Aller au contenu

Franckh

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    1

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par Franckh

  1. Franckh
    Hello à tous, Avant d'envoyer ce message j'ai utilisé tous les outils indiqués dans les messages précédent (CCleaner, AVG Spyware, Kapersky Antivirus, etc.) Rien n'y fait !!! Même en mode sans echec l'icone de Virus Protect Pro apparait en bas à gauche. J'en perd mon latin. Merci à vous pour votre aide. Voici les rapports : PROCESS XP Process PID CPU Description Company Name System Idle Process 0 98.44 Interrupts n/a 1.56 Hardware Interrupts DPCs n/a Deferred Procedure Calls System 4 smss.exe 484 Gestionnaire de session Windows NT Microsoft Corporation csrss.exe 564 Client Server Runtime Process Microsoft Corporation winlogon.exe 588 Application d'ouverture de session Windows NT Microsoft Corporation services.exe 632 Applications Services et Contrôleur Microsoft Corporation svchost.exe 972 Generic Host Process for Win32 Services Microsoft Corporation IMApp.exe 2328 IncrediMail Application IncrediMail, Ltd. svchost.exe 1264 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1300 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1336 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1508 Generic Host Process for Win32 Services Microsoft Corporation svchost.exe 1680 Generic Host Process for Win32 Services Microsoft Corporation spoolsv.exe 2016 Spooler SubSystem App Microsoft Corporation guard.exe 220 AVG Anti-Spyware guard GRISOFT s.r.o. avp.exe 228 Kaspersky Anti-Virus Kaspersky Lab BTNtService.exe 248 nvsvc32.exe 372 NVIDIA Driver Helper Service, Version 162.18 NVIDIA Corporation svchost.exe 528 Generic Host Process for Win32 Services Microsoft Corporation alg.exe 452 Application Layer Gateway Service Microsoft Corporation lsass.exe 644 LSA Shell (Export Version) Microsoft Corporation explorer.exe 1468 Explorateur Windows Microsoft Corporation avp.exe 768 Kaspersky Anti-Virus Kaspersky Lab cdvgbcl.exe 864 SOUNDMAN.EXE 1852 Realtek Sound Manager Realtek Semiconductor Corp. rundll32.exe 1548 Exécuter une DLL en tant qu'application Microsoft Corporation avgas.exe 636 AVG Anti-Spyware GRISOFT s.r.o. ctfmon.exe 2060 CTF Loader Microsoft Corporation msmsgs.exe 2116 Windows Messenger Microsoft Corporation msnmsgr.exe 2184 MSN Messenger Microsoft Corporation Skype.exe 2592 Skype. The whole world can talk for free. Skype Technologies S.A. BlueSoleil.exe 2612 Bluetooth Application IVT Corporation procexp.exe 404 Sysinternals Process Explorer Sysinternals BLACKLIGHT 08/05/07 12:20:56 [info]: BlackLight Engine 1.0.64 initialized 08/05/07 12:20:56 [info]: OS: 5.1 build 2600 (Service Pack 2) 08/05/07 12:20:56 [Note]: 7019 4 08/05/07 12:20:56 [Note]: 7005 0 08/05/07 12:21:07 [Note]: 7006 0 08/05/07 12:21:07 [Note]: 7011 1468 08/05/07 12:21:07 [Note]: 7026 0 08/05/07 12:21:07 [Note]: 7026 0 08/05/07 12:21:08 [Note]: FSRAW library version 1.7.1022 08/05/07 12:22:05 [Note]: 2000 1012 08/05/07 12:22:24 [Note]: 7007 0 HIJACKTHIS Logfile of HijackThis v1.99.1 Scan saved at 12:07:21, on 05/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\windows\system32\cdvgbcl.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Outils\Vundo.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {000E0C36-4404-2A73-2549-B9DF3B64FB27} - keybdll.dll (file missing) O1 - Hosts: localhost 127.0.0.1 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {34E6F97C-34E0-4CE5-B92B-F83634BEDC01} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [cdvgbcl] c:\windows\system32\cdvgbcl.exe cdvgbcl O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [XTermInit] sbin.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe SMITFRAUDFIX Rapport fait à 12:20:00,31, 05/08/2007 Executé à partir de C:\Outils\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\windows\system32\cdvgbcl.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Utilisateur »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Utilisateur\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\UTILIS~1\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{bd2948f8-c949-464f-824a-6272608c739e}"="criticalness" [HKEY_CLASSES_ROOT\CLSID\{bd2948f8-c949-464f-824a-6272608c739e}\InProcServer32] @="C:\WINDOWS\system32\vjxwnn.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{bd2948f8-c949-464f-824a-6272608c739e}\InProcServer32] @="C:\WINDOWS\system32\vjxwnn.dll" »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32 »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: SiS190 100/10 Ethernet Device - Miniport d'ordonnancement de paquets DNS Server Search Order: 192.168.1.1 Description: NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter - Miniport d'ordonnancement de paquets DNS Server Search Order: 192.168.1.1 DNS Server Search Order: 0.0.0.0 HKLM\SYSTEM\CCS\Services\Tcpip\..\{38DC14EF-1E90-46FB-9686-164CF58AF631}: DhcpNameServer=192.168.1.1 0.0.0.0 HKLM\SYSTEM\CCS\Services\Tcpip\..\{ADB7B822-FDFF-4EE2-8239-19A22A2541C7}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{38DC14EF-1E90-46FB-9686-164CF58AF631}: DhcpNameServer=192.168.1.1 0.0.0.0 HKLM\SYSTEM\CS1\Services\Tcpip\..\{ADB7B822-FDFF-4EE2-8239-19A22A2541C7}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{ADB7B822-FDFF-4EE2-8239-19A22A2541C7}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin MERCI ENCORE DE VOTRE AIDE
×
×
  • Créer...