Navilog1.

Je fait ce scan car j'ai eu des alertes d'infections Spyware sécu.Depuit je reçoie des comme quoi il y aurai des logiciels espion sur mon ordi??

Mon ordinateur est resté sans protection pendant quelque temp.

Maintenant j'ai installé Avast,mais je pensse que les logiciels espion sont toujour là.

Voila.

Merci.

Bonjour,

Dans l'onglet Windows.
Avancé: Vieilles données du Prefetch
Je n'ai pas ceci?

Pour enregistrer HijackThis dans un répertoire NON Temporaire,il suffie juste de le renomer Monjack?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:24:57, on 29/02/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\MSTask.exe
C:\WINDOWS\system32\stisvc.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\System32\mspmspsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Apps\Updater\01.02.0002.1001\fr\msnappau.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\fr\msnappau.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxdm119YYFR
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/dlhelper/version7/dlhelper.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/...
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://fortunelounge.microgaming.com/freeplay/FlashAX.cab
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - https://www.pch.com/games?source=candystand
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.gamenext.fr/online/online2/chuzzle/popcaploader_v6.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe (file missing)
O24 - Desktop Component 0: (no name) - http://dh.search.ke.voila.fr/r?part=edt&url=http%3A%2F%2Fwww.google.fr%2F&rurl=http%3A%2F%2Fwww.google.fr%2F&id=1508700000117292377473149&ap=&profil=orange&bhv=web_fr&rdata=google&numa=1&lg=&salt=0526565&key=4b4e1f3726a1d230394ded222eeaf64b

J'ai un soucie.Mon ordi redémare lors de l'exécution de Combo fixe,au redémarage je recoie le message:La taille du registre est insuffisante???

J'essaille!

oui

Suite à ta question 2 poste plus haut j'ai Redémarré mon ordi.
Comme je te le disai Combofixc'est lancé,je l'ai laissé faire.
Il at offert se rapport.Je te le poste.

ComboFix 08-02-25.3 - Administrateur 2008-02-29 3:50:43.2 - [color=red][b]FAT32[/b][/color]x86
Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\xcopy.exe
.
---- Previous Run -------
.
C:\cmd.exe
C:\install.exe
C:\riched32.dll
C:\setup.exe
C:\svchost.exe
C:\WINDOWS\start.exe
C:\WINDOWS\system32\_000055_.tmp.dll
C:\WINDOWS\Web\default.htt
C:\winlogon.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\nm




((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-28 to 2008-02-29 ))))))))))))))))))))))))))))))))))))
.

2008-02-28 19:03 . 08-02-28 19:03 <DIR> d-------- C:\Program Files\Navilog1
2008-02-28 17:24 . 08-02-28 17:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Zylom
2008-02-27 09:28 . 08-02-27 09:28 <DIR> d-------- C:\Program Files\MSN Apps
2008-02-27 07:33 . 08-02-27 07:33 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-27 03:30 . 07-12-04 13:54 95,608 --a------ C:\WINDOWS\SYSTEM32\AvastSS.scr
2008-02-27 03:30 . 07-12-04 15:51 42,912 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys
2008-02-27 03:30 . 07-12-04 15:49 26,624 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys
2008-02-27 03:30 . 07-12-04 15:53 23,152 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys
2008-02-27 03:29 . 07-12-04 14:04 837,496 --a------ C:\WINDOWS\SYSTEM32\aswBoot.exe
2008-02-27 03:29 . 04-01-09 10:13 380,928 --a------ C:\WINDOWS\SYSTEM32\actskin4.ocx
2008-02-27 03:29 . 07-12-04 15:55 94,544 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys
2008-02-27 03:29 . 07-12-04 15:56 93,264 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon.sys
2008-02-27 03:24 . 08-02-27 03:24 <DIR> d-------- C:\Program Files\EoRezo
2008-02-27 03:24 . 08-02-27 03:24 <DIR> d-------- C:\Documents and Settings\Administrateur\Application Data\EoRezo
2008-02-27 01:00 . 08-02-27 01:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-26 09:26 . 07-09-15 01:24 17,920 --a------ C:\WINDOWS\SYSTEM32\reg.exe
2008-02-23 21:21 . 08-02-23 21:21 <DIR> d-------- C:\WINDOWS\report
2008-02-23 21:19 . 08-02-23 21:19 <DIR> d-------- C:\WINDOWS\AU_Backup
2008-02-23 21:19 . 08-02-23 21:19 36,469,841 --a------ C:\WINDOWS\VPTNFILE.119
2008-02-23 21:19 . 08-02-23 21:19 36,469,841 --a------ C:\WINDOWS\LPT$VPN.119
2008-02-23 21:19 . 08-02-23 21:19 1,922,158 --a------ C:\WINDOWS\tsc.ptn
2008-02-23 21:19 . 08-02-23 21:19 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2008-02-23 21:19 . 08-02-23 21:19 267,845 --a------ C:\WINDOWS\tsc.exe
2008-02-23 21:19 . 08-02-23 21:19 86,094 --a------ C:\WINDOWS\BPMNT.dll
2008-02-23 21:19 . 08-02-23 21:19 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2008-02-23 21:19 . 08-02-23 22:22 823 --a------ C:\WINDOWS\tsc.ini
2008-02-23 21:10 . 08-02-23 21:10 <DIR> d-------- C:\WINDOWS\AU_Temp
2008-02-23 21:10 . 08-02-23 21:10 <DIR> d-------- C:\WINDOWS\AU_Log
2008-02-23 21:10 . 08-02-23 21:10 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-02-23 21:10 . 08-02-23 21:10 286,720 --a------ C:\WINDOWS\PATCH.EXE
2008-02-23 21:10 . 08-02-23 21:10 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-02-23 21:10 . 08-02-23 21:10 170 --a------ C:\WINDOWS\GetServer.ini
2008-02-18 07:38 . 08-02-18 07:18 22,979 --a------ C:\TN2_1191830695.gif
2008-02-16 03:05 . 08-02-16 03:05 <DIR> d--h----- C:\WINDOWS\$NtUpdateRollupPackUninstall$
2008-02-15 03:03 . 06-08-22 12:48 136,912 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\fltmgr.sys
2008-02-14 03:21 . 03-10-03 09:26 614,429 --a------ C:\WINDOWS\SYSTEM32\mswstr10.dll
2008-02-14 03:21 . 05-06-03 11:31 163,088 --a------ C:\WINDOWS\SYSTEM32\h323msp.dll
2008-02-14 03:11 . 08-02-14 03:11 <DIR> d--h----- C:\WINDOWS\$SQLUninstallMDAC25SP3-KB927779-x86-FRA$
2008-02-14 03:09 . 07-12-05 11:40 631,056 --a------ C:\WINDOWS\SYSTEM32\OLEAUT32.DLL
2008-02-14 01:38 . 08-02-14 01:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-14 01:26 . 08-02-17 03:21 81,984 --a------ C:\WINDOWS\SYSTEM32\bdod.bin
2008-02-13 06:00 . 04-02-19 23:04 1,814,248 --------- C:\WINDOWS\SYSTEM32\dllcache\dtcsetup.exe
2008-02-13 05:58 . 05-03-03 06:36 905,270 --------- C:\WINDOWS\SYSTEM32\dllcache\system.adm
2008-02-08 01:13 . 05-02-03 10:51 225,280 --a------ C:\WINDOWS\OptChecker.exe
2008-02-08 01:13 . 05-02-03 10:51 159,744 --a------ C:\WINDOWS\OptRemove.exe
2008-02-06 03:05 . 05-06-03 11:30 63,760 --a------ C:\WINDOWS\SYSTEM32\CRYPTNET.DLL
2008-02-04 14:38 . 02-05-15 16:16 462,848 --a------ C:\WINDOWS\SYSTEM32\msaatext.dll
2008-02-04 14:38 . 02-05-15 16:16 360,448 --a------ C:\WINDOWS\SYSTEM32\oleacc.dll
2008-02-04 14:38 . 02-05-15 16:16 356,352 --a------ C:\WINDOWS\SYSTEM32\oleaccrc.dll
2008-02-04 14:16 . 08-02-04 14:16 <DIR> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-03 20:34 . 08-02-03 20:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-03 03:26 . 08-02-03 03:26 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-02 05:17 . 03-02-21 13:42 348,160 -ra------ C:\WINDOWS\SYSTEM\msvcr71.dll
2008-02-02 05:17 . 99-12-14 23:31 258,320 --a------ C:\WINDOWS\SYSTEM32\msh263.drv
2008-02-02 05:17 . 03-06-19 20:05 52,496 --a------ C:\WINDOWS\SYSTEM32\vfwwdm32.dll
2008-02-02 05:17 . 03-06-19 20:05 52,496 --a------ C:\WINDOWS\SYSTEM32\dllcache\vfwwdm32.dll
2008-02-02 05:17 . 99-12-14 23:29 45,840 --a------ C:\WINDOWS\SYSTEM32\iyuv_32.dll
2008-02-02 05:17 . 99-12-14 23:29 45,840 --a------ C:\WINDOWS\SYSTEM32\dllcache\iyuv_32.dll
2008-02-02 05:17 . 99-12-14 23:30 12,560 --a------ C:\WINDOWS\SYSTEM32\tsbyuv.dll
2008-02-02 05:17 . 99-12-14 23:30 12,560 --a------ C:\WINDOWS\SYSTEM32\dllcache\tsbyuv.dll
2008-02-02 04:50 . 01-03-02 19:46 282,896 --a------ C:\WINDOWS\SYSTEM32\msaud32.acm
2008-02-02 04:50 . 01-05-16 16:54 276,840 --a------ C:\WINDOWS\SYSTEM32\wmv8ds32.ax
2008-02-02 04:50 . 01-05-16 16:54 264,552 --a------ C:\WINDOWS\SYSTEM32\wmvds32.ax
2008-02-02 04:50 . 01-05-11 12:18 264,528 --a------ C:\WINDOWS\SYSTEM32\mpg4ds32.ax
2008-02-02 04:50 . 01-05-16 16:54 227,960 --a------ C:\WINDOWS\SYSTEM32\msadds32.ax
2008-02-02 04:50 . 01-05-16 16:54 76,120 --a------ C:\WINDOWS\SYSTEM32\msscds32.ax
2008-01-30 17:54 . 01-11-08 14:58 1,306,624 --a------ C:\WINDOWS\SYSTEM32\wmploc.dll
2008-01-30 17:54 . 07-04-30 12:07 1,122,304 --a------ C:\WINDOWS\SYSTEM32\wmpui.dll
2008-01-30 17:54 . 01-03-02 20:56 281,456 --a------ C:\WINDOWS\SYSTEM32\pdbrowse.bmp
2008-01-30 17:54 . 01-10-01 19:50 270,336 --a------ C:\WINDOWS\SYSTEM32\pdbrowse.dll
2008-01-30 17:54 . 01-10-01 19:50 188,416 --a------ C:\WINDOWS\SYSTEM32\wmp.ocx
2008-01-30 17:54 . 01-10-01 19:50 184,320 --a------ C:\WINDOWS\SYSTEM32\wmpcd.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-23 14:59 19,077,232 ----a-w C:\Farm_Frenzy-setup.exe
2008-01-19 19:00 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-01-18 01:25 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Microgaming
2008-01-12 04:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\MGS
2007-12-10 17:12 581,120 ----a-w C:\WINDOWS\SYSTEM32\WININET.DLL
2007-12-05 10:40 631,056 ----a-w C:\WINDOWS\SYSTEM32\dllcache\oleaut32.dll
2007-02-20 00:28 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2007-02-09 13:22 22,115 ---h--w C:\Program Files\folder.htt
2000-08-08 23:00 32,528 ----a-w C:\WINDOWS\inf\wbfirdma.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@={7D688A77-C613-11D0-999B-00C04FD655E1}

[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
06-07-13 09:09 2393360 --a------ C:\WINDOWS\system32\SHELL32.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\PROGRA~1\WANADOO\Shell.exe" [04-08-23 14:50 122880]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [08-02-28 11:02 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnappau"="C:\Program Files\MSN Apps\Updater\[u]0[/u]1.02.0002.1001\fr\msnappau.exe" [04-07-22 21:53 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [00-08-09 00:00 20752 C:\WINDOWS\SYSTEM32\internat.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 20:05 189712]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nwprovau]
nwprovau.dll 06-09-01 07:49 143632 C:\WINDOWS\SYSTEM32\NWPROVAU.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, msnsspc.dll, digest.dll

R2 aswMon;avast! Standard Shield Support;C:\WINDOWS\system32\drivers\aswMon.sys [07-12-04 15:56 ]
R3 essm2e;Pilote audio ESS Maestro (WDM);C:\WINDOWS\system32\drivers\essm2e.sys [99-11-05 23:55 ]
R3 OBOE;Port FIR Toshiba Type-O;C:\WINDOWS\system32\DRIVERS\tos4mo.sys [99-10-20 22:49 ]
R3 Tridkb;Tridkb;C:\WINDOWS\system32\DRIVERS\tridkbm.sys [99-11-19 22:11 ]
S3 RescueDrv;Inventel Access Point USB Rescue Driver;C:\WINDOWS\system32\Drivers\resc_dwb.sys [03-04-24 12:03 ]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-29 20:03:40 c:\windows\Tasks\Low Battery Alarm Program.job"
"2008-01-29 20:04:54 c:\windows\Tasks\Critical Battery Alarm Program.job"
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-29 04:34:03
Windows 5.0.2195 Service Pack 4 FAT NTAPI

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\stisvc.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\System32\mspmspsv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-29 4:38:56 - machine was rebooted [Administrateur]
ComboFix-quarantined-files.txt 2008-02-29 03:38:44
.
2008-02-17 02:01:41 --- E O F ---

Alors ce coup ci Combofix c'est pas lancé.
Voici le rapport Hitjackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:05:36, on 29/02/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\stisvc.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\System32\mspmspsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\MSN Apps\Updater\01.02.0002.1001\fr\msnappau.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\fr\msnappau.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxdm119YYFR
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/dlhelper/version7/dlhelper.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/...
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://fortunelounge.microgaming.com/freeplay/FlashAX.cab
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - https://www.pch.com/games?source=candystand
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.gamenext.fr/online/online2/chuzzle/popcaploader_v6.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe (file missing)
O24 - Desktop Component 0: (no name) - http://dh.search.ke.voila.fr/r?part=edt&url=http%3A%2F%2Fwww.google.fr%2F&rurl=http%3A%2F%2Fwww.google.fr%2F&id=1508700000117292377473149&ap=&profil=orange&bhv=web_fr&rdata=google&numa=1&lg=&salt=0526565&key=4b4e1f3726a1d230394ded222eeaf64b

Non!

J'ai pas ça!

Est,merci de prendre du temps,c'est cool.

Bien vue...

Insomniak aussi. :)


Voici le nouveau rapport.






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:35:22, on 29/02/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\stisvc.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\System32\mspmspsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\MSN Apps\Updater\01.02.0002.1001\fr\msnappau.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\fr\msnappau.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/...
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.gamenext.fr/online/online2/chuzzle/popcaploader_v6.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe (file missing)

Ben j'ai Avast4.

Le par feu chai pas!

Voila le rapport!!!


SmitFraudFix v2.298

Rapport fait à 5:53:33.54, ven. 29/02/2008
Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
Le type du système de fichiers est FAT32
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\stisvc.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\System32\mspmspsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\MSN Apps\Updater\01.02.0002.1001\fr\msnappau.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\migicons.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\FAVORIS


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="131A6951-7F78-11D0-A979-00C04FD705A2"
"SubscribedURL"="131A6951-7F78-11D0-A979-00C04FD705A2"
"FriendlyName"="Barre des chaînes de Internet Explorer"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Inventel Residential
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3C455AE8-E051-4929-9768-2BD9BCF77E6C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{BF315D83-004F-4C5D-9978-7AC6D8D42048}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{3C455AE8-E051-4929-9768-2BD9BCF77E6C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{BF315D83-004F-4C5D-9978-7AC6D8D42048}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{3C455AE8-E051-4929-9768-2BD9BCF77E6C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{BF315D83-004F-4C5D-9978-7AC6D8D42048}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Exuse mais j'ai pas SmitfraudFix.exe .
Quand je lance en mode sans echec.

Finalement j'ai trouvé!

Ca m'a mie un rapport,le voicie.

SmitFraudFix v2.298

Rapport fait à 7:24:01.62, ven. 29/02/2008
Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
Le type du système de fichiers est FAT32
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3C455AE8-E051-4929-9768-2BD9BCF77E6C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{BF315D83-004F-4C5D-9978-7AC6D8D42048}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{3C455AE8-E051-4929-9768-2BD9BCF77E6C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{BF315D83-004F-4C5D-9978-7AC6D8D42048}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{3C455AE8-E051-4929-9768-2BD9BCF77E6C}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{BF315D83-004F-4C5D-9978-7AC6D8D42048}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Pas de soucie booddha!
Le voici.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:37, on 29/02/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\stisvc.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\System32\mspmspsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\MSN Apps\Updater\01.02.0002.1001\fr\msnappau.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\fr\msnappau.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/...
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.gamenext.fr/online/online2/chuzzle/popcaploader_v6.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe (file missing)

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.2.29.1 2008.02.29 -
AntiVir 7.6.0.67 2008.02.29 -
Authentium 4.93.8 2008.02.29 -
Avast 4.7.1098.0 2008.02.28 -
AVG 7.5.0.516 2008.02.29 -
BitDefender 7.2 2008.02.29 -
CAT-QuickHeal 9.50 2008.02.28 -
ClamAV 0.92.1 2008.02.29 -
DrWeb 4.44.0.09170 2008.02.29 -
eSafe 7.0.15.0 2008.02.28 -
eTrust-Vet 31.3.5574 2008.02.29 -
Ewido 4.0 2008.02.28 -
FileAdvisor 1 2008.02.29 -
Fortinet 3.14.0.0 2008.02.28 -
F-Prot 4.4.2.54 2008.02.28 -
F-Secure 6.70.13260.0 2008.02.29 -
Ikarus T3.1.1.20 2008.02.29 -
Kaspersky 7.0.0.125 2008.02.29 -
McAfee 5241 2008.02.28 -
Microsoft 1.3301 2008.02.29 -
NOD32v2 2911 2008.02.29 -
Norman 5.80.02 2008.02.28 -
Panda 9.0.0.4 2008.02.28 -
Prevx1 V2 2008.02.29 -
Rising 20.33.40.00 2008.02.29 -
Sophos 4.27.0 2008.02.29 -
Sunbelt 3.0.906.0 2008.02.28 -
Symantec 10 2008.02.29 -
TheHacker 6.2.9.229 2008.02.25 -
VBA32 3.12.6.2 2008.02.27 -
VirusBuster 4.3.26:9 2008.02.28 -
Webwasher-Gateway 6.6.2 2008.02.29 -
Information additionnelle
File size: 62224 bytes
MD5: dd7022d43813daa09b14b4bc5f6d2780
SHA1: b3dd9093301c8d048ece73655534995616501650
PEiD: InstallShield 2000


ATTENTION: VirusTotal iest un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares.

Désolé pour le tant de réponsse!!! :)



Je reçoie se message quand je lance ( Smit fraudfix.exe )