Aller au contenu

zobway

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    9

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par zobway

  1. zobway
    Bonjour, j'essaye depuis ce matin de partager ma connection internet en wi-fi entre mes 2 portables. J'ai un modem par le cable d'un opérateur belge: VOO j'ai un routeur Dlink DSL G624T et 2 portables wifi. Mon problème est le suivant: J'ai réussi à connecter le modem (télédistribution) à mon router via le cable RJ45 sur un des 4 ports LAN du router. Je capte le réseau sur mon premier portable et j'ai accès à internet. J'ai également réussi à capter le réseau sans fil sur mon portable 2 mais je n'arrive pas à accéder à internet. Je suppose qu'il s'agit d'un problème d'IP mais je ne m'en sort pas. Est-ce que qqn peut m'aider? Merci.
  2. zobway
    OK, problème résolu, j'ai trouvé le switch merci tout de meme
  3. zobway
    Bonjour, merci d'essayer de m'aider, oui c'est bien ce que je pensais, il s'agit de réactiver l'interupteur wireless mais je ne sais pas où il se trouve. Mon laptop est un Compal EL 81 15" Il y'a bien un picto réseau sur la touche F2 à activer avec la fonction FN mais cela ne marche pas.
  4. zobway
    Bonjour, J'ai un problème avec mon laptop, depuis aujourd'hui la fonction wireless semble désactivée, j'ai un message disant "wireless swith disabled, please turn on the wireless switch". Qqn peut-il me dire comment faire ?? Un grand merci.
  5. zobway
    -------------- Oops, j'ai oublié de te poster le hijackthis, le voila: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:36:05, on 27/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Veoh Networks\Veoh\VeohClient.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [DJ Console Mk2] C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe -hide O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://eldarionankalima.spaces.live.com//P...ad/MsnPUpld.cab O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 6068 bytes
  6. zobway
    ---------- Hello Charles, C'est bcp mieux en effet, j'ai supprimé les lignes de commandes comme tu me l'as indiqué. Seulement la ligne: O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe n'existait déjà plus, je pense que je l'ai supprimée en faisant tourner le scan d'antivir auparavant. Tout tourne bien dorénavant. Quoiqu'il en soit, totalscan ne trouve aucun virus/malware sur mon PC. 1/ Juste une chose me préoccupe, qd j'ai lancé antivir, le log me rapporte encore qq problèmes, voici le rapport: AntiVir PersonalEdition Classic Report file date: mardi 27 novembre 2007 12:46 Scanning for 942367 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: SYSTEM Computer name: BELGIQUE Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:36:20 ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:36:20 ANTIVIR2.VDF : 7.0.1.0 1393152 Bytes 23/11/2007 14:36:20 ANTIVIR3.VDF : 7.0.1.8 27136 Bytes 26/11/2007 15:13:16 AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 25/11/2007 14:36:21 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24 AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: F:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: mardi 27 novembre 2007 12:46 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'wscntfy.exe' - '1' Module(s) have been scanned Scan process 'hprblog.exe' - '1' Module(s) have been scanned Scan process 'hpqste08.exe' - '1' Module(s) have been scanned Scan process 'hpqimzone.exe' - '1' Module(s) have been scanned Scan process 'locator.exe' - '1' Module(s) have been scanned Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned Scan process 'BlueSoleil.exe' - '1' Module(s) have been scanned Scan process 'VeohClient.exe' - '1' Module(s) have been scanned Scan process 'Skype.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'HDJ2CPL.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned Scan process 'hpztsb12.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'VTTimer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'MDM.EXE' - '1' Module(s) have been scanned Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'BTNtService.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 42 processes with 42 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'F:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '29' files ). Starting the file scan: Begin scan in 'C:\' <Command Center> C:\pagefile.sys [WARNING] The file could not be opened! C:\qoobox\Quarantine\catchme2007-11-26_211715.04.zip [0] Archive type: ZIP --> jkhhe.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '47c00c9f.qua'! C:\qoobox\Quarantine\catchme2007-11-27_122640.12.zip [DETECTION] Is the Trojan horse TR/Vundo.CA [iNFO] The file was moved to '47c00ca5.qua'! C:\qoobox\Quarantine\C\WINDOWS\system32\ejtygpot.exe.vir [DETECTION] Is the Trojan horse TR/Fotomoto.F.1 [iNFO] The file was moved to '47c00cb3.qua'! C:\qoobox\Quarantine\C\WINDOWS\system32\jkhhe.dll.vir [DETECTION] Is the Trojan horse TR/Trash.Gen [iNFO] The file was moved to '47b40cb4.qua'! C:\qoobox\Quarantine\C\WINDOWS\system32\mhsawyav.dll.vir [DETECTION] Is the Trojan horse TR/Vundo.CA [iNFO] The file was moved to '47bf0cb1.qua'! C:\System Volume Information\_restore{60627A64-687A-425E-BDAB-39945050C90B}\RP500\A0058017.dll [DETECTION] Is the Trojan horse TR/Vundo.CA [iNFO] The file was moved to '477c0c7d.qua'! C:\System Volume Information\_restore{60627A64-687A-425E-BDAB-39945050C90B}\RP500\A0058018.dll [DETECTION] Is the Trojan horse TR/Vundo.CA [iNFO] The file was moved to '46e569b6.qua'! C:\System Volume Information\_restore{60627A64-687A-425E-BDAB-39945050C90B}\RP501\A0059054.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '477c0c7f.qua'! C:\System Volume Information\_restore{60627A64-687A-425E-BDAB-39945050C90B}\RP503\A0059324.exe [DETECTION] Is the Trojan horse TR/Fotomoto.F.1 [iNFO] The file was moved to '477c0c86.qua'! C:\System Volume Information\_restore{60627A64-687A-425E-BDAB-39945050C90B}\RP503\A0059332.dll [DETECTION] Is the Trojan horse TR/Vundo.CA [iNFO] The file was moved to '477c0c87.qua'! C:\System Volume Information\_restore{60627A64-687A-425E-BDAB-39945050C90B}\RP503\A0059337.dll [DETECTION] Is the Trojan horse TR/Vundo.CA [iNFO] The file was moved to '46e56940.qua'! Begin scan in 'F:\' <Drawer> End of the scan: mardi 27 novembre 2007 13:47 Used time: 1:01:01 min The scan has been done completely. 5501 Scanning directories 253796 Files were scanned 11 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 11 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 253785 Files not concerned 1740 Archives were scanned 1 Warnings 1 Notes 2/ Voici un hijackthis pour que tu checkes la situation: Encore merci champion.
  7. zobway
    ---------- Bonjour Charles, voila j'ai suivis à la lettre tes instructions: voici les différents rapports: 1/ Combofix: ComboFix 07-11-19.4 - Bruxelles 2007-11-27 12:21:54.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.87 [GMT 1:00] Running from: C:\Documents and Settings\Bruxelles\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Bruxelles\Bureau\CFScript.txt * Created a new restore point FILE C:\WINDOWS\system32\64971ed2 C:\WINDOWS\system32\ejtygpot.exe C:\WINDOWS\system32\emwmdijv.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mhsawyav.dll C:\WINDOWS\system32\mhsawyav.dllbox C:\WINDOWS\system32\riyhiygq.ini C:\WINDOWS\system32\rpptaiao.ini C:\WINDOWS\system32\vhtuqjbi.ini . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk C:\Documents and Settings\Bruxelles\Bureau\Live Safety Center.lnk C:\Documents and Settings\Bruxelles\Bureau\Online Security Guide.lnk C:\Documents and Settings\Bruxelles\Favoris\Online Security Guide.lnk C:\WINDOWS\system32\64971ed2 C:\WINDOWS\system32\ejtygpot.exe C:\WINDOWS\system32\emwmdijv.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mhsawyav.dll C:\WINDOWS\system32\mhsawyav.dllbox C:\WINDOWS\system32\riyhiygq.ini C:\WINDOWS\system32\rpptaiao.ini C:\WINDOWS\system32\vhtuqjbi.ini . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-27 to 2007-11-27 )))))))))))))))))))))))))))))))))))) . 2007-11-26 21:52 <REP> d-------- C:\Program Files\Veoh Networks 2007-11-26 20:26 <REP> d-------- C:\WINDOWS\system32\LogFiles 2007-11-25 15:33 <REP> d-------- C:\Program Files\Avira 2007-11-25 15:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2007-11-24 00:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2007-11-24 00:36 75,248 --a------ C:\WINDOWS\zllsputility.exe 2007-11-24 00:36 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll 2007-11-24 00:36 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll 2007-11-24 00:36 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll 2007-11-24 00:36 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll 2007-11-24 00:36 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-11-24 00:35 <REP> d-------- C:\WINDOWS\system32\ZoneLabs 2007-11-24 00:35 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll 2007-11-24 00:34 <REP> d-------- C:\WINDOWS\Internet Logs 2007-11-23 00:42 <REP> d-------- C:\Program Files\SpywareBlaster 2007-11-22 23:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-22 15:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau 2007-11-22 15:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2007-11-22 15:29 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles 2007-11-22 15:29 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents 2007-11-22 15:29 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer 2007-11-22 15:29 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris 2007-11-22 15:29 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2007-11-22 12:12 <REP> d-------- C:\VundoFix Backups 2007-11-22 11:18 <REP> d-------- C:\Program Files\Trend Micro 2007-11-22 11:05 <REP> d-------- C:\Program Files\Panda Security 2007-11-11 20:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lchinese 2007-11-04 00:01 <REP> d-------- C:\WINDOWS\Sun 2007-10-31 14:31 <REP> d-------- C:\Documents and Settings\Bruxelles\Application Data\Apple Computer 2007-10-31 14:26 <REP> d-------- C:\Program Files\Apple Software Update 2007-10-31 14:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-10-31 14:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2007-10-30 08:36 <REP> d-------- C:\Program Files\Mozilla Sunbird 2007-10-30 08:36 <REP> d-------- C:\Documents and Settings\Bruxelles\Application Data\Talkback . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-27 11:25 83,336 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2007-11-27 11:25 6,930,464 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2007-11-26 20:54 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-26 20:18 --------- d-----w C:\Documents and Settings\Bruxelles\Application Data\Skype 2007-11-26 15:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2007-11-26 15:19 --------- d-----w C:\Documents and Settings\Bruxelles\Application Data\uTorrent 2007-11-23 23:36 75,932 ----a-w C:\WINDOWS\system32\drivers\klick.dat 2007-11-23 23:36 74,396 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2007-11-11 19:07 33,824 ----a-w C:\WINDOWS\system32\drivers\oreans32.sys 2007-10-31 13:28 --------- d-----w C:\Program Files\QuickTime 2007-10-19 22:22 --------- d-----w C:\Program Files\K-Lite Codec Pack 2007-10-08 19:04 --------- d-----w C:\Program Files\Google 2007-10-08 12:44 --------- d-----w C:\Program Files\Media Player Classic 2007-10-08 12:26 --------- d-----w C:\Documents and Settings\Bruxelles\Application Data\Media Player Classic 2007-09-29 11:17 --------- d-----w C:\Program Files\MSN Messenger 2005-05-11 22:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-22 16:10] "MsnMsgr"="~C:\Program Files\MSN Messenger\MsnMsgr.exe" [] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 17:20] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-03 17:37] "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-11-13 15:48] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "VTTimer"="VTTimer.exe" [2004-01-15 13:33 C:\WINDOWS\system32\VTTimer.exe] "Cmaudio"="RunDll32 cmicnfg.cpl" [] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-03-08 05:42] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 16:10 C:\WINDOWS\system32\bthprops.cpl] "DJ Console Mk2"="C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe" [2005-11-14 10:40] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-25 15:36] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljiiff] R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys S3 Bulk;HDJBulk;C:\WINDOWS\system32\Drivers\HDJBulk.sys S3 HDJAsioK;HDJAsioK;C:\WINDOWS\system32\Drivers\HDJAsioK.sys S3 HDJMidi;Hercules DJ Console MIDI;C:\WINDOWS\system32\DRIVERS\HDJMidi.sys . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2007-11-23 21:10:55 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-27 12:27:56 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-27 12:29:21 - machine was rebooted C:\ComboFix2.txt ... 2007-11-26 21:21 . --- E O F --- 2/ Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:32:55, on 27/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Veoh Networks\Veoh\VeohClient.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [DJ Console Mk2] C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe -hide O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://eldarionankalima.spaces.live.com//P...ad/MsnPUpld.cab O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab O20 - Winlogon Notify: mljiiff - C:\WINDOWS\ O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 6240 bytes Que dois-je faire maintenant?? Merci pour ton aide.
  8. zobway
    ------------------ Merci de m'aider, voila le rapport hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:58:25, on 26/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Veoh Networks\Veoh\VeohClient.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {4A54500A-65FE-4F4A-B860-20EAE2F577F9} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {69DF15DA-A165-4B14-8D60-2F298A239141} - (no file) O2 - BHO: (no name) - {7653D5DE-9C1B-44F6-948E-250FA4749A77} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\mhsawyav.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: (no name) - {e5f2b371-43da-4d76-8ace-23176e3e06f3} - (no file) O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\mhsawyav.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [DJ Console Mk2] C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe -hide O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://eldarionankalima.spaces.live.com//P...ad/MsnPUpld.cab O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab O20 - Winlogon Notify: mhsawyav - C:\WINDOWS\SYSTEM32\mhsawyav.dll O20 - Winlogon Notify: mljiiff - C:\WINDOWS\ O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 7580 bytes
  9. zobway
    Bonjour, J'ai vu qu'un utilisateur de ce forum à eu le meme virus : deux fichiers (online security guide et live safety center) qui sont apparus dans mon menu démarrer et triangle jaune qui me dit que mon PC est infecté par PSW trojan. J'ai viré avast et installé antivir, mais le guard de celui-ci me bloque à chaque démarrage. Je désactive donc le gard. Il me semble être contaminé par Virtumondo mais hijackthis et vundofix ne le trouve plus. J'ai lancé combofix, voici le rapport : POUVEZ-VOUS M'AIDER ??? JE SUIS AU BOUT DU ROULEAU. MERCI ComboFix 07-11-19.4 - Bruxelles 2007-11-26 21:10:49.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.97 [GMT 1:00] Running from: C:\Documents and Settings\Bruxelles\Bureau\ComboFix.exe * Created a new restore point . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk C:\Documents and Settings\Bruxelles\Bureau\Live Safety Center.lnk C:\Documents and Settings\Bruxelles\Bureau\Online Security Guide.lnk C:\Documents and Settings\Bruxelles\Favoris\Online Security Guide.lnk C:\Program Files\Insider C:\Program Files\Insider\Insider.exe C:\Program Files\WinAble C:\WINDOWS\b147.exe C:\WINDOWS\system32\ehhkj.ini C:\WINDOWS\system32\ehhkj.ini2 C:\WINDOWS\system32\jkhhe.dll C:\WINDOWS\system32\mhsawyav.dllbox . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE -------\DomainService ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-26 to 2007-11-26 )))))))))))))))))))))))))))))))))))) . 2007-11-26 21:18 414 ---hs---- C:\WINDOWS\system32\mhsawyav.dllbox 2007-11-26 20:26 <REP> d-------- C:\WINDOWS\system32\LogFiles 2007-11-26 20:26 71,232 --a------ C:\WINDOWS\system32\ejtygpot.exe 2007-11-26 20:20 15 --a------ C:\WINDOWS\system32\64971ed2 2007-11-26 16:23 145,984 --a------ C:\WINDOWS\system32\mhsawyav.dll 2007-11-25 16:29 294 ---hs---- C:\WINDOWS\system32\emwmdijv.ini 2007-11-25 15:33 <REP> d-------- C:\Program Files\Avira 2007-11-25 15:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2007-11-25 15:24 774 ---hs---- C:\WINDOWS\system32\riyhiygq.ini 2007-11-24 00:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2007-11-24 00:36 75,248 --a------ C:\WINDOWS\zllsputility.exe 2007-11-24 00:36 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll 2007-11-24 00:36 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll 2007-11-24 00:36 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll 2007-11-24 00:36 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll 2007-11-24 00:35 <REP> d-------- C:\WINDOWS\system32\ZoneLabs 2007-11-24 00:34 <REP> d-------- C:\WINDOWS\Internet Logs 2007-11-24 00:34 58,727 --a------ C:\WINDOWS\system32\vsconfig.xml 2007-11-23 13:03 654 ---hs---- C:\WINDOWS\system32\rpptaiao.ini 2007-11-23 12:59 143 --a------ C:\WINDOWS\system32\mcrh.tmp 2007-11-23 00:42 <REP> d-------- C:\Program Files\SpywareBlaster 2007-11-22 23:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-22 15:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau 2007-11-22 15:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2007-11-22 15:29 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles 2007-11-22 15:29 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents 2007-11-22 15:29 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer 2007-11-22 15:29 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris 2007-11-22 15:29 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2007-11-22 12:12 <REP> d-------- C:\VundoFix Backups 2007-11-22 11:18 <REP> d-------- C:\Program Files\Trend Micro 2007-11-22 11:05 <REP> d-------- C:\Program Files\Panda Security 2007-11-22 10:36 719,452 ---hs---- C:\WINDOWS\system32\vhtuqjbi.ini 2007-11-12 09:17 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-11-12 09:17 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2007-11-12 09:17 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-11-12 09:17 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-11-12 09:17 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-11-12 09:17 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-11-12 09:17 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-11-12 09:17 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-11-11 20:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lchinese 2007-11-04 00:01 <REP> d-------- C:\WINDOWS\Sun 2007-10-31 14:31 <REP> d-------- C:\Documents and Settings\Bruxelles\Application Data\Apple Computer 2007-10-31 14:26 <REP> d-------- C:\Program Files\Apple Software Update 2007-10-31 14:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-10-31 14:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2007-10-30 08:36 <REP> d-------- C:\Program Files\Mozilla Sunbird 2007-10-30 08:36 <REP> d-------- C:\Documents and Settings\Bruxelles\Application Data\Talkback . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-26 20:19 6,776,864 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2007-11-26 20:18 --------- d-----w C:\Documents and Settings\Bruxelles\Application Data\Skype 2007-11-26 19:17 81,320 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2007-11-26 15:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2007-11-26 15:19 --------- d-----w C:\Documents and Settings\Bruxelles\Application Data\uTorrent 2007-11-23 23:36 75,932 ----a-w C:\WINDOWS\system32\drivers\klick.dat 2007-11-23 23:36 74,396 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2007-11-11 19:07 33,824 ----a-w C:\WINDOWS\system32\drivers\oreans32.sys 2007-10-31 13:28 --------- d-----w C:\Program Files\QuickTime 2007-10-19 22:22 --------- d-----w C:\Program Files\K-Lite Codec Pack 2007-10-08 19:04 --------- d-----w C:\Program Files\Google 2007-10-08 12:44 --------- d-----w C:\Program Files\Media Player Classic 2007-10-08 12:26 --------- d-----w C:\Documents and Settings\Bruxelles\Application Data\Media Player Classic 2007-09-29 11:17 --------- d-----w C:\Program Files\MSN Messenger 2007-09-04 16:56 164,352 ----a-w C:\WINDOWS\system32\unrar.dll 2005-05-11 22:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll 2001-11-23 04:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A54500A-65FE-4F4A-B860-20EAE2F577F9}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69DF15DA-A165-4B14-8D60-2F298A239141}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7653D5DE-9C1B-44F6-948E-250FA4749A77}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}] 2007-11-26 20:00 145984 --a------ C:\WINDOWS\system32\mhsawyav.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e5f2b371-43da-4d76-8ace-23176e3e06f3}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\mhsawyav.dll [2007-11-26 20:00 145984] [HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-22 16:10] "MsnMsgr"="~C:\Program Files\MSN Messenger\MsnMsgr.exe" [] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 17:20] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-03 17:37] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "VTTimer"="VTTimer.exe" [2004-01-15 13:33 C:\WINDOWS\system32\VTTimer.exe] "Cmaudio"="RunDll32 cmicnfg.cpl" [] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2005-03-08 05:42] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 16:10 C:\WINDOWS\system32\bthprops.cpl] "DJ Console Mk2"="C:\Program Files\Hercules\Audio\DJ Console Series\MK2\HDJ2CPL.exe" [2005-11-14 10:40] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-25 15:36] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mhsawyav] mhsawyav.dll 2007-11-26 20:00 145984 C:\WINDOWS\system32\mhsawyav.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljiiff] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkhhe.dll R1 oreans32;oreans32;\??\C:\WINDOWS\system32\drivers\oreans32.sys S3 Bulk;HDJBulk;C:\WINDOWS\system32\Drivers\HDJBulk.sys S3 HDJAsioK;HDJAsioK;C:\WINDOWS\system32\Drivers\HDJAsioK.sys S3 HDJMidi;Hercules DJ Console MIDI;C:\WINDOWS\system32\DRIVERS\HDJMidi.sys . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2007-11-23 21:10:55 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-26 21:19:08 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-26 21:21:06 - machine was rebooted . --- E O F ---
×
×
  • Créer...