.virginmega.fr/DownloadManager/R...rod/DownMan.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - I:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - I:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - I:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - I:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - I:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe O23 - Service: RIO Mass Storage C (RioMSC) - Digital Networks North America, Inc. - I:\WINDOWS\system32\RioMSC.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - I:\Program Files\SPAMfighter\sfus.exe O23 - Service: StarOpen - Avira GmbH - (no file) O23 - Service: UPnPService - Magix AG - I:\Program Files\Fichiers communs\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 7167 bytes
  6. Merci.. voila ce que me répond totalvirus : Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.5.30.1 2008.06.04 - AntiVir 7.8.0.26 2008.06.04 - Authentium 5.1.0.4 2008.06.04 - Avast 4.8.1195.0 2008.06.04 - AVG 7.5.0.516 2008.06.04 - BitDefender 7.2 2008.06.04 - CAT-QuickHeal 9.50 2008.06.04 - ClamAV 0.92.1 2008.06.04 - DrWeb 4.44.0.09170 2008.06.04 - eSafe 7.0.15.0 2008.06.04 - eTrust-Vet 31.6.5847 2008.06.04 - Ewido 4.0 2008.06.04 - F-Prot 4.4.4.56 2008.06.04 - F-Secure 6.70.13260.0 2008.06.04 - Fortinet 3.14.0.0 2008.06.04 - GData 2.0.7306.1023 2008.06.04 - Ikarus T3.1.1.26.0 2008.06.04 - Kaspersky 7.0.0.125 2008.06.04 - McAfee 5310 2008.06.04 - Microsoft 1.3604 2008.06.04 - NOD32v2 3158 2008.06.04 - Norman 5.80.02 2008.06.04 - Panda 9.0.0.4 2008.06.04 - Prevx1 V2 2008.06.04 - Rising 20.47.22.00 2008.06.04 - Sophos 4.30.0 2008.06.04 - Sunbelt 3.0.1144.1 2008.06.04 - Symantec 10 2008.06.04 - TheHacker 6.2.92.334 2008.06.04 - VBA32 3.12.6.7 2008.06.04 - VirusBuster 4.3.26:9 2008.06.04 - Webwasher-Gateway 6.6.2 2008.06.04 - Information additionnelle File size: 8805 bytes MD5...: 24c6be40a84fe58f50ed13d0cd34b418 SHA1..: bc1e00054d8955d5d024ba06b08f799f1ca0da0b SHA256: ad6f031733f57872033cf94d2efcc6b89f5c70aa728f6f8dc82458655e43c6c4 SHA512: ab110f3390300ef7b2807c8e9458175e8e5d84da0f9629027cec88f8904e54c9 a2ab35f4214dad879b600e31d097f2c8d100b268a619c60d8b22aeba83be5886 PEiD..: - PEInfo: - Il n'a rien trouvé apparemment. (?) Depuis que j'ai désinstallé avast, je n'ai plus d'alerte à propos du virus dont je parlais au début... Par contre, j'ai toujours mon problème d'écran bleu, systématiquement, quand je veux éteindre l'ordi. D'autrepart, et à toutes fins utiles, voila le résultat d'un scan que je viens de faire avec antivir : Avira AntiVir Personal Report file date: mercredi 4 juin 2008 22:05 Scanning for 1308719 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: Administrateur Computer name: CRYSTALIZ Version information: BUILD.DAT : 8.1.0.308 16478 Bytes 28/05/2008 17:03:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 14/04/2008 21:38:05 AVSCAN.DLL : 8.1.1.0 53505 Bytes 14/04/2008 21:38:05 LUKE.DLL : 8.1.2.9 151809 Bytes 14/04/2008 21:38:05 LUKERES.DLL : 8.1.2.1 12033 Bytes 14/04/2008 21:38:05 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 21:24:52 ANTIVIR2.VDF : 7.0.4.120 2206720 Bytes 01/06/2008 21:16:44 ANTIVIR3.VDF : 7.0.4.136 66560 Bytes 03/06/2008 21:11:05 Engineversion : 8.1.0.51 AEVDF.DLL : 8.1.0.5 102772 Bytes 14/04/2008 21:38:06 AESCRIPT.DLL : 8.1.0.37 270715 Bytes 01/06/2008 21:16:55 AESCN.DLL : 8.1.0.20 119157 Bytes 29/05/2008 16:09:52 AERDL.DLL : 8.1.0.20 418165 Bytes 28/04/2008 10:05:34 AEPACK.DLL : 8.1.1.5 364918 Bytes 15/05/2008 21:36:47 AEOFFICE.DLL : 8.1.0.18 192890 Bytes 18/04/2008 17:23:43 AEHEUR.DLL : 8.1.0.29 1253750 Bytes 15/05/2008 21:36:46 AEHELP.DLL : 8.1.0.15 115063 Bytes 29/05/2008 16:09:51 AEGEN.DLL : 8.1.0.25 307573 Bytes 01/06/2008 21:16:52 AEEMU.DLL : 8.1.0.6 430451 Bytes 12/05/2008 18:39:31 AECORE.DLL : 8.1.0.30 168311 Bytes 29/05/2008 16:09:49 AVWINLL.DLL : 1.0.0.7 14593 Bytes 14/04/2008 21:38:05 AVPREF.DLL : 8.0.0.1 25857 Bytes 14/04/2008 21:38:05 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24 AVREG.DLL : 8.0.0.0 30977 Bytes 14/04/2008 21:38:05 AVARKT.DLL : 1.0.0.23 307457 Bytes 14/04/2008 21:38:04 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 14/04/2008 21:38:04 SQLITE3.DLL : 3.3.17.1 339968 Bytes 14/04/2008 21:38:05 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 14/04/2008 21:38:05 NETNT.DLL : 8.0.0.1 7937 Bytes 14/04/2008 21:38:05 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 14/04/2008 21:38:01 RCTEXT.DLL : 8.0.32.0 86273 Bytes 14/04/2008 21:38:01 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: i:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: I:, J:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: mercredi 4 juin 2008 22:05 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'FxSvr2.exe' - '1' Module(s) have been scanned Scan process 'WZQKPICK.EXE' - '1' Module(s) have been scanned Scan process 'Residence.exe' - '1' Module(s) have been scanned Scan process 'SonyTray.exe' - '1' Module(s) have been scanned Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned Scan process 'SFAgent.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'reader_sl.exe' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'LogiTray.exe' - '1' Module(s) have been scanned Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'savedump.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 28 processes with 28 modules were scanned Start scanning boot sectors: Boot sector 'I:\' [iNFO] No virus was found! Boot sector 'J:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '36' files ). Starting the file scan: Begin scan in 'I:\' I:\pagefile.sys [WARNING] The file could not be opened! I:\WINDOWS\system32\oenmlbo.exe [WARNING] The file could not be opened! Begin scan in 'J:\' Search path J:\ could not be opened! Le volume ne contient pas de système de fichiers connu. Vérifiez si tous les pilotes de système de fichiers nécessaires sont chargés et si le volume n'est pas endommagé. End of the scan: mercredi 4 juin 2008 22:46 Used time: 41:22 min The scan has been done completely. 5940 Scanning directories 201395 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 201395 Files not concerned 2518 Archives were scanned 2 Warnings 0 Notes
  7. Les problèmes semblant s'accentuer, je me permets de vous adresser directement le rapport (log) Si je dois l'adresser ailleurs, merci de m'indiquer la bonne adresse . Je vous remercie à nouveau. voici le rapport : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:00:03, on 04/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: I:\WINDOWS\System32\smss.exe I:\WINDOWS\system32\winlogon.exe I:\WINDOWS\system32\services.exe I:\WINDOWS\system32\lsass.exe I:\WINDOWS\system32\svchost.exe I:\WINDOWS\System32\svchost.exe I:\WINDOWS\Explorer.EXE I:\WINDOWS\system32\spoolsv.exe I:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe I:\WINDOWS\system32\RunDll32.exe I:\WINDOWS\system32\LVCOMSX.EXE I:\Program Files\Logitech\Video\LogiTray.exe I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe I:\Program Files\iTunes\iTunesHelper.exe I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe I:\Program Files\SPAMfighter\SFAgent.exe I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe I:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe I:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe I:\Program Files\WinZip\WZQKPICK.EXE I:\Program Files\Logitech\Video\FxSvr2.exe I:\Program Files\Internet Explorer\IEXPLORE.EXE I:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe I:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe I:\WINDOWS\system32\RioMSC.exe I:\Program Files\SPAMfighter\sfus.exe I:\WINDOWS\system32\svchost.exe I:\WINDOWS\system32\msiexec.exe I:\Program Files\iPod\bin\iPodService.exe I:\WINDOWS\system32\wuauclt.exe I:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.icrfast.com/index.php?rvs=hompag R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Reloaded Lite V2 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: UserInit=I:\WINDOWS\system32\userinit.exe,I:\WINDOWS\system32\oenmlbo.exe O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - I:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - I:\Program Files\Dealio\kb124\Dealio.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - I:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - I:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - I:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar1.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - I:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - I:\Program Files\Burn4Free Toolbar\v3.3.0.0\Burn4Free_Toolbar.dll O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - I:\Program Files\Dealio\kb124\Dealio.dll O4 - HKLM\..\Run: [Vistadrv] I:\WINDOWS\system32\Vistadrive\vsdrv.exe O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 cmicnfg3.cpl,CMICtrlWnd O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [LVCOMSX] I:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] I:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] I:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [au] I:\Program Files\Dealio\DealioAU.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "I:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sPAMfighter Agent] "I:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "I:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "I:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WellPhone XT Sagem] "I:\Program Files\SmartCom\WellPhone XT Sagem\WellPhone2.exe" /background O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "I:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "I:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = I:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Picture Package VCD Maker.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = I:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Compare Prices with &Dealio - I:\Documents and Settings\Administrateur\Application Data\Dealio\kb124\res\DealioSearch.html O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://I:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://I:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://I:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://I:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - I:\Program Files\Dealio\kb124\Dealio.dll O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - I:\Program Files\Dealio\kb124\Dealio.dll O16 - DPF: {343CE214-9998-4B21-A151-FFE970167297} (WebInstall Class) - http://xscanner.shredder-scanner.com/setup/webinst.cab O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega.DMFacade.Interface) - https://www.virginmega.fr/DownloadManager/R...rod/DownMan.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - I:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - I:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - I:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - I:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - I:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe O23 - Service: RIO Mass Storage C (RioMSC) - Digital Networks North America, Inc. - I:\WINDOWS\system32\RioMSC.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - I:\Program Files\SPAMfighter\sfus.exe O23 - Service: StarOpen - Avira GmbH - (no file) O23 - Service: UPnPService - Magix AG - I:\Program Files\Fichiers communs\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 8804 bytes
  8. Merci, j'ai pu faire l'analyse en mode normal. A quelle adresse dois je la poster? Merci !
  9. mille excuses, ce message est parti trop vite... Je disais donc : J'ai désinstallé avast en mode sans échec, mais j'ai toujours le même écran bleu, et quand je démarre l'ordi, les icônes mettent très longtemps avant de s'afficher normalement : elles sont d'abord affichées presque toutes sous la forme des petits engrenages qui apparaissent souvent pour les " .exe ". Bref, on dirait que l'ordi "rame"... D'autrepart j'ai téléchargé hijackthis, qui est maintenant sur le bureau. Pouvez vous me dire si l'analyse avec hijackthis doit être faite en mode sans échec ou "normalement"? Merci !
  10. Merci. J'ai désinstallé avast en mode sans échec, mais j'ai toujours le même écran bleu, et quand je démarre l'ordi, les icônes mettent très longtemps avant de s'afficher normalement : elles sont d'abord affichées presque toutes sous la forme des petits engrenages qui apparaissent souvent qua
  11. Bonjour, Mon PC est infecté par le trojan TR/Crypt.XPACK.Gen (transmis par MSN, que j'ai désinstallé depuis). Mon antivirus (Antivir) me signale régulièrement ce trojan, mais ne parvient pas à l'éradiquer. Le principal inconvénient est l'apparition d'un écran bleu, très souvent, quand je veux éteindre l'ordi, et l'obligation de redémarrer avant de pouvoir éteindre (et encore, ça ne marche pas toujours : il m'arrive d'être obligé de l'éteindre "brutalement, ce qui, paraît il, est très mauvais pour l'ordi... ) Je précise que j'ai téléchargé Antivir récemment, car l'antivirus Avast, (que j'avais installé avant ce virus, et qui est encore installé) est absolument inefficace. Si ce message n'est pas "rangé" dans la bonne catégorie, merci de me le signaler et de me dire dans quel sujet (quelle partie du forum?) je dois le mettre, car j'ai beaucoup de mal à m'y retrouver dans tous ces sujets. Merci fracoutu
  12. voila un hijack en mode normal, et tout à l'air de fonctionner correctement ; je n'ai plus eu de message d'alarme depuis le nettoyage je te remercie infiniment!... Fracoutu Logfile of HijackThis v1.99.1 Scan saved at 00:12:49, on 30/11/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Aide mémoire\TrayIcon.exe C:\Program Files\Aide mémoire\Aide mémoire.exe C:\Program Files\Aide mémoire\Aide mémoire.exe C:\Program Files\Aide mémoire\Aide mémoire.exe C:\Program Files\Aide mémoire\Aide mémoire.exe C:\Program Files\Aide mémoire\Aide mémoire.exe C:\Program Files\Aide mémoire\Aide mémoire.exe C:\Program Files\Aide mémoire\Aide mémoire.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\RioMSC.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\HijackThis\hijackthis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\RunServices: [WksSVC] EXPLORER.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ClearCookies] C:\WINDOWS\cc.exe O4 - Startup: Aide mémoire.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.billingnow.com O15 - Trusted Zone: http://*.reliablestats.com O15 - Trusted Zone: http://*.winantispyware.com O15 - Trusted Zone: http://*.winantivirus.com O15 - Trusted Zone: http://*.winantiviruspro.com O15 - Trusted Zone: http://*.winfixer.com O15 - Trusted Zone: http://*.winnanny.com O15 - Trusted Zone: http://*.winsoftware.com O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{89F8DC23-DB2A-4AE6-BDD2-AC67D45AE701}: NameServer = 194.117.200.10,194.117.200.15 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: RIO Mass Storage C (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  13. rebonjour Jack, ...2ème rapport après nettoyage... SmitFraudFix v2.00 Rapport fait à 23:34:29,48 le 29/11/2005 Executé à partir de C:\Documents and Settings\COUTURIER\Bureau\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport
  14. Merci, Jack! voici le rapport après choix 1 SmitFraudFix v2.00 Rapport fait à 23:21:55,95 le 29/11/2005 Executé à partir de C:\Documents and Settings\COUTURIER\Bureau\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\ »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32 C:\WINDOWS\system32\hp????.tmp PRESENT ! C:\WINDOWS\system32\ld????.tmp PRESENT ! C:\WINDOWS\system32\mscornet.exe PRESENT ! C:\WINDOWS\system32\mssearchnet.exe PRESENT ! C:\WINDOWS\system32\msvol.tlb PRESENT ! C:\WINDOWS\system32\ncompat.tlb PRESENT ! C:\WINDOWS\system32\nvctrl.exe PRESENT ! C:\WINDOWS\system32\ot.ico PRESENT ! C:\WINDOWS\system32\ts.ico PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\COUTURIER\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Recherche Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» Recherche Bureau »»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files C:\Program Files\SpyAxe\ PRESENT! »»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Recherche éléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="http://nemossos.free.fr/images/Campagne.jpg"'>http://nemossos.free.fr/images/Campagne.jpg" "SubscribedURL"="http://nemossos.free.fr/images/Campagne.jpg" "FriendlyName"="" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1] "Source"="http://nemossos.free.fr/images/Chutes.jpg"'>http://nemossos.free.fr/images/Chutes.jpg" "SubscribedURL"="http://nemossos.free.fr/images/Chutes.jpg" "FriendlyName"="" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2] "Source"="http://www.cfht.hawaii.edu/News/Lensing/Images/Sideshear_icon.jpg"'>http://www.cfht.hawaii.edu/News/Lensing/Images/Sideshear_icon.jpg" "SubscribedURL"="http://www.cfht.hawaii.edu/News/Lensing/Images/Sideshear_icon.jpg" "FriendlyName"="" »»»»»»»»»»»»»»»»»»»»»»»» Recherche Sharedtaskscheduler [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pr‚-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="D‚mon de cache des cat‚gories de composant" "{1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5}"="st3" »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport
  15. Bonjour, --- modéré par ipl_001 : Jack_Burton a créé une discussion pour toi -> http://forum.zebulon.fr/index.php?showtopic=80854 mon PC étant infecté par un virus (ou un trojan, apparemment), j'ai appliqué la méthode de ¨Pré nettoyage" proposée par mégataupe , (antivir en mode sans échec, hijackthis idem, etc) voici, ci-dessous, le log d'hijackthis, que je vous propose à fin d'analyse si le forum n'est pas le bon, merci de bien vouloir me prévenir et m'indiquer où je peux envoyer ce rapport merci
×
×
  • Créer...