Posez votre question Format imprimable Liste des forums Aidez-les Statistiques Rechercher Charte Forum Virus-Sécurité

Pc devenu lent, besoin d'aide

Dernière réponse le 17 fév 2007 à 23:51:09 lordyannuss, le 12 fév 2007 à 14:29:52

Signaler ce message aux modérateurs

Bonjour à tous, je suis sous xp pro et j'ai un problème: mon pc est devenu soudainement lent. J'ai eu auaparavant un problème de connexion sortante avec Generic host Process for Win32..., je ne sais pas s'il peut y avoir un lien.
Les symptomes: msn ne veut plus se connecter, mozilla tourne très lentement, tous les programmes mettent un temps fou à s'ouvrir et s'exécute moins rapidement. Je vous mets mon rapport Hijackthis, en espérant que vous puissiez m'aider:

Logfile of HijackThis v1.99.1
Scan saved at 14:27:45, on 12/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctpmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\ctpmon.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\svchosts.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soi-katoey.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\Program Files\user32.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\yknspnjd.dll",setvm
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctpmon] ctpmon.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\systu2.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000351 (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

Voilà, et merci d'avance!

Configuration: Windows XP
Firefox 2.0.0.1

Meilleures réponses pour « pc devenu lent, besoin d'aide » dans :

Pc tres lent, que faire ? (Résolu) Voir

Pc ultra lent ralentissment no virus pourtant (Résolu) Voir

PC Super lent lors du démarrage et mm apres Voir

PC ou ordinateur lent / Windows très lent au démarrage VoirSi l'ordinateur met un temps très long à démarrer, le ralentissement peut provenir d'une des causes suivantes : L'ordinateur ne possède pas assez de mémoire vive : Ajouter de la mémoire Des programmes inutiles sont chargés en mémoire au...

PC très lent même après plusieurs formatage (Résolu) Voir

Pc hyper lent depuis quelques jours (Résolu) Voir

Mon pc est lent (Résolu) Voir

Re, les outils utilisés ici étaient spécifiques à tes Lire la suite

Posez votre question Répondre

did71, le 12 fév 2007 à 18:54:26

Bonjour lordyannuss,

Télécharge ComboFix (par sUBs) d'un de ces liens sur ton bureau:

http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/combofix.exe

Double clique combofix.exe et suis les invites

Poste le rapport

a+

Répondre à did71

lordyannuss, le 13 fév 2007 à 23:24:59

Merci pour cette réponse rapide!

Le problème c'est que je n'arrive pas à télécharger combofix.exe, que ce soit en ouvrant les liens ou en enregistrant la cible des liens. Mon navigateur c'est firefox. J'ai toujours les memes problèmes, pas d'amélioration...

Répondre à lordyannuss

did71, le 13 fév 2007 à 23:30:41

Re,

* Télécharge VundoFix.exe (par Atribune) sur ton Bureau:

http://www.atribune.org/public-beta/VundoFix.exe

* Double-clique VundoFix.exe afin de le lancer
* Clique sur le bouton Scan for Vundo
* Lorsque le scan est complété, clique sur le bouton Remove Vundo
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
* Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

a+

Répondre à did71

lordyannuss, le 14 fév 2007 à 21:21:06

Re!
Voilà le rapport vundofix:
VundoFix V6.3.6

Checking Java version...

Java version is 1.4.2.5

Scan started at 21:03:17 14/02/2007

Listing files found while scanning....

C:\Documents and settings\Aurélie\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\Aurélie\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Program Files\VSAdd-in\VSAdd-in.dll
C:\WINDOWS\system32\byxxvsr.dll
C:\WINDOWS\system32\fhkmp.bak1
C:\WINDOWS\system32\fhkmp.bak2
C:\WINDOWS\system32\fhkmp.ini
C:\WINDOWS\system32\fxvcwvae.exe
C:\WINDOWS\system32\ngucxelk.dll
C:\WINDOWS\system32\pmkhf.dll
C:\WINDOWS\system32\vtussrr.dll

Beginning removal...

Attempting to delete C:\Documents and settings\Aurélie\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\Aurélie\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt Has been deleted!

Attempting to delete C:\Documents and settings\Aurélie\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Documents and settings\Aurélie\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt Has been deleted!

Attempting to delete C:\Program Files\VSAdd-in\VSAdd-in.dll
C:\Program Files\VSAdd-in\VSAdd-in.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\byxxvsr.dll
C:\WINDOWS\system32\byxxvsr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fhkmp.bak1
C:\WINDOWS\system32\fhkmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\fhkmp.bak2
C:\WINDOWS\system32\fhkmp.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\fhkmp.ini
C:\WINDOWS\system32\fhkmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\fxvcwvae.exe
C:\WINDOWS\system32\fxvcwvae.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ngucxelk.dll
C:\WINDOWS\system32\ngucxelk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkhf.dll
C:\WINDOWS\system32\pmkhf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtussrr.dll
C:\WINDOWS\system32\vtussrr.dll Has been deleted!

Performing Repairs to the registry.
Done!

...et le nouveau rapport hijackthis...

Logfile of HijackThis v1.99.1
Scan saved at 21:15:32, on 14/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soi-katoey.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0C60A3C7-58BD-4E68-9C56-3F90C4472F6C} - C:\WINDOWS\system32\pmkhf.dll (file missing)
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\ngucxelk.dll (file missing)
O2 - BHO: (no name) - {C0982322-2A6C-4022-92F1-C7CB9F86DCC8} - C:\WINDOWS\system32\vtussrr.dll (file missing)
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\Program Files\user32.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\systu2.dll
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

Merci encore pour ton aide!

Répondre à lordyannuss

did71, le 14 fév 2007 à 21:29:35

Bonsoir,

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau:

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
Redémarre ton ordinateur
Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
Choisis ton compte.
Déroule la liste des instructions ci-dessous :
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

a+

Répondre à did71

lordyannuss, le 14 fév 2007 à 22:28:51

Re

voilà le rapport SDfix:

SDFix: Version 1.65

Run by: Aur‚lie - 14/02/2007 @ 22:13:32,78

Microsoft Windows XP [version 5.1.2600]

Running From: C:\Documents and Settings\Aur‚lie\Bureau\SDFix

Safe Mode:
Checking Services:

Name:

Path:

Restoring Windows Registry Entries
Restoring Default Hosts File

Killing PID 204 'smss.exe'
Killing PID 276 'winlogon.exe'

Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\system32\ctpmom.exe.exe - Deleted
C:\DOCUME~1\AURLIE~1\LOCALS~1\Temp\aax3D.tmp.exe - Deleted
C:\DOCUME~1\AURLIE~1\LOCALS~1\Temp\autorun.inf - Deleted
C:\WINDOWS\system32\ctpmon.exe - Deleted
C:\WINDOWS\system32\rpcc.dll - Deleted
C:\WINDOWS\system32\svchosts.exe - Deleted
C:\WINDOWS\Temp\removalfile.bat - Deleted

ADS Check:

C:\WINDOWS\system32
No streams found.

Final Check:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\dawn of war\\W40k.exe"="D:\\dawn of war\\W40k.exe:*:Enabled:W40K"
"C:\\Documents and Settings\\Aurélie\\Mes documents\\dawn of war\\W40k.exe"="C:\\Documents and Settings\\Aurélie\\Mes documents\\dawn of war\\W40k.exe:*:Enabled:W40K"
"C:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"="C:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe:*:Enabled:WinDVD"
"C:\\Program Files\\Infogrames\\Civilization III\\Civilization3.exe"="C:\\Program Files\\Infogrames\\Civilization III\\Civilization3.exe:*:Enabled:Civilization3"
"C:\\Program Files\\Activision\\Empires Dawn of the Modern World\\Empires_DMW.exe"="C:\\Program Files\\Activision\\Empires Dawn of the Modern World\\Empires_DMW.exe:*:Enabled:Empires_DMW"
"C:\\Program Files\\Infogrames\\Civilization III\\Conquests\\Civ3Conquests.exe"="C:\\Program Files\\Infogrames\\Civilization III\\Conquests\\Civ3Conquests.exe:*:Enabled:Civ3Conquests"
"C:\\Documents and Settings\\Aurélie\\Mes documents\\docs yann\\WoW-Intro-enUS-downloader.exe"="C:\\Documents and Settings\\Aurélie\\Mes documents\\docs yann\\WoW-Intro-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\EA GAMES\\MOHDA\\MOHAA.exe"="C:\\Program Files\\EA GAMES\\MOHDA\\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault(tm)"
"C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"="C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe:*:Enabled:BF1942"
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\Trend Micro\\Internet Security 12\\pccmain.exe"="C:\\Program Files\\Trend Micro\\Internet Security 12\\pccmain.exe:*:Enabled:Trend Micro PC-cillin Internet Security 12"
"C:\\Documents and Settings\\Aurélie\\Mes documents\\docs yann\\WOW_Coke-downloader.exe"="C:\\Documents and Settings\\Aurélie\\Mes documents\\docs yann\\WOW_Coke-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Program Files\\Infogrames\\Civilization III\\Civ3PTW\\Civilization3X.exe"="C:\\Program Files\\Infogrames\\Civilization III\\Civ3PTW\\Civilization3X.exe:*:Enabled:Civilization3Xd"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"="C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\\Documents and Settings\\Aurélie\\Mes documents\\My Games\\Jedi knight academy\\GameData\\jamp.exe"="C:\\Documents and Settings\\Aurélie\\Mes documents\\My Games\\Jedi knight academy\\GameData\\jamp.exe:*:Enabled:Jedi Academy MultiPlayer"
"C:\\Documents and Settings\\Aurélie\\Mes documents\\My Games\\dawn of war\\W40k.exe"="C:\\Documents and Settings\\Aurélie\\Mes documents\\My Games\\dawn of war\\W40k.exe:*:Enabled:W40K"
"C:\\Documents and Settings\\Aurélie\\Mes documents\\VLC\\vlc.exe"="C:\\Documents and Settings\\Aurélie\\Mes documents\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Documents and Settings\\Aurélie\\Mes documents\\My Games\\Call of Duty 2\\CoD2MP_s.exe"="C:\\Documents and Settings\\Aurélie\\Mes documents\\My Games\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Documents and Settings\\Aurélie\\Bureau\\IncrediMail\\bin\\IncMail.exe"="C:\\Documents and Settings\\Aurélie\\Bureau\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\lordyannuss\\condition zero\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\lordyannuss\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\lordyannuss\\counter-strike\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\lordyannuss\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"="C:\\Program Files\\Freeplayer\\vlc\\vlc.exe:*:Enabled:VLC media player"
"C:\\Downloads\\tnet_fr\\TetriNET fr.exe"="C:\\Downloads\\tnet_fr\\TetriNET fr.exe:*:Enabled:TetriNET fr"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\lordyannuss\\deathmatch classic\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\lordyannuss\\deathmatch classic\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\77exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\77exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\58exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\58exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\42exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\42exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\22exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\22exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\47exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\47exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\70exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\70exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\10exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\10exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\15exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\15exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\51exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\51exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\31exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\31exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\65exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\65exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\99exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\99exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\53exinjs.a2.exe"="C:\\DOCUME~1\\AURLIE~1\\LOCALS~1\\Temp\\53exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

Remaining Files:
---------------

Backups Folder: - C:\DOCUME~1\AURLIE~1\Bureau\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes :

C:\WINDOWS\system32\systu2.dll
C:\Documents and Settings\Aur‚lie\Local Settings\Temp\~33.tmp
C:\Documents and Settings\Aur‚lie\Local Settings\Temp\R‚pertoire temporaire 3 pour neko98_4.zip\NEKO98.GID

Finished

et le nouvel hikackthis:

Logfile of HijackThis v1.99.1
Scan saved at 22:27:59, on 14/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soi-katoey.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0C60A3C7-58BD-4E68-9C56-3F90C4472F6C} - C:\WINDOWS\system32\pmkhf.dll (file missing)
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\ngucxelk.dll (file missing)
O2 - BHO: (no name) - {C0982322-2A6C-4022-92F1-C7CB9F86DCC8} - C:\WINDOWS\system32\vtussrr.dll (file missing)
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\Program Files\user32.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\systu2.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

Répondre à lordyannuss

did71, le 14 fév 2007 à 22:31:41

Re,

maintenant, tu peux charger combofix?

a+

Répondre à did71

lordyannuss, le 14 fév 2007 à 22:40:39

Oui je te poste le rapport le plus vite possible, à noter que le pc marche beaucoup mieux!

Répondre à lordyannuss

lordyannuss, le 14 fév 2007 à 22:47:12

Voilà le rapport combofix:

"Aur‚lie" - 07-02-14 22:39:18 Service Pack 2
ComboFix 07-02-11 - Running from: "C:\Documents and Settings\Aur‚lie\Bureau"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files\Ipwindows\ipwins.dll
C:\WINDOWS\system32\unsvchosts.exe
C:\INSTALL.LOG
C:\secure32.html
C:\Program Files\Fichiers communs\{1CDFC~1
C:\Program Files\Fichiers communs\{1CDFC~2
C:\DOCUME~1\AURLIE~1\Application Data\SearchToolbarCorp
C:\Program Files\Ipwindows
C:\Program Files\VSAdd-in

((((((((((((((((((((((((((((((( Files Created from 2007-01-14 to 2007-02-14 ))))))))))))))))))))))))))))))))))

2007-02-14 22:06 <REP> d-------- C:\SDFix
2007-02-14 21:03 <REP> d-------- C:\VundoFix Backups
2007-02-13 20:01 <REP> d-------- C:\WINDOWS\AU_Temp
2007-02-12 20:50 <REP> d-------- C:\Program Files\MSN Messenger
2007-02-12 16:11 86,094 --a------ C:\WINDOWS\BPMNT.dll
2007-02-12 16:11 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2007-02-12 16:11 229,957 --a------ C:\WINDOWS\tsc.exe
2007-02-12 16:11 1,101,904 --a------ C:\WINDOWS\vsapi32.dll
2007-02-12 16:11 <REP> d-------- C:\WINDOWS\report
2007-02-12 16:11 <REP> d-------- C:\WINDOWS\AU_Backup
2007-02-12 16:10 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2007-02-12 16:10 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-02-12 16:10 286,720 --a------ C:\WINDOWS\PATCH.EXE
2007-02-12 16:10 <REP> d-------- C:\WINDOWS\AU_Log
2007-02-12 16:00 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage
2007-02-11 23:56 <REP> d-------- C:\Program Files\a-squared Free
2007-02-11 23:26 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Avg7
2007-02-11 18:28 <REP> d--h----- C:\Program Files\Fichiers communs\Uninstall Information
2007-02-11 12:25 621,182 --a------ C:\WINDOWS\system32\RegistryCleanerSetup.exe
2007-02-11 12:23 4,096 -rah----- C:\WINDOWS\system32\systu2.dll
2007-02-11 12:22 49,152 --a------ C:\buqp.exe
2007-02-11 12:21 314,494 --a------ C:\Program Files\serial.dat
2007-02-11 00:50 646,392 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-02-10 13:37 1,596 --ah----- C:\hpothb07.dat
2007-02-02 17:47 111,429 --a------ C:\WINDOWS\dr.exe
2007-02-02 17:47 111,429 --a------ C:\my.exe
2007-02-02 17:47 111,429 --a------ C:\documents.exe
2007-02-02 01:01 3,977 --a------ C:\Program Files\user32.exe
2007-01-20 18:46 <REP> d-------- C:\Program Files\GALA-NET

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-02-14 22:38 -------- d-------- C:\Program Files\mozilla firefox
2007-02-14 11:27 -------- d-------- C:\DOCUME~1\AURLIE~1\Application Data\the bat!
2007-02-13 21:38 -------- d-------- C:\Program Files\warcraft iii
2007-02-13 21:24 91718 --a------ C:\WINDOWS\war3unin.dat
2007-02-12 20:37 -------- d--h----- C:\Program Files\installshield installation information
2007-02-12 18:51 -------- d-------- C:\DOCUME~1\AURLIE~1\Application Data\my games
2007-02-12 15:30 -------- d-------- C:\Program Files\divx
2007-02-12 00:12 1036288 --a------ C:\WINDOWS\explorer.exe
2007-02-11 23:26 -------- d---s---- C:\DOCUME~1\AURLIE~1\Application Data\microsoft
2007-02-11 16:14 -------- d-------- C:\Program Files\emule
2007-02-11 12:22 314494 --a------ C:\Program Files\serial.zip
2007-02-11 12:22 -------- d-------- C:\Program Files\winamp
2007-02-03 23:44 -------- d-------- C:\Program Files\webtarot
2007-02-02 17:47 111429 --a------ C:\Program Files\dr.exe~
2007-01-20 20:42 -------- d-------- C:\Program Files\pariah
2007-01-19 18:42 -------- d-------- C:\Program Files\videolan
2007-01-16 22:30 -------- d-------- C:\DOCUME~1\AURLIE~1\Application Data\adobe
2007-01-11 18:53 -------- d-------- C:\Program Files\gdho
2007-01-05 21:12 -------- d-------- C:\DOCUME~1\AURLIE~1\Application Data\vlc
2007-01-03 20:48 -------- d-------- C:\DOCUME~1\AURLIE~1\Application Data\gtopala
2006-12-28 14:54 98304 --a------ C:\WINDOWS\system32\cmdlineext.dll
2006-12-26 14:25 -------- d-------- C:\Program Files\teamspeak2_rc2
2006-12-26 14:25 -------- d-------- C:\DOCUME~1\AURLIE~1\Application Data\teamspeak2
2006-12-23 19:28 -------- d-------- C:\Program Files\Fichiers communs\avsmedia
2006-12-23 19:27 -------- d-------- C:\DOCUME~1\AURLIE~1\Application Data\avsmedia
2006-12-23 19:26 -------- d-------- C:\Program Files\avsmedia
2006-12-20 19:19 -------- d-------- C:\Program Files\hacker
2006-12-15 19:03 -------- d-------- C:\Program Files\valve
2006-11-30 18:42 535 --a------ C:\WINDOWS\ereg.dat

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""
"IncrediMail"="C:\\PROGRA~1\\INCRED~1\\bin\\IncMail.exe /c"
"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"Steam"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"CloneCDTray"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"Device Detector"="DevDetect.exe -autorun"
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"ISUSPM Startup"="\"C:\\Program Files\\Fichiers communs\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Fichiers communs\\InstallShield\\UpdateService\\issch.exe\" -start"
"012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678"="C:\\Program Files\\user32.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AudioDeck.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\AudioDeck.lnk"
"backup"="C:\\WINDOWS\\pss\\AudioDeck.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\VIATEC~1\\VIAAUD~1\\AUDIOD~1\\AUDIOD~1.EXE -min"
"item"="AudioDeck"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="pccguide"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Trend Micro\\Internet Security 12\\pccguide.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\j2re1.4.2_05\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\WINDOWS\system32\systu2.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C0982322-2A6C-4022-92F1-C7CB9F86DCC8}"=""

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{896ca478-b962-11db-8e7e-0011096048dc}]
Shell\AutoRun\command E:\autorun.exe

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1113397553.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1123059668.job
C:\WINDOWS\tasks\WebReg 20070119232807.job

********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-02-14 22:42:34

et un hijackthis, si besoin:

Logfile of HijackThis v1.99.1
Scan saved at 22:45:51, on 14/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0C60A3C7-58BD-4E68-9C56-3F90C4472F6C} - C:\WINDOWS\system32\pmkhf.dll (file missing)
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\ngucxelk.dll (file missing)
O2 - BHO: (no name) - {C0982322-2A6C-4022-92F1-C7CB9F86DCC8} - C:\WINDOWS\system32\vtussrr.dll (file missing)
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678912345678] C:\Program Files\user32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\systu2.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

Répondre à lordyannuss

did71, le 14 fév 2007 à 23:00:11

Re,

et bien c'est pas trop mal!

combo a viré encore beaucoup de saletés dont ipwins que j'attendais depuis le début!

maintenant, Télécharge clean.zip

http://www2.malekal.com/download/clean.zip

Décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.
Ouvre le dossier Clean qui se trouve sur ton bureau.
Double-clic sur clean.cmd.
Une fenêtre noire va apparaître, choisis l'option 1.

Poste le rapport qui se trouve ici C:\rapport_clean.txt

a+

Répondre à did71

lordyannuss, le 14 fév 2007 à 23:06:53

Voilà le rapport!

Rapport clean par Malekal_morte - http://www.malekal.com
Option 1, executee le 14/02/2007 a 23:05:43,28

*** Recherche de fichiers sur C:
C:\documents.exe FOUND
C:\my.exe FOUND
C:\unwise.exe FOUND

*** Recherche des fichiers dans C:\WINDOWS\
C:\WINDOWS\dr.exe FOUND
C:\WINDOWS\patcher.exe FOUND

*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\RegistryCleanerSetup.exe FOUND
C:\WINDOWS\system32\RegistryCleanerSetup.exe FOUND
C:\WINDOWS\system32\SpoonUninstall.exe FOUND

"C:\Program Files\serial.zip" FOUND
"C:\Program Files\serial.dat" FOUND
"C:\Program Files\serial.zip" FOUND
"C:\Program Files\user32.exe" FOUND
"C:\Program Files\patcher.exe" FOUND
C:\PROGRA~1\UNIVER~1\ FOUND
*** Fin du rapport !

Répondre à lordyannuss

did71, le 14 fév 2007 à 23:14:04

Re,

relance cleanzip,

Choisis cette fois l'option 2!

Poste le rapport ensuite

a+

Répondre à did71

lordyannuss, le 14 fév 2007 à 23:20:48

Script execute en mode normal
Rapport clean par Malekal_morte - http://www.malekal.com
Option 2, executee le 14/02/2007 a 23:18:04,65

Microsoft Windows XP [version 5.1.2600]

*** Suppression de fichiers sur C:
tentative de suppression de C:\documents.exe
tentative de suppression de C:\my.exe
tentative de suppression de C:\unwise.exe

*** Suppression des fichiers dans C:\WINDOWS\
tentative de suppression de C:\WINDOWS\dr.exe
tentative de suppression de C:\WINDOWS\patcher.exe

*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\RegistryCleanerSetup.exe
tentative de suppression de C:\WINDOWS\system32\SpoonUninstall.exe

tentative de suppression de "C:\Program Files\serial.zip"
tentative de suppression de "C:\Program Files\serial.dat"
tentative de suppression de "C:\Program Files\user32.exe"
tentative de suppression de "C:\Program Files\patcher.exe"
tentative de suppression de C:\PROGRA~1\UNIVER~1\

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
Peut-etre je ferai mieux de refaire en mode sans échec?

Répondre à lordyannuss

did71, le 14 fév 2007 à 23:24:17

Re,

non,non!

repasse cleanzip en mode normal, option1!

poste le rapport!

a+

Répondre à did71

lordyannuss, le 14 fév 2007 à 23:25:50

Rapport clean par Malekal_morte - http://www.malekal.com
Option 1, executee le 14/02/2007 a 23:24:44,34

*** Recherche de fichiers sur C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32

*** Fin du rapport !

On dirait qu'il n'y a rien :) !

Répondre à lordyannuss

did71, le 14 fév 2007 à 23:31:39

Re,

oui, c'est propre!

on va passer un scan en ligne pour vérifier!

ça peut paraître long mais nécessaire!

passe ce scan ici:

http://www.bitdefender.fr/scan8/ie.html

poste le rapport bitdefender ensuite

a+

Répondre à did71

lordyannuss, le 15 fév 2007 à 02:01:48

Voilà le rapport du scan:

Scanned File

Status

C:\buqp.exe

Infected with: Trojan.Dropper.FakeAlert.C

C:\buqp.exe

Disinfection failed

C:\buqp.exe

Deleted

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GDERGHQR\131[1].net=>(NSIS o)=>lzma_solid_nsis0002

Detected with: Adware.Softomate.D

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GDERGHQR\131[1].net=>(NSIS o)=>lzma_solid_nsis0002

Disinfection failed

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GDERGHQR\131[1].net=>(NSIS o)=>lzma_solid_nsis0002

Deleted

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GDERGHQR\131[1].net=>(NSIS o)

Update failed

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GDERGHQR\hvwezdygyg[1].htm

Infected with: Trojan.Dropper.FakeAlert.C

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GDERGHQR\hvwezdygyg[1].htm

Disinfection failed

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GDERGHQR\hvwezdygyg[1].htm

Deleted

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\O1QF492R\secure32[1].htm

Infected with: Trojan.SpySheriff.C

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\O1QF492R\secure32[1].htm

Disinfection failed

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\O1QF492R\secure32[1].htm

Deleted

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\O1QF492R\uxyroof[1].txt

Infected with: DeepScan:Generic.Malware.SMN!dldg.3A42812D

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\O1QF492R\uxyroof[1].txt

Disinfection failed

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\O1QF492R\uxyroof[1].txt

Deleted

C:\Program Files\dr.exe~

Infected with: Trojan.Downloader.Agent.AWX

C:\Program Files\dr.exe~

Disinfection failed

C:\Program Files\dr.exe~

Deleted

C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc4\backups\backups.zip=>backups/ctpmom.exe.exe

Suspected of: Generic.Malware.Sdld.994F7195

C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc4\backups\backups.zip=>backups/ctpmom.exe.exe

Disinfection failed

C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc4\backups\backups.zip=>backups/ctpmom.exe.exe

Deleted

C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc4\backups\backups.zip

Updated

C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc4\backups\backups.zip=>backups/ctpmon.exe

Infected with: Trojan.FakeAlert.DM

C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc4\backups\backups.zip=>backups/ctpmon.exe

Disinfection failed

C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc4\backups\backups.zip=>backups/ctpmon.exe

Deleted

C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc4\backups\backups.zip

Updated

C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc4\backups\backups.zip=>backups/rpcc.dll

Infected with: DeepScan:Generic.Malware.SMN!dldg.929E57FC

C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc4\backups\backups.zip=>backups/rpcc.dll

Disinfection failed

C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc4\backups\backups.zip=>backups/rpcc.dll

Deleted

C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc4\backups\backups.zip

Updated

C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc4\backups\backups.zip=>backups/svchosts.exe

Infected with: Trojan.Downloader.Agent.AWX

C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc4\backups\backups.zip=>backups/svchosts.exe

Disinfection failed

C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc4\backups\backups.zip=>backups/svchosts.exe

Deleted

C:\RECYCLER\S-1-5-21-329068152-343818398-682003330-1003\Dc4\backups\backups.zip

Updated

C:\VundoFix Backups\byxxvsr.dll.bad

Infected with: DeepScan:Generic.Malware.SYddldg.E6B69DEA

C:\VundoFix Backups\byxxvsr.dll.bad

Disinfection failed

C:\VundoFix Backups\byxxvsr.dll.bad

Deleted

C:\VundoFix Backups\fxvcwvae.exe.bad

Infected with: Trojan.Agent.ACL

C:\VundoFix Backups\fxvcwvae.exe.bad

Disinfection failed

C:\VundoFix Backups\fxvcwvae.exe.bad

Deleted

C:\VundoFix Backups\ngucxelk.dll.bad

Infected with: Trojan.Juan.E

C:\VundoFix Backups\ngucxelk.dll.bad

Disinfection failed

C:\VundoFix Backups\ngucxelk.dll.bad

Deleted

C:\VundoFix Backups\pmkhf.dll.bad

Infected with: MemScan:Trojan.Vundo.AA

C:\VundoFix Backups\pmkhf.dll.bad

Disinfection failed

C:\VundoFix Backups\pmkhf.dll.bad

Deleted

C:\VundoFix Backups\VSAdd-in.dll.bad

Infected with: Trojan.Agent.ACL

C:\VundoFix Backups\VSAdd-in.dll.bad

Disinfection failed

C:\VundoFix Backups\VSAdd-in.dll.bad

Deleted

C:\VundoFix Backups\vtussrr.dll.bad

Infected with: DeepScan:Generic.Malware.SYddldg.E6B69DEA

C:\VundoFix Backups\vtussrr.dll.bad

Disinfection failed

C:\VundoFix Backups\vtussrr.dll.bad

Deleted

C:\WINDOWS\system\smss.exe~

Infected with: DeepScan:Generic.Horst.72F6A175

C:\WINDOWS\system\smss.exe~

Disinfection failed

C:\WINDOWS\system\smss.exe~

Deleted

C:\WINDOWS\system32\abeymheu.dll_tobedeleted

Infected with: Trojan.Spy.VBStat.B

C:\WINDOWS\system32\abeymheu.dll_tobedeleted

Deleted

C:\WINDOWS\system32\secure32.html

Infected with: Trojan.SpySheriff.C

C:\WINDOWS\system32\secure32.html

Disinfection failed

C:\WINDOWS\system32\secure32.html

Deleted

I:\Logiciels\Reste\MailWasher Pro 4.1.9 FR + Crack\Mail Waher Pro Crack.exe

Infected with: Trojan.Regpat.A

I:\Logiciels\Reste\MailWasher Pro 4.1.9 FR + Crack\Mail Waher Pro Crack.exe

Disinfection failed

I:\Logiciels\Reste\MailWasher Pro 4.1.9 FR + Crack\Mail Waher Pro Crack.exe

Deleted

Répondre à lordyannuss

did71, le 15 fév 2007 à 19:51:54

Bonsoir,

bitdefender a lui aussi bien fait le ménage!

Supprime SDFix, Vundofix, combofix, on n'en a plus besoin!

Vide ta corbeille!

Puis

Télécharge SmitfraudFix de S!Ri:
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Tu le dézippes sur le Bureau.

* Tu ouvres SmitfraudFix, tu double cliques sur SmitfraudFix.cmd et tu choisis l’option 1
Postes le rapport.

a+

Répondre à did71

lordyannuss, le 15 fév 2007 à 20:41:50

Voilà le rapport

SmitFraudFix v2.142

Rapport fait à 20:40:44,60, 15/02/2007
Executé à partir de C:\Documents and Settings\Aur‚lie\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\Tasks\At1.job PRESENT !
C:\WINDOWS\Tasks\At2.job PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Aur‚lie

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Aur‚lie\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\WINDOWS\\system32\\systu2.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

Répondre à lordyannuss

44 réponses 12 3 Suivant

Posez votre question Répondre