Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Pbs malwares ... help

tofbloug
 Partager

Messages recommandés

tofbloug Junior Member

tofbloug

Posté(e)
Posté(e)

Bjr,

 

J'ai déjà effectué le pré nettoyage préconisé sur le forum, écumé pas mal de pages des forums, utilisé plrs outils de nettoyage ... mais là je sèche. Mon ordi est loin d'être nickel et j'ai donc besoin d'aide pour enlevé ces *§#@¤ de logiciels pas très sympathiques et très résistants.

 

Merci à ceux qui se pencheront sur mon cas

 

Christophe

 

Rapport Hijackthis:

 

Logfile of HijackThis v1.99.1

Scan saved at 12:35:10, on 07/06/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Documents and Settings\Christophe\Bureau\securité\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\Program Files\CDBurnerXP\NMSAccess.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\USBStorage\USBDetector.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Christophe\Bureau\securité\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\SuperCopier\SuperCopier.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Sony Handheld\AlarmApp.exe

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\Program Files\NETGEAR\WG111v2\WG111v2.exe

C:\Program Files\Sony Handheld\HOTSYNC.EXE

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Christophe\Mes documents\hijackthis_hijackthis_1.99.1_anglais_17891.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://meteo.chamonix.com/MetPre.php3

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {54CBB12C-3481-4C5D-942D-4976C0F0A406} - (no file)

O2 - BHO: (no name) - {9AF292DC-F26E-45F9-A7AC-8BD1F044B382} - C:\WINDOWS\system32\geedc.dll (file missing)

O2 - BHO: (no name) - {BEDF30ED-41B2-4CDC-875A-ED063C81AF7B} - (no file)

O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - (no file)

O2 - BHO: (no name) - {E05D1876-8C46-489C-9420-208A186EE550} - (no file)

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [uSBDetector] C:\USBStorage\USBDetector.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Christophe\Bureau\securité\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [superCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Alarm Manager.LNK = C:\Program Files\Sony Handheld\AlarmApp.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Conversion CLIÉ - C:\Program Files\Sony\Image Converter\menu.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM)

O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {826287F8-454E-11D9-ADFE-00062919A34C} (ActiveXUploadFotoCom.UserCtrlFotoCom) - http://fr-express.foto.com/activeX/newUploadFotoCom.CAB

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A68DE3DE-A0E9-4F92-A157-D95DC6FC3F16}: NameServer = 192.168.1.10

O17 - HKLM\System\CCS\Services\Tcpip\..\{ACF5BF59-4C8C-4FAD-8E20-13F2C91989E3}: NameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{BA41FE81-C60D-47B4-A4AC-3910D3D70258}: NameServer = 192.168.1.10

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: awtqr - C:\WINDOWS\

O20 - Winlogon Notify: geedc - C:\WINDOWS\system32\geedc.dll (file missing)

O20 - Winlogon Notify: qommkli - qommkli.dll (file missing)

O20 - Winlogon Notify: vtututr - C:\WINDOWS\

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O20 - Winlogon Notify: wintuh32 - wintuh32.dll (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Christophe\Bureau\securité\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /Service (file missing)

O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe" /Service (file missing)

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccess.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

 

 

 

Je n'arrive pas non plus à virer O23 KAV que j'ai désinstallé.

Les BHO me paraisse suspect ?

bruce lee Devil Member !

bruce lee

Posté(e)
Posté(e)

Bonjour tofbloug et bienvenue sur zebulon :P

 

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

  • Double-clique VundoFix.exe afin de le lancer
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

tofbloug Junior Member

tofbloug

Posté(e)
  • Auteur
Posté(e)

Merci Bruce Lee pour ta prise en charge rapide, j'avais déjà tenté vundofix. Les petits malins reviennent tout de même. Bon je l'ai de nouveau fait tourné et voilà ce que ça donne:

 

 

VundoFix V6.4.2

 

Checking Java version...

 

Java version is 1.4.2.6

Old versions of java are exploitable and should be removed.

 

Scan started at 12:45:13 04/06/2007

 

Listing files found while scanning....

 

C:\WINDOWS\system32\awtqr.dll

C:\WINDOWS\system32\cxabobyy.dll

C:\WINDOWS\system32\djwwhsxd.dll

C:\WINDOWS\system32\dxshwwjd.ini

C:\WINDOWS\system32\khfebya.dll

C:\WINDOWS\system32\khfgedc.dll

C:\WINDOWS\system32\krimecni.dll

C:\WINDOWS\system32\ljmvwpgo.ini

C:\WINDOWS\system32\ogpwvmjl.dll

C:\WINDOWS\system32\qqtss.bak1

C:\WINDOWS\system32\qqtss.ini

C:\WINDOWS\system32\rqtwa.bak1

C:\WINDOWS\system32\rqtwa.bak2

C:\WINDOWS\system32\rqtwa.ini

C:\WINDOWS\system32\shbjlvis.ini

C:\WINDOWS\system32\sivljbhs.dll

C:\WINDOWS\system32\sstqq.dll

C:\WINDOWS\system32\vjfoxgrq.dll

C:\WINDOWS\system32\vtututr.dll

C:\WINDOWS\system32\vtuvutt.dll

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\awtqr.dll

C:\WINDOWS\system32\awtqr.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\cxabobyy.dll

C:\WINDOWS\system32\cxabobyy.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\djwwhsxd.dll

C:\WINDOWS\system32\djwwhsxd.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\dxshwwjd.ini

C:\WINDOWS\system32\dxshwwjd.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\khfebya.dll

C:\WINDOWS\system32\khfebya.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\khfgedc.dll

C:\WINDOWS\system32\khfgedc.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\krimecni.dll

C:\WINDOWS\system32\krimecni.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ljmvwpgo.ini

C:\WINDOWS\system32\ljmvwpgo.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ogpwvmjl.dll

C:\WINDOWS\system32\ogpwvmjl.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\qqtss.bak1

C:\WINDOWS\system32\qqtss.bak1 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\qqtss.ini

C:\WINDOWS\system32\qqtss.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\rqtwa.bak1

C:\WINDOWS\system32\rqtwa.bak1 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\rqtwa.bak2

C:\WINDOWS\system32\rqtwa.bak2 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\rqtwa.ini

C:\WINDOWS\system32\rqtwa.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\shbjlvis.ini

C:\WINDOWS\system32\shbjlvis.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\sivljbhs.dll

C:\WINDOWS\system32\sivljbhs.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\sstqq.dll

C:\WINDOWS\system32\sstqq.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\vjfoxgrq.dll

C:\WINDOWS\system32\vjfoxgrq.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\vtututr.dll

C:\WINDOWS\system32\vtututr.dll Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\vtuvutt.dll

C:\WINDOWS\system32\vtuvutt.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

 

VundoFix V6.4.2

 

Checking Java version...

 

Java version is 1.4.2.6

Old versions of java are exploitable and should be removed.

 

Scan started at 09:28:00 06/06/2007

 

Listing files found while scanning....

 

C:\WINDOWS\system32\djwwhsxd.dll

 

Beginning removal...

 

Performing Repairs to the registry.

Done!

 

VundoFix V6.4.2

 

Checking Java version...

 

Java version is 1.4.2.6

Old versions of java are exploitable and should be removed.

 

Scan started at 18:37:00 07/06/2007

 

Listing files found while scanning....

 

C:\WINDOWS\system32\cdeeg.bak1

C:\WINDOWS\system32\cdeeg.ini

C:\WINDOWS\system32\geedc.dll

 

Beginning removal...

 

Attempting to delete C:\WINDOWS\system32\cdeeg.bak1

C:\WINDOWS\system32\cdeeg.bak1 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\cdeeg.ini

C:\WINDOWS\system32\cdeeg.ini Has been deleted!

 

Performing Repairs to the registry.

Done!

 

 

_____________________________________________

 

Et le rapport Hijackthis !:

 

Logfile of HijackThis v1.99.1

Scan saved at 18:53:46, on 07/06/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Documents and Settings\Christophe\Bureau\securité\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\Program Files\CDBurnerXP\NMSAccess.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\USBStorage\USBDetector.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Christophe\Bureau\securité\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\SuperCopier\SuperCopier.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Sony Handheld\AlarmApp.exe

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\Program Files\NETGEAR\WG111v2\WG111v2.exe

C:\Program Files\Sony Handheld\HOTSYNC.EXE

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Documents and Settings\Christophe\Mes documents\hijackthis_hijackthis_1.99.1_anglais_17891.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://meteo.chamonix.com/MetPre.php3

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {54CBB12C-3481-4C5D-942D-4976C0F0A406} - (no file)

O2 - BHO: (no name) - {9AF292DC-F26E-45F9-A7AC-8BD1F044B382} - C:\WINDOWS\system32\geedc.dll (file missing)

O2 - BHO: (no name) - {BEDF30ED-41B2-4CDC-875A-ED063C81AF7B} - (no file)

O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - (no file)

O2 - BHO: (no name) - {E05D1876-8C46-489C-9420-208A186EE550} - (no file)

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [uSBDetector] C:\USBStorage\USBDetector.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Christophe\Bureau\securité\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [superCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Alarm Manager.LNK = C:\Program Files\Sony Handheld\AlarmApp.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Conversion CLIÉ - C:\Program Files\Sony\Image Converter\menu.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM)

O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {826287F8-454E-11D9-ADFE-00062919A34C} (ActiveXUploadFotoCom.UserCtrlFotoCom) - http://fr-express.foto.com/activeX/newUploadFotoCom.CAB

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A68DE3DE-A0E9-4F92-A157-D95DC6FC3F16}: NameServer = 192.168.1.10

O17 - HKLM\System\CCS\Services\Tcpip\..\{ACF5BF59-4C8C-4FAD-8E20-13F2C91989E3}: NameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{BA41FE81-C60D-47B4-A4AC-3910D3D70258}: NameServer = 192.168.1.10

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: awtqr - C:\WINDOWS\

O20 - Winlogon Notify: geedc - C:\WINDOWS\system32\geedc.dll (file missing)

O20 - Winlogon Notify: qommkli - qommkli.dll (file missing)

O20 - Winlogon Notify: vtututr - C:\WINDOWS\

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O20 - Winlogon Notify: wintuh32 - wintuh32.dll (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Christophe\Bureau\securité\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /Service (file missing)

O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe" /Service (file missing)

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccess.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

 

 

 

awtqr , geedc , wintuh32 et cie sont toujours là sur le rapport. J'aimerais bien attraper ce petit *#$ qui me les remet à chaque fois.

Merci pour ton aide

bruce lee Devil Member !

bruce lee

Posté(e)
Posté(e)

re,

 

Si durant la procédure ci-dessous, il y a des étapes que tu n'as pas reussi a faire, merci de continuer la procédure jusqu'au bout et de les signaler dans ta prochaine reponse.

 

Je te conseille d'enregistrer la page web compléte sous Internet Explorer comme ceci :

 

* Clique sur Fichier/Enregistrer sous Dans Type, choisis : Archive web (fichier seul (*.mht) / Enregistre la sur le bureau,comme cela tu retrouvera la mise en forme ou imprime cette réponse. Une partie de la désinfection se déroulera en mode sans échec.

 

 

1/ Lance AVG AS puis clique sur Mise à jour

Ferme le programme.

 

 

 

2/Démarre en mode sans échec http://cybersecurite.xooit.com/t88-Demarre...s-echec.htm#665

 

 

3/fais:

demarer executer services.msc repere AVP Control Centre Service

 

Double clic dessus :dans le champs Statut du service met le sur arrêté

dans le champs Type de démarrage met le sur désactivé puis

Appliquer puis ok .

 

Fais la même maip avec :

 

KAV Monitor Service

 

 

maintenant on va supprimer le service:

 

demarrer/executer/ cmd

 

execute cette commande qui est en citation sans le mot citation:

 

sc delete AVPCC

 

 

Refais la même manip mais avec KAVMonitorService ce qui va donner :

 

sc delete KAVMonitorService

 

 

 

4/lance hijackthis en cliquant sur do a scan system only et coche ces lignes:

 

O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - (no file)

O2 - BHO: (no name) - {54CBB12C-3481-4C5D-942D-4976C0F0A406} - (no file)

O2 - BHO: (no name) - {9AF292DC-F26E-45F9-A7AC-8BD1F044B382} - C:\WINDOWS\system32\geedc.dll (file missing)

O2 - BHO: (no name) - {BEDF30ED-41B2-4CDC-875A-ED063C81AF7B} - (no file)

O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - (no file)

O2 - BHO: (no name) - {E05D1876-8C46-489C-9420-208A186EE550} - (no file)

O20 - Winlogon Notify: awtqr - C:\WINDOWS\

O20 - Winlogon Notify: geedc - C:\WINDOWS\system32\geedc.dll (file missing)

O20 - Winlogon Notify: qommkli - qommkli.dll (file missing)

O20 - Winlogon Notify: vtututr - C:\WINDOWS\

O20 - Winlogon Notify: wintuh32 - wintuh32.dll (file missing)

 

Ferme toutes les fenêtres ouvertes sauf Hijackthis et clique sur fix checked

 

 

5/ Relance AVG AS puis choisis l'onglet Analyse

Puis l'onglet Paramètres

Sous la question Comment réagir ?, clique sur Actions recommandées et choisis Quarantaine

Reclique sur l'onglet Analyse puis réalise une Analyse complète du système

 

Si un fichier infecté est détecté en fin d'analyse

Clique sur Appliquer toutes les actions

 

Clique sur Enregistrer le rapport puis sur Enregistrer le rapport sous

Enregistre ce fichier texte sur ton bureau

 

 

6/Redémarre en mode normal

 

7/Poste le rapport d'AVG Anti spyware 7.5 ainsi qu'un nouveau log Hijackthis.

 

Bon courage, et si tu as la moindre question n'hésite surtout pas :P

 

@+

tofbloug Junior Member

tofbloug

Posté(e)
  • Auteur
Posté(e)

3/AVP Control Centre Service [/b]

 

KAV Monitor Service

Ouf virés, c'est déjà ça !

 

4/lance hijackthis en cliquant sur do a scan system only et coche ces lignes:

Fais, j'espère que ce sera bon ce coup-ci

 

 

5/ Relance AVG AS puis choisis l'onglet Analyse

C'est là que commencent les pbs: impossible de le démarrer en mode sans échec. J'ai donc utilisé Spybot (rapport cidessous) puis AVG AS au redémarrage en mode normal (rapport ci-dessous également)

 

6/Redémarre en mode normal

 

7/Poste le rapport d'AVG Anti spyware 7.5 ainsi qu'un nouveau log Hijackthis.

 

Bon courage, et si tu as la moindre question n'hésite surtout pas :P

 

@+

 

Rapports:

Spybot

 

Smitfraud-C.Toolbar888: Réglages (Clé du registre, fixed)

HKEY_USERS\S-1-5-21-2052111302-1993962763-854245398-1004\Software\Microsoft\aldd

 

Smitfraud-C.Toolbar888: Réglages (Clé du registre, fixed)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR

 

Common Dialogs: History (16 files) (Clé du registre, nothing done)

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

 

MS Office 9.0: Recently used files (85 files) (Répertoire, nothing done)

C:\Documents and Settings\Christophe\Application Data\Microsoft\Office\Récents\

 

Log: Activity: SchedLgU.Txt (Sauver le fichier, nothing done)

C:\WINDOWS\SchedLgU.Txt

 

Log: Activity: ntbtlog.txt (Sauver le fichier, nothing done)

C:\WINDOWS\ntbtlog.txt

 

Log: Install: setupact.log (Sauver le fichier, nothing done)

C:\WINDOWS\setupact.log

 

Log: Install: setupapi.log (Sauver le fichier, nothing done)

C:\WINDOWS\setupapi.log

 

Log: Shutdown: System32\wbem\logs\wbemess.log (Sauver le fichier, nothing done)

C:\WINDOWS\System32\wbem\logs\wbemess.log

 

Log: Shutdown: System32\wbem\logs\wbemprox.log (Sauver le fichier, nothing done)

C:\WINDOWS\System32\wbem\logs\wbemprox.log

 

Log: Shutdown: System32\wbem\logs\wmiprov.log (Sauver le fichier, nothing done)

C:\WINDOWS\System32\wbem\logs\wmiprov.log

 

Isobuster: Last save folder (Valeur du registre, nothing done)

HKEY_USERS\S-1-5-21-2052111302-1993962763-854245398-1004\Software\Smart Projects\IsoBuster\LastSavedPath

 

MS Management Console: Recent command list (1 fichiers) (Clé du registre, nothing done)

HKEY_USERS\S-1-5-21-2052111302-1993962763-854245398-1004\Software\Microsoft\Microsoft Management Console\Recent File List

 

MS Media Player: Recent open directory (Modification du registre, nothing done)

HKEY_USERS\S-1-5-21-2052111302-1993962763-854245398-1004\Software\Microsoft\MediaPlayer\Player\Settings\OpenDir!=

 

MS Media Player: Application data file (global) () (Fichier, nothing done)

C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\wmplibrary_v_0_12.db

 

MS Media Player: Last selected node (Modification du registre, nothing done)

HKEY_USERS\S-1-5-21-2052111302-1993962763-854245398-1004\Software\Microsoft\MediaPlayer\MediaLibraryUI\MLLastSelectedNode!=

 

MS Media Player: Last CD record path (Modification du registre, nothing done)

HKEY_USERS\S-1-5-21-2052111302-1993962763-854245398-1004\Software\Microsoft\MediaPlayer\Preferences\CDRecordPath!=

 

MS Media Player: Anonymous ID (Modification du registre, nothing done)

HKEY_USERS\S-1-5-21-2052111302-1993962763-854245398-1004\Software\Microsoft\MediaPlayer\Preferences\SendUserGUID!=B=0

 

MS Direct3D: Most recent application (Modification du registre, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name!=

 

MS Direct3D: Most recent application (Modification du registre, nothing done)

HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name!=

 

MS Direct3D: Most recent application (Modification du registre, nothing done)

HKEY_USERS\S-1-5-21-2052111302-1993962763-854245398-1004\Software\Microsoft\Direct3D\MostRecentApplication\Name!=

 

MS Direct3D: Most recent application (Modification du registre, nothing done)

HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name!=

 

MS DirectDraw: Most recent application (Modification du registre, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name!=

 

MS DirectInput: Most recent application (Modification du registre, nothing done)

HKEY_USERS\.DEFAULT\Software\Microsoft\DirectInput\MostRecentApplication\Name!=

 

MS DirectInput: Most recent application (Modification du registre, nothing done)

HKEY_USERS\S-1-5-18\Software\Microsoft\DirectInput\MostRecentApplication\Name!=

 

MS DirectInput: Most recent application ID (Modification du registre, nothing done)

HKEY_USERS\.DEFAULT\Software\Microsoft\DirectInput\MostRecentApplication\Id!=

 

MS DirectInput: Most recent application ID (Modification du registre, nothing done)

HKEY_USERS\S-1-5-18\Software\Microsoft\DirectInput\MostRecentApplication\Id!=

 

MS Office 9.0 (Word): Recently used file list (Valeur du registre, nothing done)

HKEY_USERS\S-1-5-21-2052111302-1993962763-854245398-1004\Software\Microsoft\Office\9.0\Word\Data\Settings

 

MS Office 9.0 (Excel): Recent files (4 fichiers) (Clé du registre, nothing done)

HKEY_USERS\S-1-5-21-2052111302-1993962763-854245398-1004\Software\Microsoft\Office\9.0\Excel\Recent Files

 

MS Office 9.0 (PowerPoint): Recent file list (2 fichiers) (Clé du registre, nothing done)

HKEY_USERS\S-1-5-21-2052111302-1993962763-854245398-1004\Software\Microsoft\Office\9.0\PowerPoint\Recent File List

 

MS Search Assistant: Typed search terms history (Clé du registre, nothing done)

HKEY_USERS\S-1-5-21-2052111302-1993962763-854245398-1004\Software\Microsoft\Search Assistant\ACMru

 

Windows.OpenWith: Open with list - .BIN extension (2 fichiers) (Clé du registre, nothing done)

HKEY_USERS\S-1-5-21-2052111302-1993962763-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BIN\OpenWithList

 

Windows.OpenWith: Open with list - .BMF extension (1 fichiers) (Clé du registre, nothing done)

HKEY_USERS\S-1-5-21-2052111302-1993962763-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMF\OpenWithList

 

Windows.OpenWith: Open with list - .BMP extension (3 fichiers) (Clé du registre, nothing done)

HKEY_USERS\S-1-5-21-2052111302-1993962763-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

 

Windows.OpenWith: Open with list - .CAT extension (1 fichiers) (Clé du registre, nothing done)

HKEY_USERS\S-1-5-21-2052111302-1993962763-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CAT\OpenWithList

 

Windows.OpenWith: Open with list - .CDA extension (2 fichiers) (Clé du registre, nothing done)

HKEY_USERS\S-1-5-21-2052111302-1993962763-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CDA\OpenWithList

 

Windows.OpenWith: Open with list - .CDR extension (3 fichiers) (Clé du registre, nothing done)

HKEY_USERS\S-1-5-21-2052111302-1993962763-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CDR\OpenWithList

 

Windows.OpenWith: Open with list - .CMX extension (2 fichiers) (Clé du registre, nothing done)

HKEY_USERS\S-1-5-21-2052111302-1993962763-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CMX\OpenWithList

 

Windows.OpenWith: Open with list - .CPL extension (2 fichiers) (Clé du registre, nothing done)

HKEY_USERS\S-1-5-21-2052111302-1993962763-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CPL\OpenWithList

 

Windows.OpenWith: Open with list - .CPT extension (2 fichiers) (Clé du registre, nothing done)

HKEY_USERS\S-1-5-21-2052111302-1993962763-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CPT\OpenWithList

 

Windows.OpenWith: Open with list - .CSS extension (4 fichiers) (Clé du registre, nothing done)

HKEY_USERS\S-1-5-21-2052111302-1993962763-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSS\OpenWithList

 

Windows.OpenWith: Open with list - .CSV extension (2 fichiers) (Clé du registre, nothing done)

HKEY_USERS\S-1-5-21-2052111302-1993962763-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList

 

Windows Explorer: Recent wallpaper list (39 fichiers) (Clé du registre, nothing done)

HKEY_USERS\S-1-5-21-2052111302-1993962763-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU

 

Windows Explorer: Run history (5 fichiers) (Clé du registre, nothing done)

HKEY_USERS\S-1-5-21-2052111302-1993962763-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

 

Windows Explorer: Stream history (197 fichiers) (Clé du registre, nothing done)

HKEY_USERS\S-1-5-21-2052111302-1993962763-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

 

Windows Explorer: User Assistant history IE (12 fichiers) (Clé du registre, nothing done)

HKEY_USERS\S-1-5-21-2052111302-1993962763-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

 

Windows Explorer: User Assistant history files (572 fichiers) (Clé du registre, nothing done)

HKEY_USERS\S-1-5-21-2052111302-1993962763-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

 

Windows Explorer: Last visited history (5 fichiers) (Clé du registre, nothing done)

HKEY_USERS\S-1-5-21-2052111302-1993962763-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

 

Windows Explorer: Recent file global history (Clé du registre, nothing done)

HKEY_USERS\S-1-5-21-2052111302-1993962763-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

 

Windows Media SDK: Computer name (Modification du registre, nothing done)

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

 

Windows Media SDK: Computer name (Modification du registre, nothing done)

HKEY_USERS\S-1-5-21-2052111302-1993962763-854245398-1004\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

 

Windows Media SDK: Computer name (Modification du registre, nothing done)

HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName

 

Windows Media SDK: Unique ID (Modification du registre, nothing done)

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}

 

Windows Media SDK: Unique ID (Modification du registre, nothing done)

HKEY_USERS\S-1-5-21-2052111302-1993962763-854245398-1004\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}

 

Windows Media SDK: Unique ID (Modification du registre, nothing done)

HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000}

 

Windows Media SDK: Volume serial number (Valeur du registre, nothing done)

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

 

Windows Media SDK: Volume serial number (Valeur du registre, nothing done)

HKEY_USERS\S-1-5-21-2052111302-1993962763-854245398-1004\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

 

Windows Media SDK: Volume serial number (Valeur du registre, nothing done)

HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

 

Cookie: Cookie (3) (Cookie, nothing done)

 

 

 

--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

 

2005-05-31 blindman.exe (1.0.0.1)

2005-05-31 SpybotSD.exe (1.4.0.3)

2005-05-31 TeaTimer.exe (1.4.0.2)

2007-06-01 unins000.exe (51.41.0.0)

2005-05-31 Update.exe (1.4.0.0)

2007-05-23 advcheck.dll (1.5.3.0)

2005-05-31 aports.dll (2.1.0.0)

2005-05-31 borlndmm.dll (7.0.4.453)

2005-05-31 delphimm.dll (7.0.4.453)

2005-05-31 SDHelper.dll (1.4.0.0)

2007-01-02 Tools.dll (2.0.1.0)

2005-05-31 UnzDll.dll (1.73.1.1)

2005-05-31 ZipDll.dll (1.73.2.0)

2007-05-30 Includes\Cookies.sbi (*)

2007-05-30 Includes\Dialer.sbi (*)

2007-05-30 Includes\DialerC.sbi (*)

2007-05-30 Includes\Hijackers.sbi (*)

2007-05-30 Includes\HijackersC.sbi (*)

2006-10-27 Includes\Keyloggers.sbi (*)

2007-05-30 Includes\KeyloggersC.sbi (*)

2004-05-12 Includes\LSP.sbi (*)

2007-05-30 Includes\Malware.sbi (*)

2007-05-30 Includes\MalwareC.sbi (*)

2007-03-21 Includes\PUPS.sbi (*)

2007-05-30 Includes\PUPSC.sbi (*)

2007-05-30 Includes\Revision.sbi (*)

2007-05-30 Includes\Security.sbi (*)

2007-05-30 Includes\SecurityC.sbi (*)

2007-05-30 Includes\Spybots.sbi (*)

2007-05-30 Includes\SpybotsC.sbi (*)

2005-02-17 Includes\Tracks.uti (*)

2007-05-16 Includes\Trojans.sbi (*)

2007-05-30 Includes\TrojansC.sbi (*)

 

AVG AS:

Aucun pb à signaler

 

Hijackthis:

Logfile of HijackThis v1.99.1

Scan saved at 21:01:19, on 07/06/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Documents and Settings\Christophe\Bureau\securité\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\Program Files\CDBurnerXP\NMSAccess.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\USBStorage\USBDetector.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Documents and Settings\Christophe\Bureau\securité\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\SuperCopier\SuperCopier.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Sony Handheld\AlarmApp.exe

C:\Program Files\NETGEAR\WG111v2\WG111v2.exe

C:\Program Files\Sony Handheld\HOTSYNC.EXE

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Christophe\Mes documents\hijackthis_hijackthis_1.99.1_anglais_17891.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://meteo.chamonix.com/MetPre.php3

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: (no name) - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {54CBB12C-3481-4C5D-942D-4976C0F0A406} - (no file)

O2 - BHO: (no name) - {BEDF30ED-41B2-4CDC-875A-ED063C81AF7B} - (no file)

O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - (no file)

O2 - BHO: (no name) - {E05D1876-8C46-489C-9420-208A186EE550} - (no file)

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [uSBDetector] C:\USBStorage\USBDetector.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Christophe\Bureau\securité\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [superCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Alarm Manager.LNK = C:\Program Files\Sony Handheld\AlarmApp.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Conversion CLIÉ - C:\Program Files\Sony\Image Converter\menu.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM)

O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {826287F8-454E-11D9-ADFE-00062919A34C} (ActiveXUploadFotoCom.UserCtrlFotoCom) - http://fr-express.foto.com/activeX/newUploadFotoCom.CAB

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A68DE3DE-A0E9-4F92-A157-D95DC6FC3F16}: NameServer = 192.168.1.10

O17 - HKLM\System\CCS\Services\Tcpip\..\{ACF5BF59-4C8C-4FAD-8E20-13F2C91989E3}: NameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{BA41FE81-C60D-47B4-A4AC-3910D3D70258}: NameServer = 192.168.1.10

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: awtqr - C:\WINDOWS\

O20 - Winlogon Notify: vtututr - C:\WINDOWS\

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O20 - Winlogon Notify: wintuh32 - C:\WINDOWS\

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Christophe\Bureau\securité\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccess.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

 

 

Et m#### , euh mince, les BHO que tu m'as dit de virer avec Hijackthis réapparaissent dans le rapport ! Corriaces les bougres !

 

Merci de ton aide, j'apprécie beaucoup

 

Tofbloug

bruce lee Devil Member !

bruce lee

Posté(e)
Posté(e)

Bonjour tofblog,

 

Lancer Spybot, clique sur "Mode avancé" puis "Outils" ensuite clique sur "Résident" et enfin décoche la case située devant TeaTimer.

 

Ferme Spybot.

 

lance hijackthis en cliquant sur do a scan system only et coche ces lignes:

 

O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - (no file)

O2 - BHO: (no name) - {54CBB12C-3481-4C5D-942D-4976C0F0A406} - (no file)

O2 - BHO: (no name) - {9AF292DC-F26E-45F9-A7AC-8BD1F044B382} - C:\WINDOWS\system32\geedc.dll (file missing)

O2 - BHO: (no name) - {BEDF30ED-41B2-4CDC-875A-ED063C81AF7B} - (no file)

O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - (no file)

O2 - BHO: (no name) - {E05D1876-8C46-489C-9420-208A186EE550} - (no file)

O20 - Winlogon Notify: awtqr - C:\WINDOWS\

O20 - Winlogon Notify: geedc - C:\WINDOWS\system32\geedc.dll (file missing)

O20 - Winlogon Notify: qommkli - qommkli.dll (file missing)

O20 - Winlogon Notify: vtututr - C:\WINDOWS\

O20 - Winlogon Notify: wintuh32 - wintuh32.dll (file missing)

 

Ferme toutes les fenêtres ouvertes sauf Hijackthis et clique sur fix checked.

 

Redémarre ton PC puis poste un nouveau rapport HijackThis.

tofbloug Junior Member

tofbloug

Posté(e)
  • Auteur
Posté(e)

Bonjour Bruce Lee,

 

Ouf je vois que ça avance grâce à ton aide. C'est bien la première fois où je pédale autant dans la choucroute. Voilà le nouveau log. Le winlogon vtututr me parait suspect, qu'en penses-tu ?

 

Logfile of HijackThis v1.99.1

Scan saved at 17:39:21, on 08/06/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Documents and Settings\Christophe\Bureau\securité\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\Program Files\CDBurnerXP\NMSAccess.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\USBStorage\USBDetector.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Documents and Settings\Christophe\Bureau\securité\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\SuperCopier\SuperCopier.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Sony Handheld\AlarmApp.exe

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\Program Files\NETGEAR\WG111v2\WG111v2.exe

C:\Program Files\Sony Handheld\HOTSYNC.EXE

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Documents and Settings\Christophe\Mes documents\hijackthis_hijackthis_1.99.1_anglais_17891.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://meteo.chamonix.com/MetPre.php3

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [uSBDetector] C:\USBStorage\USBDetector.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Christophe\Bureau\securité\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [superCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Alarm Manager.LNK = C:\Program Files\Sony Handheld\AlarmApp.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Conversion CLIÉ - C:\Program Files\Sony\Image Converter\menu.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM)

O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {826287F8-454E-11D9-ADFE-00062919A34C} (ActiveXUploadFotoCom.UserCtrlFotoCom) - http://fr-express.foto.com/activeX/newUploadFotoCom.CAB

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A68DE3DE-A0E9-4F92-A157-D95DC6FC3F16}: NameServer = 192.168.1.10

O17 - HKLM\System\CCS\Services\Tcpip\..\{ACF5BF59-4C8C-4FAD-8E20-13F2C91989E3}: NameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{BA41FE81-C60D-47B4-A4AC-3910D3D70258}: NameServer = 192.168.1.10

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: vtututr - C:\WINDOWS\

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Christophe\Bureau\securité\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccess.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

bruce lee Devil Member !

bruce lee

Posté(e)
Posté(e)

Bonjour tofbloug,

 

Le winlogon vtututr me parait suspect, qu'en penses-tu ?

 

Il faut l'enlever :P

 

Démarre en mode sans échec http://cybersecurite.xooit.com/t88-Demarre...s-echec.htm#665

 

Lance hijackthis en cliquant sur do a scan system only et coche cette ligne:

 

O20 - Winlogon Notify: vtututr - C:\WINDOWS\

 

Ferme toutes les fenêtres ouvertes sauf Hijackthis et clique sur fix checked

 

Redémarre ton PC en mode normal puis poste un nouveau rapport HijackThis.

tofbloug Junior Member

tofbloug

Posté(e)
  • Auteur
Posté(e)

Bonjour et bon début de semaine à toi Bruce Lee,

 

Voila le dernier rapport en date. Il ne me parait pas mal, merci de confirmer.

 

Tofbloug

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 07:18:27, on 11/06/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Documents and Settings\Christophe\Bureau\securité\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\Program Files\CDBurnerXP\NMSAccess.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\USBStorage\USBDetector.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Documents and Settings\Christophe\Bureau\securité\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\SuperCopier\SuperCopier.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Sony Handheld\AlarmApp.exe

C:\Program Files\NETGEAR\WG111v2\WG111v2.exe

C:\Program Files\Sony Handheld\HOTSYNC.EXE

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Documents and Settings\Christophe\Mes documents\hijackthis_hijackthis_1.99.1_anglais_17891.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://meteo.chamonix.com/MetPre.php3

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [uSBDetector] C:\USBStorage\USBDetector.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Christophe\Bureau\securité\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [superCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Alarm Manager.LNK = C:\Program Files\Sony Handheld\AlarmApp.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: NETGEAR WG111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v2\WG111v2.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Conversion CLIÉ - C:\Program Files\Sony\Image Converter\menu.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.registration.sonystyle-europe.com (HKLM)

O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {826287F8-454E-11D9-ADFE-00062919A34C} (ActiveXUploadFotoCom.UserCtrlFotoCom) - http://fr-express.foto.com/activeX/newUploadFotoCom.CAB

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A68DE3DE-A0E9-4F92-A157-D95DC6FC3F16}: NameServer = 192.168.1.10

O17 - HKLM\System\CCS\Services\Tcpip\..\{ACF5BF59-4C8C-4FAD-8E20-13F2C91989E3}: NameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{BA41FE81-C60D-47B4-A4AC-3910D3D70258}: NameServer = 192.168.1.10

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Christophe\Bureau\securité\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccess.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

  • Modérateurs
Gof Devil Member !

Gof

Posté(e)
  • Modérateurs
Posté(e)

Bonsoir tofbloug :P

 

Bruce lee est parti en vacances quelques temps, on va continuer ensemble si tu veux bien. Je vous que tu as déja bien travaillé avec son aide.

 

Fais un scan en ligne comme indiqué ci-dessous et poste le rapport généré à l'issue. En même temps, j'ai constaté que tu n'avais pu redémarrer en mode sans échec, peux tu m'expliquer en postant le rapport de l'analyse en ligne quelles sont les difficultés que tu as rencontré lorsque tu as essayé ce redémarrage ?

  • Fais un scan en ligne Kaspersky avec Internet Explorer :
  • Clique sur bouton-scann1.jpg
  • Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
  • Patiente pendant l'installation des Mises à jour.
  • Choisis par la suite l'analyse du Poste de travail
  • Sauvegarde puis colle le rapport généré en fin d'analyse.

AIDE : Configurer le contrôle des ActiveX

 

NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...