Problème croix blanche rond rouge

[mac94]

bonjour

 

je me présente rapidement... patrick 31 ans je bosse dans un bureau en suisse

 

j'ai un soucis avec mon pc au job.....

 

j'ai une croix blanche dans un rond rouge qui apparait en bas à droite

 

voici le rapport

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:35:53, on 08.01.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Acer\Empowering Technology\awServ.exe

C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe

C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\igfxtray.exe

C:\Acer\Empowering Technology\eRecovery\Monitor.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Acer\Empowering Technology\admtray.exe

C:\Acer\Empowering Technology\awtray.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\C-CHANNEL\GiromatSeriell\GiromatSeriell.exe

C:\WINDOWS\system32\AlarmS4.exe

C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\patrick\LOCALS~1\Temp\Rar$EX00.828\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: BDEX System - {D3464F94-A3FE-4675-8D96-49B008E12CD3} - C:\WINDOWS\dnqdlpmsom.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll

O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll

O3 - Toolbar: The epxonwo - {D94D49D7-31D6-42E1-A5FE-438C7BFD6498} - C:\WINDOWS\epxonwo.dll

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"

O4 - HKLM\..\Run: [AdminWorks Tray] "C:\Acer\Empowering Technology\awtray.exe"

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Giromat Seriell] C:\Program Files\C-CHANNEL\GiromatSeriell\GiromatSeriell.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: AlarmS4.lnk = C:\WINDOWS\system32\AlarmS4.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE

O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003

O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002

O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000

O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://toolbar.imageshack.us

O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = artscuisines.local

O17 - HKLM\Software\..\Telephony: DomainName = artscuisines.local

O17 - HKLM\System\CCS\Services\Tcpip\..\{3C0E6774-4C03-4C0B-B9F9-E607042D9D53}: NameServer = 192.168.1.253,213.221.128.250

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = artscuisines.local

O17 - HKLM\System\CS1\Services\Tcpip\..\{3C0E6774-4C03-4C0B-B9F9-E607042D9D53}: NameServer = 192.168.1.253,213.221.128.250

O21 - SSODL: asvdnmo - {B5344323-80DF-4B61-A3F5-BFD805527BCC} - C:\WINDOWS\asvdnmo.dll

O21 - SSODL: bgntlvo - {8DE50A79-D406-42DA-AC83-D897D1E42313} - C:\WINDOWS\bgntlvo.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AdminWorks Agent X6 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Acer\Empowering Technology\awServ.exe

O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NkPtpEnumP2 - Nikon Corporation - C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe

O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 9751 bytes

[mac94]

j'ai fait spybot et adaware..... la croix ne semble plus revenir

 

voici le nouveau rapport

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:42:00, on 08.01.2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\savedump.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Acer\Empowering Technology\awServ.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe

C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\system32\svchost.exe

C:\Acer\Empowering Technology\eRecovery\Monitor.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Acer\Empowering Technology\admtray.exe

C:\Acer\Empowering Technology\awtray.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\C-CHANNEL\GiromatSeriell\GiromatSeriell.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\WINDOWS\system32\AlarmS4.exe

C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Documents and Settings\patrick\Bureau\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: BDEX System - {D3464F94-A3FE-4675-8D96-49B008E12CD3} - C:\WINDOWS\dnqdlpmsom.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll

O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll

O3 - Toolbar: The epxonwo - {D94D49D7-31D6-42E1-A5FE-438C7BFD6498} - C:\WINDOWS\epxonwo.dll (file missing)

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"

O4 - HKLM\..\Run: [AdminWorks Tray] "C:\Acer\Empowering Technology\awtray.exe"

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Giromat Seriell] C:\Program Files\C-CHANNEL\GiromatSeriell\GiromatSeriell.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: AlarmS4.lnk = C:\WINDOWS\system32\AlarmS4.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE

O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003

O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002

O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000

O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = artscuisines.local

O17 - HKLM\Software\..\Telephony: DomainName = artscuisines.local

O17 - HKLM\System\CCS\Services\Tcpip\..\{3C0E6774-4C03-4C0B-B9F9-E607042D9D53}: NameServer = 192.168.1.253,213.221.128.250

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = artscuisines.local

O17 - HKLM\System\CS1\Services\Tcpip\..\{3C0E6774-4C03-4C0B-B9F9-E607042D9D53}: NameServer = 192.168.1.253,213.221.128.250

O21 - SSODL: asvdnmo - {B5344323-80DF-4B61-A3F5-BFD805527BCC} - C:\WINDOWS\asvdnmo.dll

O21 - SSODL: bgntlvo - {8DE50A79-D406-42DA-AC83-D897D1E42313} - C:\WINDOWS\bgntlvo.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AdminWorks Agent X6 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Acer\Empowering Technology\awServ.exe

O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NkPtpEnumP2 - Nikon Corporation - C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe

O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 9154 bytes

[mac94]

Personne pour m'aider.....

 

 

j'ai tout nettoyé hier et aujourd'hui

 

j'ai des icones sur mon bureau

 

error cleaner

 

et toujours cette fenêtre qui revient sans arrêt qui me dit que j'ai un virus et qu'il faut que je télécharge

un anti spyware

[Thanos]

salut

 

1) Désactive le teatimer de Spybot en passant par les options de Spybot: une fois dans le logiciel, il faut aller dans le menu "Mode" => coche "Mode avancé" => "Outils"(en bas de page)=> "Résident" => et tu décoches cette case: "Résident Teatimer" . Tu ne doit plus voir l'icône du Teatimer dans la barre de tâches!

Ne fais pas l'impasse sur cette étape, car ca peut faire échouer la procédure de désinfection !

 

2) Télécharge combofix.exe de sUBs

• Assure toi que tous les programmes sont fermés avant de lancer le fix!
  
• Fait un double clique sur combofix.exe.
  
• Note: Ne ferme pas la fenêtre qui vient de s'ouvrir , tu te retrouverais avec un bureau vide !
  
• Tape sur la touche 1 pour démarrer le scan.
  
• Lorsque le scan est terminé, un rapport sera généré : poste en le contenu dans ton prochain message.
  
• Si le rapport est trop long, poste le en deux fois.
  

@+

[mac94]

voilà le log

 

ComboFix 08-01-09.2 - patrick 2008-01-09 11:40:38.3 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.409 [GMT 1:00]

Running from: C:\Documents and Settings\patrick\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\patrick\Bureau\CFScript.txt

* Created a new restore point

 

FILE

C:\WINDOWS\fqwmwdn.exe

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\fqwmwdn.exe

 

.

((((((((((((((((((((((((((((( Fichiers créés 2007-12-09 to 2008-01-09 ))))))))))))))))))))))))))))))))))))

.

 

2008-01-09 09:47 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-09 08:38 . 2008-01-09 08:40 <REP> d-------- C:\Program Files\Navilog1

2008-01-09 08:32 . 2008-01-09 08:32 118 --a------ C:\WINDOWS\system32\MRT.INI

2008-01-08 14:26 . 2008-01-08 14:26 <REP> d-------- C:\Documents and Settings\patrick\Application Data\Grisoft

2008-01-08 14:26 . 2008-01-08 14:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2008-01-08 14:26 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2008-01-08 08:45 . 2008-01-09 08:35 4,184 --a------ C:\WINDOWS\system32\tmp.reg

2008-01-08 08:18 . 2008-01-08 13:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-01-07 13:40 . 2008-01-07 13:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-01-07 13:39 . 2008-01-07 13:39 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard

2008-01-07 10:27 . 2008-01-07 10:27 <REP> d-------- C:\Program Files\GSpot221

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-08 08:46 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys

2008-01-08 08:46 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys

2008-01-08 07:13 --------- d-----w C:\Program Files\Java

2008-01-07 12:40 --------- d-----w C:\Program Files\Lavasoft

2008-01-07 12:40 --------- d-----w C:\Documents and Settings\patrick\Application Data\Lavasoft

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll

2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll

2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys

2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll

2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll

2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll

2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll

2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll

2007-10-10 23:49 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll

2007-10-10 23:49 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll

2007-10-10 23:49 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll

2007-10-10 23:49 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll

2007-10-10 23:49 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2007-10-10 23:49 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll

2007-10-10 23:49 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll

2007-10-10 23:49 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll

2007-10-10 23:49 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll

2007-10-10 23:49 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll

2007-10-10 23:49 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll

2007-10-10 23:49 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll

2007-10-10 23:49 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll

2007-10-10 23:49 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll

2007-10-10 23:49 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll

2007-10-10 23:49 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll

2007-10-10 23:49 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll

2007-10-10 23:49 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll

2007-10-10 23:49 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll

2007-10-10 23:49 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll

2007-10-10 23:49 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll

2007-10-10 23:49 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll

2007-10-10 11:00 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2007-10-10 11:00 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe

2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll

2007-07-05 08:29 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT

1999-04-06 12:27 99,840 ----a-w C:\Program Files\Fichiers communs\IRAABOUT.DLL

1998-12-09 02:53 70,144 ----a-w C:\Program Files\Fichiers communs\IRAMDMTR.DLL

1998-12-09 02:53 48,640 ----a-w C:\Program Files\Fichiers communs\IRALPTTR.DLL

1998-12-09 02:53 31,744 ----a-w C:\Program Files\Fichiers communs\IRAWEBTR.DLL

1998-12-09 02:53 186,368 ----a-w C:\Program Files\Fichiers communs\IRAREG.DLL

1998-12-09 02:53 17,920 ----a-w C:\Program Files\Fichiers communs\IRASRIAL.DLL

.

 

((((((((((((((((((((((((((((( snapshot@2008-01-09_ 9.59.38.40 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-01-09 08:57:26 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT

+ 2008-01-09 10:40:31 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT

- 2008-01-09 08:57:26 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat

+ 2008-01-09 10:40:31 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat

- 2008-01-09 08:57:27 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT

+ 2008-01-09 10:40:31 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT

- 2008-01-09 08:57:27 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat

+ 2008-01-09 10:40:31 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat

- 2008-01-09 08:57:27 4,431,872 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT

+ 2008-01-09 10:40:32 4,431,872 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT

- 2008-01-09 08:57:27 155,648 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat

+ 2008-01-09 10:40:32 155,648 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 06:00 15360]

"Giromat Seriell"="C:\Program Files\C-CHANNEL\GiromatSeriell\GiromatSeriell.exe" [2005-06-22 15:33 200704]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LaunchApp"="Alaunch" []

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]

"RTHDCPL"="RTHDCPL.EXE" [2005-09-21 23:36 14854144 C:\WINDOWS\RTHDCPL.exe]

"ntiMUI"="c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 18:15 45056]

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 06:00 208952]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 06:00 59392]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 06:00 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 06:00 455168]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-19 20:35 94208]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-19 20:32 77824]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-19 20:36 114688]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 15:45 2462208]

"AdminWorks Tray"="C:\Acer\Empowering Technology\awtray.exe" [2005-10-24 15:59 1306112]

"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 14:50 69632]

"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 16:00 397312]

"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-07-30 10:35 77824]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-03 16:42 155648]

"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-08-25 10:07 180269]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 06:00 15360]

 

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]

AlarmS4.lnk - C:\WINDOWS\system32\AlarmS4.exe [2003-08-19 16:15:36]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56]

NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-03-02 13:40:38]

Symantec Fax Starter Edition Port.lnk - C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE [1999-04-06 13:27:42]

 

R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 17:21]

R1 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 17:14]

R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 13:46]

R2 NkPtpEnumP2;NkPtpEnumP2;"C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe" -a []

R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 15:58]

R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-03-31 11:32]

R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 14:33]

R3 PortRW;PortRW;C:\WINDOWS\system32\Drivers\PortRW.sys [2003-08-15 14:57]

R3 VBus;Virtual Bus;C:\WINDOWS\system32\DRIVERS\NkVBus.sys [2005-06-17 11:11]

 

*Newly Created Service* - INT15.SYS

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-09 11:42:40

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\NavLogon.dll

.

Completion time: 2008-01-09 11:43:12

ComboFix-quarantined-files.txt 2008-01-09 10:43:10

ComboFix2.txt 2008-01-09 09:29:42

ComboFix3.txt 2008-01-09 08:59:58

.

2008-01-09 07:32:21 --- E O F ---

[Thanos]

salut,

 

Le rapport ComboFix montre que l'outil a été lancé plus d'une fois...et qu'un script a déjà été prescrit!

Une petite recherche et hop! > http://forum.telecharger.01net.com/telecha...messages-1.html

étant donné que ca ne semble pas avancer assez vite pour toi, et surtout par respect pour le travail de l'ami IL-MAFIOSO, le topic suivant sera clos.

Continue sur le sujet que tu as ouvert et suis bien les recommendations d'IL-MAFIOSO.

Evite à l'avenir de poster sur deux forums en même temps: tu mobilises du monde, et les résultats sont faussés...

@++

Modifié le 9 janvier 2008 par charles ingals