analyse rapport hyjackthis

[frenchy371]

Bonjour

 

J'ai été infecté par un virus qui ouvre des fenêtres lorsque j'essai de me connecter sur une page internet.

Ces fenêtres me propose d'installer des anti virus ou des anti spywares en disant que mon pc est infecté.

Est ce que quelqu'un peut analyser mon rapport hyjackthis s'il vous plait

 

Merci

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:38:33, on 18/02/2008

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\EasyPHP\Apache\apache.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\DWRCS.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Microsoft SQL Server\MSSQL$LAMSQL\Binn\sqlservr.exe

C:\PROGRA~1\EasyPHP\Apache\apache.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\EasyPHP\mysql\bin\mysqld-nt.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Timbuktu Pro\tb2launch.exe

C:\Program Files\Timbuktu Pro\tb2pro.exe

C:\WINDOWS\NetopiaRC\Tb2RCAssist.exe

C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

C:\Program Files\Timbuktu Pro\TNOTIFY.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE

C:\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\apps\ABoard\ABoard.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\apps\ABoard\AOSD.exe

C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe

C:\Program Files\D-Tools\daemon.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\rmctrl.exe

C:\WINDOWS\System32\taskswitch.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe

C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Microsoft SQL Server\80\Tools\binn\sqlmangr.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\WINDOWS\System32\WgaTray.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Omnis Software Inc\OS31\OS31\omnis.exe

C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

C:\WINDOWS\System32\HPZipm12.exe

C:\HiJackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe

O4 - HKLM\..\Run: [LoginPath] C:\Program Files\Timbuktu Pro\login.exe

O4 - HKLM\..\Run: [Tb2initPath] C:\Program Files\Timbuktu Pro\tb2init.exe

O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"

O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [reg_nuvision_ax] C:\WINDOWS\System32\Regsvr32 /s NUVision.ax

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe

O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [8077f38d] rundll32.exe "C:\WINDOWS\System32\wfulpdcu.dll",b

O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe

O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe

O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\binn\sqlmangr.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab

O16 - DPF: {5308E02B-4ABA-48E4-AA9E-8A7693661473} (GameCtl Class) - http://jeuxenligne.orange.fr/GisActiveX/Ax/GameAx.cab

O16 - DPF: {5392B545-31A5-4724-BEF3-4FED1D56FDAC} (CPlayFirstDinerDash2_frControl Object) - file://C:\Documents and Settings\Arnaud\Local Settings\Application Data\Oberon Media\Oberon Games Host\DinerDash2_fr.1.0.0.70.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

O16 - DPF: {5DDCC37F-7C6B-48B8-9664-97C537920CA0} (aecviz Class) - http://www.maisonfamiliale.com/AECVIZ/npaecviz.cab

O16 - DPF: {6E49B4EF-9FE5-44DF-8D04-445AA94F83DB} (Sony Network Camera Viewer Control) - http://193.251.20.163/program/SonyNetworkCameraViewer.cab

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://wanadoofr.oberon-media.com/online2/...mjolauncher.cab

O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - file://C:\Documents and Settings\Arnaud\Local Settings\Application Data\Oberon Media\Oberon Games Host\ddfotg.1.0.0.37.cab

O16 - DPF: {C9E17F58-564C-41C6-989F-AB0FE0D2C9D1} - http://jeuxenligne.orange.fr/orange2.0/Onl...rium/Popcap.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/Gam...ronGameHost.cab

O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://wanadoofr.oberon-media.com/online2/...sh.1.0.0.58.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://jeuxenligne.orange.fr/GameShell/onl...aploader_v6.cab

O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.photoreflex.com/tools/xupload/XUpload.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{A8CB88EF-AA5B-4A6E-AA9A-06C6D1A110CF}: NameServer = 213.36.80.1

O23 - Service: Apache - Unknown owner - C:\PROGRA~1\EasyPHP\Apache\apache.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development - C:\WINDOWS\system32\DWRCS.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: MySql - Unknown owner - C:\Program.exe (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Timbuktu Launch (Tb2Launch) - Netopia, Inc. - C:\Program Files\Timbuktu Pro\tb2launch.exe

O23 - Service: Timbuktu Remote Control Assistant (Tb2RCAssist) - Netopia, Inc. - C:\WINDOWS\NetopiaRC\Tb2RCAssist.exe

O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

 

--

End of file - 11753 bytes

[regis56]

bonjour,

 

Je vous conseil de suivre cette procédure de nettoyage :

 

http://forum.zebulon.fr/index.php?showtopic=83986

 

Cependant je vous conseil aussi de garder Antivir et de supprimer Avast

 

Repostez un rapport hijackthis ensuite

 

Cordialement

[frenchy371]

Bonjour

 

J'ai lu votre procédure de nettoyage mais je n'ai pas désinstallé avast car j'en suis satisfait

Pourriez vous regarder mon rapport svp sans changement d'anti virus ?

 

Merci

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:57:15, on 18/02/2008

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\EasyPHP\Apache\apache.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\DWRCS.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Microsoft SQL Server\MSSQL$LAMSQL\Binn\sqlservr.exe

C:\PROGRA~1\EasyPHP\Apache\apache.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\EasyPHP\mysql\bin\mysqld-nt.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Timbuktu Pro\tb2launch.exe

C:\Program Files\Timbuktu Pro\tb2pro.exe

C:\WINDOWS\NetopiaRC\Tb2RCAssist.exe

C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

C:\Program Files\Timbuktu Pro\TNOTIFY.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE

C:\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\apps\ABoard\ABoard.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\apps\ABoard\AOSD.exe

C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe

C:\Program Files\D-Tools\daemon.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\rmctrl.exe

C:\WINDOWS\System32\taskswitch.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe

C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Microsoft SQL Server\80\Tools\binn\sqlmangr.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\WINDOWS\System32\WgaTray.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\WINDOWS\System32\dllhost.exe

C:\WINDOWS\System32\msdtc.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\HiJackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe

O4 - HKLM\..\Run: [LoginPath] C:\Program Files\Timbuktu Pro\login.exe

O4 - HKLM\..\Run: [Tb2initPath] C:\Program Files\Timbuktu Pro\tb2init.exe

O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"

O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [reg_nuvision_ax] C:\WINDOWS\System32\Regsvr32 /s NUVision.ax

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe

O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [8077f38d] rundll32.exe "C:\WINDOWS\System32\wfulpdcu.dll",b

O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe

O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\MAIN\ATISched.EXE

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe

O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\binn\sqlmangr.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab

O16 - DPF: {5308E02B-4ABA-48E4-AA9E-8A7693661473} (GameCtl Class) - http://jeuxenligne.orange.fr/GisActiveX/Ax/GameAx.cab

O16 - DPF: {5392B545-31A5-4724-BEF3-4FED1D56FDAC} (CPlayFirstDinerDash2_frControl Object) - file://C:\Documents and Settings\Arnaud\Local Settings\Application Data\Oberon Media\Oberon Games Host\DinerDash2_fr.1.0.0.70.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

O16 - DPF: {5DDCC37F-7C6B-48B8-9664-97C537920CA0} (aecviz Class) - http://www.maisonfamiliale.com/AECVIZ/npaecviz.cab

O16 - DPF: {6E49B4EF-9FE5-44DF-8D04-445AA94F83DB} (Sony Network Camera Viewer Control) - http://193.251.20.163/program/SonyNetworkCameraViewer.cab

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://wanadoofr.oberon-media.com/online2/...mjolauncher.cab

O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - file://C:\Documents and Settings\Arnaud\Local Settings\Application Data\Oberon Media\Oberon Games Host\ddfotg.1.0.0.37.cab

O16 - DPF: {C9E17F58-564C-41C6-989F-AB0FE0D2C9D1} - http://jeuxenligne.orange.fr/orange2.0/Onl...rium/Popcap.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/Gam...ronGameHost.cab

O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://wanadoofr.oberon-media.com/online2/...sh.1.0.0.58.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://jeuxenligne.orange.fr/GameShell/onl...aploader_v6.cab

O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.photoreflex.com/tools/xupload/XUpload.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{A8CB88EF-AA5B-4A6E-AA9A-06C6D1A110CF}: NameServer = 213.36.80.1

O23 - Service: Apache - Unknown owner - C:\PROGRA~1\EasyPHP\Apache\apache.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development - C:\WINDOWS\system32\DWRCS.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: MySql - Unknown owner - C:\Program.exe (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Timbuktu Launch (Tb2Launch) - Netopia, Inc. - C:\Program Files\Timbuktu Pro\tb2launch.exe

O23 - Service: Timbuktu Remote Control Assistant (Tb2RCAssist) - Netopia, Inc. - C:\WINDOWS\NetopiaRC\Tb2RCAssist.exe

O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

 

--

End of file - 11757 bytes

[regis56]

Re

 

Si je vous donne le conseil de changer d'antivirus ce n'est pas pour rien et cela ce fait très rapidement

 

Votre rapport je l'ai déjà regardé :

 

Antivirus Avast => rapport montrant des signes d'infections

 

CQFD

 

Ceci dit

 

C:\WINDOWS\System32\wfulpdcu.dll

 

Faite soumettre le fichier en gras ici =>

1- http://virusscan.jotti.org/

2- http://www.virustotal.com/flash/index_en.html

 

Lorsque vous cliquez sur ces deux adresses, vous avez une case nommée "Parcourir", vous cliquez dessus et une fenêtre s'ouvre=> parcourez votre disque dur

Recherchez le fichier en cause

Cliquez une fois sur le fichier (il prend une couleur bleue!) puis cliquez sur "ouvrir" en bas de la fenêtre puis sur "submit"(soumettre)

Pour le virusscan de jotti et "send" pour virustotal.

Le scan de ce fichier va débuter.

Vous n'avez plus qu'à sélectionner puis copier /coller l'analyse. Il est possible de reçevoir ce message =>

"Server is extremely busy at the moment. Please try again later."Auquel cas il faut retenter le coup plus tard!

communiquez les 2 rapports.

 

Cordialement

[frenchy371]

Merci de votre réponse

 

voici le rapport de http://www.virustotal.com/flash/index_en.html

 

 

Antivirus Version Dernière mise à jour Résultat

AhnLab-V3 2008.2.18.0 2008.02.18 -

AntiVir 7.6.0.67 2008.02.18 TR/Vundo.Gen

Authentium 4.93.8 2008.02.17 -

Avast 4.7.1098.0 2008.02.18 -

AVG 7.5.0.516 2008.02.18 Lop

BitDefender 7.2 2008.02.18 -

CAT-QuickHeal 9.50 2008.02.16 -

ClamAV 0.92.1 2008.02.18 -

DrWeb 4.44.0.09170 2008.02.18 -

eSafe 7.0.15.0 2008.02.17 -

eTrust-Vet 31.3.5546 2008.02.18 -

Ewido 4.0 2008.02.18 -

FileAdvisor 1 2008.02.18 -

Fortinet 3.14.0.0 2008.02.18 -

F-Prot 4.4.2.54 2008.02.17 W32/Virtumonde.G.gen!Eldorado

F-Secure 6.70.13260.0 2008.02.18 -

Ikarus T3.1.1.20 2008.02.18 -

Kaspersky 7.0.0.125 2008.02.18 -

McAfee 5231 2008.02.15 -

Microsoft 1.3204 2008.02.18 Trojan:Win32/Vundo.gen!A

NOD32v2 2882 2008.02.18 -

Norman 5.80.02 2008.02.15 -

Panda 9.0.0.4 2008.02.17 -

Prevx1 V2 2008.02.18 Trojan.Vundo

Rising 20.32.02.00 2008.02.18 -

Sophos 4.26.0 2008.02.18 -

Sunbelt 3.0.884.0 2008.02.18 -

Symantec 10 2008.02.18 -

TheHacker 6.2.9.222 2008.02.16 -

VBA32 3.12.6.1 2008.02.17 -

VirusBuster 4.3.26:9 2008.02.17 -

Webwasher-Gateway 6.6.2 2008.02.18 Trojan.Vundo.Gen

Information additionnelle

File size: 87616 bytes

MD5: 59c3980d39c694eff19663e015a1b943

SHA1: 3cdd298a110ea0ebb83bd5e983aca984053e2e2a

PEiD: -

Prevx info: http://info.prevx.com/aboutprogramtext.asp...8DB0100F39878A0

 

 

et voici celui de http://virusscan.jotti.org/

 

Scan taken on 18 Feb 2008 13:47:23 (GMT)

A-Squared Found nothing

AntiVir Found TR/Vundo.Gen

ArcaVir Found nothing

Avast Found nothing

AVG Antivirus Found Lop

BitDefender Found nothing

ClamAV Found nothing

CPsecure Found nothing

Dr.Web Found nothing

F-Prot Antivirus Found nothing

F-Secure Anti-Virus Found nothing

Fortinet Found nothing

Ikarus Found nothing

Kaspersky Anti-Virus Found nothing

NOD32 Found nothing

Norman Virus Control Found nothing

Panda Antivirus Found nothing

Rising Antivirus Found nothing

Sophos Antivirus Found nothing

VirusBuster Found nothing

VBA32 Found nothing

[regis56]

Re

 

AntiVir 7.6.0.67 2008.02.18 TR/Vundo.Gen

 

Contre

 

Avast 4.7.1098.0 2008.02.18 -

 

Qu'en déduisez vous ?

 

Cordialement

[frenchy371]

J'en déduis que AntiVir a détecté qq chose que Avast n'a pas détecté.

 

Mais est ce que antivir aurait bloqué ce virus avant qu'il s'installe?

 

Je vais donc songer à changer d'antivirus

 

En attendant, comment supprimer ce virus ?

 

Merci

[frenchy371]

Merci à angélique de me consacrer un peu de temps

 

as tu une idée ?

[regis56]

Re

 

Je vais donc songer à changer d'antivirus

 

En attendant, comment supprimer ce virus ?

 

Changez d'antivirus je vous l'ai déjà dis

 

Faite un scan avec antivir en mode sans echec et postez ensuite le rapport suivez ce tuto mais gardez antivir

http://forum.zebulon.fr/index.php?showtopic=83986

 

Cordialement

[frenchy371]

ok chef

 

je m'en occupes

 

A+