[RESOLU] Help... symptome de Bravix, surf lent...avast en cause

[Zorgimus]

suite...

-----------\\ ToolBar S&D 1.2.2 XP/Vista

 

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2

X86-based PC ( Uniprocessor Free : AMD Athlon 64 Processor 3200+ )

BIOS : Phoenix - AwardBIOS v6.00PG

USER : SAM ( Administrator )

BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1229 [VPS 081001-0] 4.8.1229 (Activated)

Firewall : Sygate Personal Firewall 4.6 (Not Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total : 149 Go Free : 55 Go

D:\ (CD or DVD) - CDFS - Total : 0 Go Free : 0 Go

E:\ (CD or DVD)

F:\ (CD or DVD) - CDFS - Total : 2 Go Free : 0 Go

G:\ (CD or DVD)

H:\ (CD or DVD)

 

"C:\ToolBar SD" ( MAJ : 04-10-2008|21:00 )

Option : [1] ( 12/10/2008|17:51 )

 

-----------\\ Recherche de Fichiers / Dossiers ...

 

C:\WINDOWS\iun6002.exe

 

-----------\\ Extensions

 

(SAM) - {71328583-3CA7-4809-B4BA-570A85818FBB} => cacheviewer

(SAM) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper

 

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

"Start Page"="http://www.neufportail.fr/"

"Search Page"="http://www.google.com"

"Search Bar"="http://www.google.com/ie"'>http://www.google.com/ie"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

"Default_Search_URL"="http://www.google.com/ie"

"Start Page"="http://www.msn.de/"

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

 

 

--------------------\\ Recherche d'autres infections

 

--------------------\\ ROOTKIT !!

 

Rootkit Tibs ! .. [HKLM\..\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV]

Rootkit Tibs ! .. [HKLM\..\CurrentControlSet\Enum\Root\tdssserv]

Rootkit Tibs ! .. [HKLM\..\ControlSet001\Enum\Root\LEGACY_TDSSSERV]

Rootkit Tibs ! .. [HKLM\..\ControlSet001\Enum\Root\tdssserv]

Rootkit Tibs ! .. [HKLM\..\ControlSet003\Enum\Root\LEGACY_TDSSSERV]

Rootkit Tibs ! .. [HKLM\..\ControlSet003\Enum\Root\tdssserv]

 

 

Trojan ! .. C:\WINDOWS\system32\drivers\tdssserv.sys

Trojan ! .. C:\WINDOWS\system32\tdssservers.dat

Trojan ! .. C:\WINDOWS\system32\tdssserf.dll

Trojan ! .. C:\WINDOWS\system32\tdssmain.dll

Trojan ! .. C:\WINDOWS\system32\tdssinit.dll

Trojan ! .. C:\WINDOWS\system32\tdssadw.dll

Trojan ! .. C:\WINDOWS\system32\tdsslog.dll

Trojan ! .. C:\WINDOWS\system32\tdssl.dll

 

--------------------\\ Cracks & Keygens ..

 

C:\DOCUME~1\SAM\Bureau\Raccourcis Bureau non utilis‚s\MyTheatre[1].v3.25.1.Keygen.ZIP

C:\DOCUME~1\SAM\Mes documents\Incoming\programmes_jeux\eJay dj Mix Station 2 - full multilingual version + Crack - by pollopocket.ace

C:\DOCUME~1\SAM\Mes documents\Incoming\programmes_jeux\WinISO 5 3 + crack.exe

C:\DOCUME~1\SAM\Mes documents\pes5\Crack

C:\DOCUME~1\SAM\Mes documents\pes5\Crack\PES5.exe

 

 

 

1 - "C:\ToolBar SD\TB_1.txt" - 12/10/2008|17:53 - Option : [1]

 

-----------\\ Fin du rapport a 17:53:53,89

[Apollo]

Re,

 

Merci pour le dossier.

 

Il y a encore du boulot!

 

Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".

 

--> Sous VISTA: clic droit Exécuter en temps qu'administrateur.

Ne ferme pas la fenêtre lors de la suppression !

Un rapport sera généré, poste son contenu dans ta réponse.

 

NB: Si ton Bureau ne réapparaissait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.

Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."

Tape explorer puis valide.

 

Avec ça, poste un nouveau log Hijackthis stp.

 

@++

[Zorgimus]

Keep the fight:

 

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2

X86-based PC ( Uniprocessor Free : AMD Athlon 64 Processor 3200+ )

BIOS : Phoenix - AwardBIOS v6.00PG

USER : SAM ( Administrator )

BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1229 [VPS 081001-0] 4.8.1229 (Activated)

Firewall : Sygate Personal Firewall 4.6 (Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total : 149 Go Free : 55 Go

D:\ (CD or DVD) - CDFS - Total : 0 Go Free : 0 Go

E:\ (CD or DVD)

F:\ (CD or DVD) - CDFS - Total : 2 Go Free : 0 Go

G:\ (CD or DVD)

H:\ (CD or DVD)

 

"C:\ToolBar SD" ( MAJ : 04-10-2008|21:00 )

Option : [2] ( 12/10/2008|18:04 )

 

-----------\\ SUPPRESSION

 

Supprime! - C:\WINDOWS\iun6002.exe

 

-----------\\ Recherche de Fichiers / Dossiers ...

 

 

-----------\\ Extensions

 

(SAM) - {71328583-3CA7-4809-B4BA-570A85818FBB} => cacheviewer

(SAM) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper

 

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

"Start Page"="http://www.neufportail.fr/"

"Search Page"="http://www.google.com"

"Search Bar"="http://www.google.com/ie"'>http://www.google.com/ie"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

"Default_Search_URL"="http://www.google.com/ie"

"Start Page"="http://www.msn.com/"

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

 

 

--------------------\\ Recherche d'autres infections

 

--------------------\\ ROOTKIT !!

 

Rootkit Tibs ! .. [HKLM\..\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV]

Rootkit Tibs ! .. [HKLM\..\CurrentControlSet\Enum\Root\tdssserv]

Rootkit Tibs ! .. [HKLM\..\ControlSet001\Enum\Root\LEGACY_TDSSSERV]

Rootkit Tibs ! .. [HKLM\..\ControlSet001\Enum\Root\tdssserv]

Rootkit Tibs ! .. [HKLM\..\ControlSet003\Enum\Root\LEGACY_TDSSSERV]

Rootkit Tibs ! .. [HKLM\..\ControlSet003\Enum\Root\tdssserv]

 

 

Trojan ! .. C:\WINDOWS\system32\drivers\tdssserv.sys

Trojan ! .. C:\WINDOWS\system32\tdssservers.dat

Trojan ! .. C:\WINDOWS\system32\tdssserf.dll

Trojan ! .. C:\WINDOWS\system32\tdssmain.dll

Trojan ! .. C:\WINDOWS\system32\tdssinit.dll

Trojan ! .. C:\WINDOWS\system32\tdssadw.dll

Trojan ! .. C:\WINDOWS\system32\tdsslog.dll

Trojan ! .. C:\WINDOWS\system32\tdssl.dll

 

--------------------\\ Cracks & Keygens ..

 

C:\DOCUME~1\SAM\Bureau\Raccourcis Bureau non utilis‚s\MyTheatre[1].v3.25.1.Keygen.ZIP

C:\DOCUME~1\SAM\Mes documents\Incoming\programmes_jeux\eJay dj Mix Station 2 - full multilingual version + Crack - by pollopocket.ace

C:\DOCUME~1\SAM\Mes documents\Incoming\programmes_jeux\WinISO 5 3 + crack.exe

C:\DOCUME~1\SAM\Mes documents\pes5\Crack

C:\DOCUME~1\SAM\Mes documents\pes5\Crack\PES5.exe

 

 

 

1 - "C:\ToolBar SD\TB_1.txt" - 12/10/2008|17:53 - Option : [1]

2 - "C:\ToolBar SD\TB_2.txt" - 12/10/2008|18:06 - Option : [2]

 

-----------\\ Fin du rapport a 18:06:29,62

 

 

Scan saved at 18:09:05, on 12/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE

C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

C:\Program Files\D-Tools\daemon.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\PowerArchiver\PASTARTER.EXE

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\SAM\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe

C:\Program Files\SAGEM\SAGEM F@st800\dslmon.exe

C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Orange\Logiciel de Synchronisation Orange\Voxsync.exe

C:\Program Files\Fichiers communs\Sony Shared\GMR\GMRMan.exe

C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe

C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAutoUpdate.exe

C:\Program Files\Orange\Logiciel de Synchronisation Orange\SyncManager.exe

C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.club-internet.fr:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;localhost;club-internet.fr;*.club-internet.fr;grolier.fr;*.grolier.fr;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe"

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE

O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun

O4 - HKLM\..\Run: [i downloaded pirated Software from P2P and now I post my Hijack log whining] C:\WINDOWS\system32\Pro Evolution Soccer 5 crack.exe

O4 - HKLM\..\Run: [system service65] C:\WINDOWS\etb\pokapoka65.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [CONNECTScheduler] "C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe" /RUN_SCHEDULER

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [LanceurEasyBox] "C:\Program Files\Easybox\EasyBox.exe" -AutoStart

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\SAM\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: CONNECTAUTrayApp.lnk = C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe

O4 - Global Startup: DSLMON.lnk = ?

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logiciel de Synchronisation Orange.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Pinnacle Scheduler.lnk = ?

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: EasyBoxApache - Unknown owner - C:\Program Files\Easybox\Apache\Apache.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\SAM\LOCALS~1\Temp\hpdj.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\Fsk\SonySCSIHelperService.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

O24 - Desktop Component 1: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2

 

--

End of file - 11983 bytes

[Apollo]

Re,

 

Vérifie si tu as de nouveau accès au mode sans échec pour utiliser SDFix.

 

Lance Hijackthis "do a system scan only" et coche ces lignes:

 

O4 - HKLM\..\Run: [i downloaded pirated Software from P2P and now I post my Hijack log whining] C:\WINDOWS\system32\Pro Evolution Soccer 5 crack.exe

O4 - HKLM\..\Run: [system service65] C:\WINDOWS\etb\pokapoka65.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - Global Startup: DSLMON.lnk = ?

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

 

Ferme applications ouvertes et navigateur puis clique sur Fix Checked.

 

Change d'antivirus, c'est préférable:

 

 

Si tu es d'accord pour changer d'antivirus, voici Antivir; il est en anglais mais le tuto est très bien expliqué pour faire la configuration du logiciel.

http://www.libellules.ch/tuto_antivir.php

 

http://www.vista-xp.fr/forum/topic227.html

 

Procédure:

 

Télécharger l'exécutable d'Antivir. http://www.free-av.de/en/download/1/avira_..._antivirus.html

 

Déconnecter physiquement le pc du net, c'est à dire en retirant le câble de la tour.

 

Désinstaller Avast par Ajouter/Supprimer des programmes.

 

Installer Antivir et le configurer comme expliqué dans le tutoriel. (Ne pas oublier de cocher la case de recherche de Rootkits -> très important).

Fais un clic droit sur l'icône d'Antivir dans la barre des tâches et choisis Configure Antivir

Dans la fenêtre, coche la case Expert Mode

Juste en dessous, clique sur le menu Scanner

Sur le panneau de droite, coche la case Search for Rootkits before scan

 

 

 

Rebrancher le pc au net; effectuer la mise à jour des bases antivirales d'Antivir.

 

Lancer une analyse complète de l'ordinateur.

 

Poster le rapport ici svp.

 

 

@++

[Zorgimus]

Suite...

 

Avira AntiVir Personal

Report file date: dimanche 12 octobre 2008 18:58

 

Scanning for 1369550 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Boot mode: Normally booted

Username: SYSTEM

Computer name: 11AB

 

Version information:

BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00

AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53

AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40

LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19

LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34

ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15

ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 30/06/2008 05:20:53

ANTIVIR3.VDF : 7.0.5.23 17408 Bytes 30/06/2008 09:24:47

Engineversion : 8.1.1.19

AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21

AESCRIPT.DLL : 8.1.0.63 311673 Bytes 06/08/2008 13:13:47

AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49

AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/2008 12:37:48

AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35

AEOFFICE.DLL : 8.1.0.21 192891 Bytes 18/07/2008 06:35:21

AEHEUR.DLL : 8.1.0.47 1368437 Bytes 06/08/2008 13:13:47

AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48

AEGEN.DLL : 8.1.0.35 315764 Bytes 06/08/2008 14:38:47

AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21

AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/2008 08:33:21

AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48

AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05

AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01

AVREP.DLL : 7.0.0.1 155688 Bytes 30/06/2008 14:35:20

AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40

AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23

AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49

SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02

SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40

NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10

RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07

RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:,

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: on

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: dimanche 12 octobre 2008 18:58

 

Starting search for hidden objects.

c:\windows\system32\tdssadw.dll

[iNFO] The file is not visible.

[NOTE] A backup was created as '49652dec.qua' ( QUARANTINE )

c:\windows\system32\tdsserrors.log

[iNFO] The file is not visible.

[NOTE] A backup was created as '4aa3dc9d.qua' ( QUARANTINE )

c:\windows\system32\tdssinit.dll

[iNFO] The file is not visible.

[NOTE] A backup was created as '4aac34c5.qua' ( QUARANTINE )

c:\windows\system32\tdssl.dll

[iNFO] The file is not visible.

[NOTE] A backup was created as '4aae6d0d.qua' ( QUARANTINE )

c:\windows\system32\tdsslog.dll

[iNFO] The file is not visible.

[NOTE] A backup was created as '4aa84575.qua' ( QUARANTINE )

c:\windows\system32\tdssmain.dll

[iNFO] The file is not visible.

[NOTE] A backup was created as '4aaabdbd.qua' ( QUARANTINE )

c:\windows\system32\tdssserf.dll

[iNFO] The file is not visible.

[NOTE] A backup was created as '4ab495e5.qua' ( QUARANTINE )

c:\windows\system32\tdssserf1.dll

[iNFO] The file is not visible.

[NOTE] A backup was created as '4ab6f22d.qua' ( QUARANTINE )

c:\windows\system32\tdssservers.dat

[iNFO] The file is not visible.

[NOTE] A backup was created as '406ff685.qua' ( QUARANTINE )

c:\windows\system32\drivers\tdssserv.sys

[iNFO] The file is not visible.

[NOTE] A backup was created as '40682ecd.qua' ( QUARANTINE )

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Minimal\tdssserv.sys

[iNFO] The registry entry is invisible.

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\tdssserv.sys

[iNFO] The registry entry is invisible.

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Minimal\tdssserv.sys

[iNFO] The registry entry is invisible.

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Safeboot\Network\tdssserv.sys

[iNFO] The registry entry is invisible.

'71083' objects were checked, '14' hidden objects were found.

 

The scan of running processes will be started

Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'epmworker.exe' - '1' Module(s) have been scanned

Scan process 'Generic.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'SyncManager.exe' - '1' Module(s) have been scanned

Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned

Scan process 'CONNECTAutoUpdate.exe' - '1' Module(s) have been scanned

Scan process 'wscntfy.exe' - '1' Module(s) have been scanned

Scan process 'iPodService.exe' - '1' Module(s) have been scanned

Scan process 'GMRMan.exe' - '1' Module(s) have been scanned

Scan process 'CapabilityManager.exe' - '1' Module(s) have been scanned

Scan process 'PCLEScheduler.exe' - '1' Module(s) have been scanned

Scan process 'Voxsync.exe' - '1' Module(s) have been scanned

Scan process 'WinCinemaMgr.exe' - '1' Module(s) have been scanned

Scan process 'CONNECTAUTrayApp.exe' - '1' Module(s) have been scanned

Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned

Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned

Scan process 'PASTARTER.EXE' - '1' Module(s) have been scanned

Scan process 'issch.exe' - '1' Module(s) have been scanned

Scan process 'Application Launcher.exe' - '1' Module(s) have been scanned

Scan process 'CONNECTScheduler.exe' - '1' Module(s) have been scanned

Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned

Scan process 'realsched.exe' - '1' Module(s) have been scanned

Scan process 'qttask.exe' - '1' Module(s) have been scanned

Scan process 'DEVDET~1.EXE' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'daemon.exe' - '1' Module(s) have been scanned

Scan process 'mmtask.exe' - '1' Module(s) have been scanned

Scan process 'LVComS.exe' - '1' Module(s) have been scanned

Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'fts.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'aawservice.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'Smc.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

55 processes with 55 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '71' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\WINDOWS\system32\drivers\atapi.sys

[WARNING] The file could not be opened!

 

 

End of the scan: dimanche 12 octobre 2008 19:52

Used time: 54:01 Minute(s)

 

The scan has been done completely.

 

8395 Scanning directories

353362 Files were scanned

0 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

10 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

353360 Files not concerned

3797 Archives were scanned

2 Warnings

10 Notes

71083 Objects were scanned with rootkit scan

14 Hidden objects were found

 

Après ça j'ai relancé une fois Hijackthis et supprimé les 4 lignes présentes encore pour obtenir cela:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:16:18, on 12/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE

C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

C:\Program Files\D-Tools\daemon.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

C:\Program Files\PowerArchiver\PASTARTER.EXE

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\SAM\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe

C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Program Files\Orange\Logiciel de Synchronisation Orange\Voxsync.exe

C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe

C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe

C:\Program Files\Fichiers communs\Sony Shared\GMR\GMRMan.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAutoUpdate.exe

C:\Program Files\Orange\Logiciel de Synchronisation Orange\SyncManager.exe

C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.club-internet.fr:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;localhost;club-internet.fr;*.club-internet.fr;grolier.fr;*.grolier.fr;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\Friendly Technologies\BroadbandAccess\fts.exe"

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [AtiPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE

O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [CONNECTScheduler] "C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe" /RUN_SCHEDULER

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [LanceurEasyBox] "C:\Program Files\Easybox\EasyBox.exe" -AutoStart

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\SAM\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: CONNECTAUTrayApp.lnk = C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Logiciel de Synchronisation Orange.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Pinnacle Scheduler.lnk = ?

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: EasyBoxApache - Unknown owner - C:\Program Files\Easybox\Apache\Apache.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\SAM\LOCALS~1\Temp\hpdj.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\Fsk\SonySCSIHelperService.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

O24 - Desktop Component 1: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2

 

--

End of file - 11165 bytes

[Apollo]

Ok,

 

On va faire une dernière vérif avec un scan en ligne.

 

S'il reste des troyens, on emploiera une artillerie un peu plus lourde. Tu as beaucoup de fichiers, et cela ne serait pas très rapide comme analyse mais bon, s'il le fallait...

 

TUTO: http://www.vista-xp.fr/forum/topic109.html

 

• Fais un scan en ligne Kaspersky
  
• Clique sur Accept
  
• Patiente le temps d'installation du Webscanner.
  
• Les bases de mises à jour vont s'installer, patiente un moment
  
• Clique sur Next.
  
• Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.
  

 

A la fin du scan, si des objets infectés sont découverts, clique sur Save report as... Choisis bureau et nomme le rapport "rapport Kaspersky" et dans le champ d'enregistrement, choisis "fichiers texte" enregistre alors le rapport.

 

Copie/colle l'entièreté du fichier texte ouvert, par clic droit dessus, sélectionner tout/copier.

 

Colle ce rapport dans ta réponse sur le forum.

 

@+

[Apollo]

Question: Quand tu as analysé avec MBAM, es-tu bien sûr que toutes les cases étaient cochées avant de fixer les infections découvertes?

 

Je trouve plus qu'étrange que MBAM n'ait pas détecté et supprimé ces Rootkits et trojans.

 

Ce n'est pas dans ses habitudes de louper ces bestioles.

 

@+

[Zorgimus]

Bad news impossible de me rendre sur le site (introuvable) quel que soit le chemin...

[Apollo]

J'y arrive donc ce n'est pas le site.

Ok.

 

 

 

Télécharge Dr.Web CureIt sur ton Bureau:

ftp://ftp.drweb.com/pub/drweb/cureit/launch.exe

• ou

http://www.freedrweb.com/cureit/
Double clique drweb-cureit.exe et ensuite clique sur Analyse;
Clique Ok à l'invite de l'analyse rapide. Ce scan permet l'analyse des processus chargés en mémoire; s'il trouve des processus infectés, clique le bouton Oui pour tout à l'invite.
**Note : une fenêtre s'ouvrira avec options pour "Commander" ou "50% de réduction"; vous pouvez quitter en cliquant le "X"
Lorsque le scan rapide est terminé, Clique sur le menu Options >> Changer la configuration;
Choisis l'onglet "Scanner", et décoche "Analyse heuristique". Clique "Ok"
De retour à la fenêtre principale : clique pour activer "Analyse complète";
Clique le bouton avec flèche verte sur la droite, et le scan débutera.
Clique Oui pour tout à l'invite "Désinfecter ?" lorsqu'un fichier est détecté, et ensuite clique "Désinfecter".
Lorsque le scan sera complété, regarde si tu peux cliquer sur cette icône, adjacente aux fichiers détectés :
Si oui, alors clique dessus et ensuite clique sur l'icône "Suivant", au dessous, et choisis Déplacer en quarantaine l'objet indésirable
Du menu principal de l'outil, au haut à gauche, clique sur le menu Fichier et choisis Enregistrer le rapport
Sauvegarde le rapport sur ton Bureau. Ce dernier se nommera DrWeb.csv
Ferme Dr.Web Cureit
Redémarre ton ordi (*très important*), car certains fichiers peuvent être déplacés/réparés au redémarrage.
Suite au redémarrage, poste (Copie/Colle) le contenu du rapport de l'outil Dr.Web dans ta prochaine réponse.

[Zorgimus]

j'ai refais malaware rapide: 6 trojans:

Malwarebytes' Anti-Malware 1.28

Version de la base de données: 1260

Windows 5.1.2600 Service Pack 2

 

12/10/2008 23:56:25

mbam-log-2008-10-12 (23-56-25).txt

 

Type de recherche: Examen rapide

Eléments examinés: 53648

Temps écoulé: 4 minute(s), 45 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 2

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 2

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 2

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\ -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\WINDOWS\system32\ (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\ (Trojan.Agent) -> Quarantined and deleted successfully.

 

 

impossible de télécharger tes liens comme por kapersky...