Winantivirus

[zaberic]

Re,

 

Télécharge Deckard's System Scanner http://deckard.geekstogo.com/dss.exe sur ton bureau

Ferme toutes les applications en cours

Doublie clique sur dss.exe. Tu auras deux messages qui vont apparaitre à l'écran, clique sur OK pour les deux.

 

Sois patient, le scan peut être long.

 

A la fin tu auras de nouveau un message disant que bloc-notes va s'ouvrir clique sur OK puis fais un copier/coller de tout son contenu.

 

VoilaDeckard's System Scanner v20070411.38

Run by Zaberic on 2007-04-20 at 22:53:28

Computer is in Normal Mode.

--------------------------------------------------------------------------------

 

-- Last 5 Restore Point(s) --

18: 2007-04-20 05:45:57 UTC - RP81 - Windows Update

17: 2007-04-19 00:14:23 UTC - RP80 - Windows Update

16: 2007-04-18 19:02:56 UTC - RP79 - Point de contrôle planifié

15: 2007-04-16 18:54:39 UTC - RP78 - Point de contrôle planifié

14: 2007-04-15 13:11:42 UTC - RP77 - Sauvegarde Windows

 

 

-- First Restore Point --

1: 2007-03-30 20:09:17 UTC - RP64 - Windows Update

 

 

Backed up registry hives.

 

Performed disk cleanup.

 

 

-- HijackThis (run as Zaberic.exe) ---------------------------------------------

 

Logfile of HijackThis v1.99.1

Scan saved at 22:54:47, on 20/04/2007

Platform: Unknown Windows (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16386)

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Users\Zaberic\Desktop\dss.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\PROGRA~1\HIJACK~1\Zaberic.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {2f835fc1-a792-4169-a5b6-a4fca52b031f} - C:\Windows\system32\llturs.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {00000005-0000-0000-0000-100005000004} - https://secure.widebill.com/l/cbb9459282aa8...59485337_35.exe

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: llturs - C:\Windows\SYSTEM32\llturs.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

 

 

-- File Associations -----------------------------------------------------------

 

All associations okay.

 

 

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

 

R0 SI3132 (SiI-3132 SATALink Controller) - c:\windows\system32\drivers\si3132.sys

R0 SiFilter (SATALink driver accelerator) - c:\windows\system32\drivers\siwinacc.sys

R0 SiRemFil (SATALink External Device Filter) - c:\windows\system32\drivers\siremfil.sys

R2 aswMonFlt - c:\windows\system32\drivers\aswmonflt.sys

R2 EIO - \??\c:\windows\system32\drivers\eio.sys

R3 APL531 (Hercules Dualpix HD Webcam) - c:\windows\system32\drivers\hdvid.sys

R3 camfilt - c:\windows\system32\drivers\camfilt.sys

R3 MTsensor (ATK0110 ACPI UTILITY) - c:\windows\system32\drivers\asacpi.sys

R3 nvlddmkm - c:\windows\system32\drivers\nvlddmkm.sys

R3 Pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys

R3 SIS163u (SiS163 usb Wireless LAN Adapter Driver) - c:\windows\system32\drivers\sis163u.sys

 

 

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

 

R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe"

R3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe"

 

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe

 

 

-- Scheduled Tasks -------------------------------------------------------------

 

2007-04-19 22:46:18 426 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{2E4D2199-C174-4089-A66D-AF8AB7D63FC5}.job<USER_F~1.JOB>

 

 

-- Files created between 2007-03-20 and 2007-04-20 -----------------------------

 

 

 

-- Find3M Report ---------------------------------------------------------------

 

2007-04-20 22:52:59 0 d-------- C:\Users\Zaberic\AppData\Roaming\OpenOffice.org2<OPENOF~1.ORG>

2007-04-20 12:49:28 699984 --a------ C:\Windows\system32\perfh00C.dat

2007-04-20 12:49:28 121814 --a------ C:\Windows\system32\perfc00C.dat

2007-04-19 02:47:47 0 d-------- C:\Program Files\MyBuy

2007-04-14 09:42:43 90112 --a------ C:\Windows\system32\AVASTSS.scr

2007-04-12 13:20:04 0 d-------- C:\Program Files\Windows Defender<WINDOW~3>

2007-04-12 13:14:54 376320 --a------ C:\Windows\system32\winsrv.dll

2007-04-12 13:14:54 49664 --a------ C:\Windows\system32\csrsrv.dll

2007-04-12 13:14:32 0 d-------- C:\Program Files\Windows Mail<WINDOW~1>

2007-04-10 20:23:23 0 d-------- C:\Program Files\IncrediMail<INCRED~1>

2007-04-10 13:18:32 712832 --a------ C:\Windows\system32\aswBoot.exe

2007-04-10 12:55:15 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0>

2007-04-09 10:24:18 0 d-------- C:\Program Files\Microsoft Games<MICROS~1>

2007-04-08 13:47:00 0 d-------- C:\Users\Zaberic\AppData\Roaming\Ahead

2007-04-05 14:16:37 0 d-------- C:\Users\Zaberic\AppData\Roaming\Vso

2007-04-04 10:41:07 0 d-------- C:\Users\Zaberic\AppData\Roaming\Adobe

2007-04-04 10:37:22 0 d-------- C:\Program Files\Common Files\Adobe

2007-04-04 10:27:11 2026496 --a------ C:\Windows\system32\win32k.sys

2007-04-04 10:27:11 633856 --a------ C:\Windows\system32\user32.dll

2007-04-01 10:50:39 0 d-------- C:\Program Files\i-Covers

2007-03-31 01:07:53 0 d-------- C:\Users\Zaberic\AppData\Roaming\Command & Conquer 3 Les guerres du Tiberium<COMMAN~2>

2007-03-31 01:06:53 108144 --a------ C:\Windows\system32\CmdLineExt.dll<CMDLIN~1.DLL>

2007-03-31 01:00:35 0 dr-h----- C:\Users\Zaberic\AppData\Roaming\SecuROM

2007-03-31 00:22:02 0 d-------- C:\Program Files\Electronic Arts<ELECTR~1>

2007-03-31 00:19:55 0 d-------- C:\Program Files\Common Files\EasyInfo

2007-03-22 20:48:17 0 d-------- C:\Program Files\ASUS

2007-03-18 20:18:04 0 d-------- C:\Users\Zaberic\AppData\Roaming\Command & Conquer 3 Tiberium Wars Demo<COMMAN~1>

2007-03-18 11:45:41 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>

2007-03-16 23:46:40 0 d---s---- C:\Users\Zaberic\AppData\Roaming\Microsoft<MICROS~1>

2007-03-15 19:53:02 0 d-------- C:\Program Files\Common Files\SWF Studio<SWFSTU~1>

2007-03-15 08:07:57 414208 --a------ C:\Windows\system32\msscp.dll

2007-03-15 08:07:41 4153344 --a------ C:\Windows\system32\GameUXLegacyGDFs.dll

2007-03-15 08:07:40 1686016 --a------ C:\Windows\system32\gameux.dll

2007-03-11 20:33:22 0 d-------- C:\Program Files\DVD Shrink<DVDSHR~1>

2007-03-11 18:20:41 0 d-------- C:\Users\Zaberic\AppData\Roaming\CyberLink<CYBERL~1>

2007-03-11 18:14:44 0 d-------- C:\Program Files\CyberLink<CYBERL~1>

2007-03-11 15:06:07 0 d-------- C:\Program Files\Common Files\Ahead

2007-03-11 14:36:47 19221 --a------ C:\Windows\system32\llturs.dll

2007-03-11 11:36:29 34 --a------ C:\Users\Zaberic\AppData\Roaming\pcouffin.log

2007-03-11 11:36:03 47360 --a------ C:\Users\Zaberic\AppData\Roaming\pcouffin.sys

2007-03-11 11:36:03 1144 --a------ C:\Users\Zaberic\AppData\Roaming\pcouffin.inf

2007-03-11 11:36:03 1074 --a------ C:\Users\Zaberic\AppData\Roaming\pcouffin.cat

2007-03-11 11:36:03 87608 --a------ C:\Users\Zaberic\AppData\Roaming\ezpinst.exe

2007-03-11 11:36:00 0 d-------- C:\Program Files\vso

2007-03-11 00:06:39 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>

2007-03-10 23:37:23 0 d-------- C:\Program Files\Alwil Software<ALWILS~1>

2007-03-10 21:07:29 0 d-------- C:\Users\Zaberic\AppData\Roaming\Canon

2007-03-10 21:07:17 0 d-------- C:\Users\Zaberic\AppData\Roaming\ArcSoft

2007-03-10 21:06:26 0 d-------- C:\Program Files\ArcSoft

2007-03-10 21:05:42 0 d-------- C:\Users\Zaberic\AppData\Roaming\ScanSoft

2007-03-10 21:04:58 0 d-------- C:\Program Files\ScanSoft

2007-03-10 13:59:30 0 d-------- C:\Program Files\OpenOffice.org 2.1<OPENOF~1.1>

2007-03-10 12:45:31 0 d-------- C:\Program Files\Nero

2007-03-10 01:50:26 0 d-------- C:\Program Files\eMule

2007-03-10 01:31:43 0 d-------- C:\Program Files\Prolific Publishing, Inc<PROLIF~1>

2007-03-10 01:26:07 0 d-------- C:\Program Files\SereneScreen<SERENE~1>

2007-03-10 00:54:55 0 d-------- C:\Program Files\BitLocker<BITLOC~1>

2007-03-10 00:54:36 1171848 --a------ C:\Windows\system32\SecureKeyBackupCPL.dll

2007-03-10 00:45:02 229888 --a------ C:\Windows\system32\msshsq.dll

2007-03-10 00:17:48 0 d-------- C:\Users\Zaberic\AppData\Roaming\vlc

2007-03-10 00:16:07 0 d-------- C:\Program Files\VideoLAN

2007-03-10 00:04:00 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>

2007-03-09 23:46:18 0 d-------- C:\Users\Zaberic\AppData\Roaming\InstallShield<INSTAL~1>

2007-03-09 23:41:54 0 d-------- C:\Users\Zaberic\AppData\Roaming\Macromedia<MACROM~1>

2007-03-09 23:31:23 104448 --a------ C:\Windows\system32\DWWIN.EXE

2007-03-09 23:29:37 974336 --a------ C:\Windows\system32\crypt32.dll

2007-03-09 23:22:43 26340 --a------ C:\Users\Zaberic\AppData\Roaming\UserTile.png

2007-03-09 23:22:43 0 d-------- C:\Users\Zaberic\AppData\Roaming\PeerNetworking<PEERNE~1>

2007-03-09 21:35:48 0 d-------- C:\Users\Zaberic\AppData\Roaming\Identities<IDENTI~1>

2007-03-09 21:33:52 0 d-------- C:\Program Files\Windows NT<WINDOW~2>

2007-03-09 21:33:52 0 d--hs---- C:\Program Files\Fichiers communs<FICHIE~1>

2007-02-10 11:48:00 2379776 --a------ C:\Windows\system32\nvwssr.dll

2007-02-10 11:48:00 2113536 --a------ C:\Windows\system32\nvwss.dll

2007-02-10 11:48:00 1450496 --a------ C:\Windows\system32\nvwgf2um.dll

2007-02-10 11:48:00 3620864 --a------ C:\Windows\system32\nvvitvsr.dll

2007-02-10 11:48:00 3391488 --a------ C:\Windows\system32\nvvitvs.dll

2007-02-10 11:48:00 356352 --a------ C:\Windows\system32\nvuninst.exe

2007-02-10 11:48:00 356352 --a------ C:\Windows\system32\nvudisp.exe

2007-02-10 11:48:00 90192 --a------ C:\Windows\system32\nvsvc.dll

2007-02-10 11:48:00 6828032 --a------ C:\Windows\system32\nvoglv32.dll

2007-02-10 11:48:00 2854912 --a------ C:\Windows\system32\nvmoblsr.dll

2007-02-10 11:48:00 958464 --a------ C:\Windows\system32\nvmobls.dll

2007-02-10 11:48:00 81920 --a------ C:\Windows\system32\nvmctray.dll

2007-02-10 11:48:00 458752 --a------ C:\Windows\system32\nvmccssr.dll

2007-02-10 11:48:00 188416 --a------ C:\Windows\system32\nvmccss.dll

2007-02-10 11:48:00 45056 --a------ C:\Windows\system32\nvmccsrs.dll

2007-02-10 11:48:00 229376 --a------ C:\Windows\system32\nvmccs.dll

2007-02-10 11:48:00 3235840 --a------ C:\Windows\system32\nvgamesr.dll

2007-02-10 11:48:00 3153920 --a------ C:\Windows\system32\nvgames.dll

2007-02-10 11:48:00 307200 --a------ C:\Windows\system32\nvexpbar.dll

2007-02-10 11:48:00 5246976 --a------ C:\Windows\system32\nvdispsr.dll

2007-02-10 11:48:00 5709824 --a------ C:\Windows\system32\nvdisps.dll

2007-02-10 11:48:00 4644864 --a------ C:\Windows\system32\nvd3dum.dll

2007-02-10 11:48:00 1069056 --a------ C:\Windows\system32\nvcpluir.dll

2007-02-10 11:48:00 815104 --a------ C:\Windows\system32\nvcplui.exe

2007-02-10 11:48:00 8429568 --a------ C:\Windows\system32\nvcpl.dll

2007-02-10 11:48:00 143360 --a------ C:\Windows\system32\nvcolor.exe

2007-02-10 11:48:00 327680 --a------ C:\Windows\system32\nvapi.dll

2007-02-10 11:48:00 521128 --a------ C:\Windows\system32\dpinst.exe

 

 

-- Registry Dump ---------------------------------------------------------------

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"Sidebar"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun"

"IncrediMail"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe /c"

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""

"ehTray.exe"="C:\\Windows\\ehome\\ehTray.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"Windows Defender"=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,57,69,\

6e,64,6f,77,73,20,44,65,66,65,6e,64,65,72,5c,4d,53,41,53,43,75,69,2e,65,78,\

65,20,2d,68,69,64,65,00

"NvSvc"="RUNDLL32.EXE C:\\Windows\\system32\\nvsvc.dll,nvsvcStart"

"NvCplDaemon"="RUNDLL32.EXE C:\\Windows\\system32\\NvCpl.dll,NvStartup"

"NvMediaCenter"="RUNDLL32.EXE C:\\Windows\\system32\\NvMcTray.dll,NvTaskbarInit"

"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"

"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"

"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""

"LanguageShortcut"="\"C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe\""

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"=dword:00000002

"ConsentPromptBehaviorUser"=dword:00000001

"EnableInstallerDetection"=dword:00000001

"EnableLUA"=dword:00000001

"EnableSecureUIAPaths"=dword:00000001

"EnableVirtualization"=dword:00000001

"PromptOnSecureDesktop"=dword:00000001

"ValidateAdminCodeSignatures"=dword:00000000

"scforceoption"=dword:00000000

"FilterAdministratorToken"=dword:00000000

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI\Clipboard]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI\Clipboard\ExceptionFormats]

"CF_TEXT"=dword:00000001

"CF_BITMAP"=dword:00000002

"CF_OEMTEXT"=dword:00000007

"CF_DIB"=dword:00000008

"CF_PALETTE"=dword:00000009

"CF_UNICODETEXT"=dword:0000000d

"CF_DIBV5"=dword:00000011

 

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\llturs

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"="credssp.dll"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

LocalService REG_MULTI_SZ nsilltdsvcSSDPSRVupnphostSCardSvrw32timeEventSystemRemoteRegistryWinHttpAutoProxySvclanmanworkstationTBSSLUINotifyTHREADORDERfdrespubnetprofmfdphostwcncsvcQWAVEMcx2SvcWebClient\

LocalSystemNetworkRestricted REG_MULTI_SZ hidservUxSmsWdiSystemHostNetmantrkwksAudioEndpointBuilderWUDFSvcirmonsysmainIPBusEnumdot3svcPcaSvcCscServicewlansvcUmRdpServiceEMDMgmtWPDBusEnumTabletInputService\

NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent\

LocalServiceNoNetwork REG_MULTI_SZ PLADPSBFEmpssvcehstart\

NetworkService REG_MULTI_SZ CryptSvcDHCPTermServiceKtmRmDNSCacheNapAgentnlasvcWinRMWECSVCTapisrv\

termsvcs REG_MULTI_SZ TermService\

WerSvcGroup REG_MULTI_SZ wersvc\

swprv REG_MULTI_SZ swprv\

LocalServiceNetworkRestricted REG_MULTI_SZ DHCPeventlogAudioSrvLmHostswscsvcp2pimsvcPNRPSvcp2psvcWPCSvcPnrpAutoReg\

rpcss REG_MULTI_SZ RpcSs\

regsvc REG_MULTI_SZ RemoteRegistry\

wcssvc REG_MULTI_SZ WcsPlugInService\

DcomLaunch REG_MULTI_SZ PlugPlayDcomLaunch\

wdisvc REG_MULTI_SZ WdiServiceHost\

sdrsvc REG_MULTI_SZ sdrsvc\

imgsvc REG_MULTI_SZ StiSvc\

secsvcs REG_MULTI_SZ WinDefend\

 

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd2f80a7-ce73-11db-9d8b-806e6f6e6963}]

shell\AutoRun\command E:\autorun.exe

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd2f80a8-ce73-11db-9d8b-806e6f6e6963}]

shell\AutoRun\command F:\setup.exe

shell\setup\command F:\setup.exe

 

 

-- End of Deckard's System Scanner: finished at 2007-04-20 at 22:55:00 ---------

[bruce lee]

Bonjour,

 

Lance vundofix puis fait un clique droit dans le rectangle blanc puis un clique gauche sur add more files?

 

dans la premiere ligne copie/colle:

 

C:\Windows\system32\llturs.dll

 

clique ensuite sur:

 

add files puis ensuite sur Close Window et enfin sur Remove Vundo

 

Si l'outil te demande de redémarrer, accepte.

Copie/Colle ensuite le rapport C:\ vundofix.txt

[zaberic]

Bonjour,

 

Lance vundofix puis fait un clique droit dans le rectangle blanc puis un clique gauche sur add more files?

 

dans la premiere ligne copie/colle:

 

C:\Windows\system32\llturs.dll

 

clique ensuite sur:

 

add files puis ensuite sur Close Window et enfin sur Remove Vundo

 

Si l'outil te demande de redémarrer, accepte.

Copie/Colle ensuite le rapport C:\ vundofix.txt

 

Bonjour

il ne me genere aucun rapport txt cependant il marque qu'il n'y à aucun dossier d'infecté.

[bruce lee]

Re,

 

Poste un nouveau rapport Hijackthis s'il te plait.

 

@+

[zaberic]

Re,

 

Poste un nouveau rapport Hijackthis s'il te plait.

 

@+

Voila le rapport

 

Logfile of HijackThis v1.99.1

Scan saved at 22:54:47, on 20/04/2007

Platform: Unknown Windows (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16386)

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Users\Zaberic\Desktop\dss.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\PROGRA~1\HIJACK~1\Zaberic.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {2f835fc1-a792-4169-a5b6-a4fca52b031f} - C:\Windows\system32\llturs.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {00000005-0000-0000-0000-100005000004} - https://secure.widebill.com/l/cbb9459282aa8...59485337_35.exe

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: llturs - C:\Windows\SYSTEM32\llturs.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

[bruce lee]

Bonjour,

 

Tu as posté le même rapport HijackThis, il m'en faut un nouveau steplait.

 

@+

[zaberic]

Pas moyen de générer un nouveau rapport il me marque de suprimer l'ancien dans le repertoire system32\drivers\etc\hosts mais il n'y a rien dans ce repertoire

[bruce lee]

Re,

 

Lance HijackThis en cliquant sur Do a system scan and save a logfile a la fin du scan le bloc note va s'ouvrir tu fais un copier coller de tout son contenu.

[zaberic]

Re,

 

Lance HijackThis en cliquant sur Do a system scan and save a logfile a la fin du scan le bloc note va s'ouvrir tu fais un copier coller de tout son contenu.

voila

cependant il me met plusieurs mdg d erreur avcant de me donner ce logfile je pense que c est le meme msg qu'avant je le colle quand meme

 

Logfile of HijackThis v1.99.1

Scan saved at 22:54:47, on 20/04/2007

Platform: Unknown Windows (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16386)

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Users\Zaberic\Desktop\dss.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\PROGRA~1\HIJACK~1\Zaberic.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {2f835fc1-a792-4169-a5b6-a4fca52b031f} - C:\Windows\system32\llturs.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {00000005-0000-0000-0000-100005000004} - https://secure.widebill.com/l/cbb9459282aa8...59485337_35.exe

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: llturs - C:\Windows\SYSTEM32\llturs.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

[bruce lee]

Bonjour,

 

Tu n'as pas posté un nouveau rapport Hijackthis mais le même que l'ancien poste en un nouveau pour se faire :

 

Lance HijackThis en cliquant sur" Do a system scan and save a logfile" a la fin du scan le bloc note va s'ouvrir tu fais un copier coller de tout son contenu.