au secours virtumonde win32:tratBHO PURITYSCARésolu/Fermé

Question

Bonjour,
AVANT QUE JE CASSE MON PCPOUVEZ M'aider a virer ces virus
cdr

raleuboleu · Answer

salut

peus tu nous mettre 1 log hijack stp , voir ici:

https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

poste ensuite le rapport ici stp

biz

did · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:15, on 2008-01-04
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Real\RealPlayer\RealPlay .exe
C:\WINDOWS\Mixer .exe
C:\Program Files\kernel\kernel.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spyware Doctor\SDTrayApp .exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\WINDOWS\RaUI.exe
C:\WINDOWS\System32\ctfmon .exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Program Files\kernel\kernel .exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\WNSXS~1undll.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32
vsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\wuauclt.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

^^Marie^^ · Answer

--

Je suis entrée dans CCM, La cigarette dans une main,
Les Tongs dans l’autre main, Les ***** nus sous la chemise

raleuboleu · Answer

re

il manque 1 sacré bout de ton rapport , peux tu reposter stp

bizz

did · Answer

dernier post avant le ccccccccccccccoup de marteau yark ctong bing non je deconne je vais me coucher
je pense que hijack n'est pas complet et je n'arrive plus a l'ouvrir
je verrais demain merci d'avance pour ton aide
CDR Didier

luc · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:45:59, on 4/01/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi .exe
C:\Program Files\QuickTime\qttask .exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Real\RealPlayer\RealPlay .exe
C:\WINDOWS\Mixer .exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\kernel\kernel.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Program Files\Spyware Doctor\SDTrayApp .exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\WINDOWS\RaUI.exe
C:\WINDOWS\System32\ctfmon .exe
C:\Program Files\kernel\kernel .exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32
vsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
F3 - REG:win.ini: load=C:\WINDOWS\System32\sstrp.exe
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi .exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Aoes] "C:\WINDOWS\WNSXS~1undll.exe" -vt yazb
O4 - HKCU\..\Run: [kernel] C:\Program Files\kernel\kernel.exe
O4 - HKCU\..\Run: [Mfarnmg] "C:\Documents and Settings\blanchard\Application Data\??crosoft\w?wexec.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Icône AOL.lnk = C:\Program Files\AOL 7.0b\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\WINDOWS\RaUI.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?5063f681811e4e77af5cf0edda902b0c
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?5063f681811e4e77af5cf0edda902b0c
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O16 - DPF: {11111111-1111-1111-1111-111111111111} - http://fr4-download.nocreditcard.com/download/newdial-erp/3320/dialer.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs8.chat.sc5.yahoo.com/v43/yacscom.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://charon777.free.fr/plugins/hardwaredetection.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_7.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RGlkaWVyIEJMQU5DSEFSRA\command.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

luc · Answer

Bonjour,

Ps, grandes similitudes, posté par un autre DiD anonyme ce jour.

raleuboleu · Answer

hello

sorry je n'ai pas vu !!merci

bizz

luc · Answer

Bonne année à tous

raleuboleu · Answer

ben merci alors WAIIIIIIIIIIIIIIIIIIIIII BONNNE ANNNNEE !! pis le reste ben on fera avec si ca marche pas lol

DID · Answer

veuillez m excusez pour les autres post mais je n'ai pas compris comment fonctionner les forums
par contre ne n'arrivz plus a ouvrir hijack par contre je vais essayer de recuperer mon rapport sur un autre post 
vous remerciant
Did

DID · Answer

celui la a l"air d'etre complet



Logfile of Trend Micro HijackThis v2.0.2 
Scan saved at 17:45:59, on 4/01/2008 
Platform: Windows XP (WinNT 5.01.2600) 
MSIE: Internet Explorer v6.00 (6.00.2600.0000) 
Boot mode: Normal 

Running processes: 
C:\WINDOWS\System32\smss.exe 
C:\WINDOWS\system32\csrss.exe 
C:\WINDOWS\system32\winlogon.exe 
C:\WINDOWS\system32\services.exe 
C:\WINDOWS\system32\lsass.exe 
C:\WINDOWS\system32\svchost.exe 
C:\WINDOWS\System32\svchost.exe 
C:\WINDOWS\System32\svchost.exe 
C:\WINDOWS\System32\svchost.exe 
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 
C:\WINDOWS\Explorer.EXE 
C:\Program Files\Alwil Software\Avast4\ashServ.exe 
C:\WINDOWS\Mixer.exe 
C:\Program Files\Real\RealPlayer\RealPlay.exe 
C:\WINDOWS\System32\CTHELPER.EXE 
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe 
C:\Program Files\Neuf\Kit\WiFi\9wifi .exe 
C:\Program Files\QuickTime\qttask .exe 
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 
C:\Program Files\Real\RealPlayer\RealPlay .exe 
C:\WINDOWS\Mixer .exe 
C:\Program Files\Spyware Doctor\SDTrayApp.exe 
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 
C:\Program Files\Internet Explorer\iexplore.exe 
C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe 
C:\WINDOWS\System32\ctfmon.exe 
C:\Program Files\kernel\kernel.exe 
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe 
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe 
C:\Program Files\Spyware Doctor\SDTrayApp .exe 
C:\WINDOWS\system32\spoolsv.exe 
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe 
C:\WINDOWS\RaUI.exe 
C:\WINDOWS\System32\ctfmon .exe 
C:\Program Files\kernel\kernel .exe 
C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe 
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe 
C:\WINDOWS\System32
vsvc32.exe 
C:\Program Files\Spyware Doctor\svcntaux.exe 
C:\WINDOWS\System32\devldr32.exe 
C:\Program Files\Spyware Doctor\swdsvc.exe 
C:\WINDOWS\System32\svchost.exe 
C:\WINDOWS\System32\wdfmgr.exe 
C:\WINDOWS\wanmpsvc.exe 
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe 
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe 
C:\WINDOWS\System32\wuauclt.exe 
C:\WINDOWS\System32\wuauclt.exe 
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe 
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe 
C:\WINDOWS\System32\wbem\wmiprvse.exe 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/ 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens 
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL 
F3 - REG:win.ini: load=C:\WINDOWS\System32\sstrp.exe 
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL 
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx 
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll 
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll 
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup 
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize 
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install 
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER 
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE 
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE 
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" 
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" 
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi .exe" 
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime 
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe 
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" 
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe 
O4 - HKCU\..\Run: [Aoes] "C:\WINDOWS\WNSXS~1undll.exe" -vt yazb 
O4 - HKCU\..\Run: [kernel] C:\Program Files\kernel\kernel.exe 
O4 - HKCU\..\Run: [Mfarnmg] "C:\Documents and Settings\blanchard\Application Data\??crosoft\w?wexec.exe" 
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe 
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') 
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') 
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') 
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') 
O4 - Global Startup: Icône AOL.lnk = C:\Program Files\AOL 7.0b\aoltray.exe 
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE 
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe 
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\WINDOWS\RaUI.exe 
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm 
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites 
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT 
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?5063f681811e4e77af5cf0edda902b0c 
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?5063f681811e4e77af5cf0edda902b0c 
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll 
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll 
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll 
O15 - Trusted Zone: *.gomyhit.com 
O15 - Trusted Zone: *.imageservr.com 
O15 - Trusted Zone: *.imagesrvr.com 
O15 - Trusted Zone: *.storageguardsoft.com 
O15 - Trusted Zone: *.gomyhit.com (HKLM) 
O15 - Trusted Zone: *.imageservr.com (HKLM) 
O15 - Trusted Zone: *.imagesrvr.com (HKLM) 
O15 - Trusted Zone: *.storageguardsoft.com (HKLM) 
O16 - DPF: {11111111-1111-1111-1111-111111111111} - http://fr4-download.nocreditcard.com/download/newdial-erp/3320/dialer.exe 
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab 
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs8.chat.sc5.yahoo.com/v43/yacscom.cab 
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab 
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://charon777.free.fr/plugins/hardwaredetection.cab 
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab 
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab 
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_7.cab 
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab 
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe 
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe 
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RGlkaWVyIEJMQU5DSEFSRA\command.exe (file missing) 
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe 
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe 
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe 
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe 
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe 

End of file - 9787 bytes

DID2 · Answer

Bonjour j'ai fait un nouveau hijackthis apres avoir passé COMBOFIX
est ce que je peut avoir l'avis d'un expert en sachant que je n'est plus d'alerte AVAST mais une lenteur dans le systeme
excusez moi d'avoir pris le speudo d'une autre personne (did) en plus je regardais sa config elle ressemble etrangement a la mienne
CDR

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:50:52, on 5/01/2008
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\kernel\kernel.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\WINDOWS\RaUI.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32
vsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: 0 - {34C00A56-6582-487A-80A4-2FA963C56F21} - C:\Program Files\MSN Gaming Zone\laxulix539.dll (file missing)
O2 - BHO: (no name) - {4C58E392-2E0F-4F99-B15A-523800F7FA47} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {827701DF-15DD-4C06-854B-BD66DAE0C9D3} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C6ADDC12-10FB-4A08-DA5F-3EE600F55E99} - C:\WINDOWS\System32\xnw.dll (file missing)
O2 - BHO: (no name) - {CC0BEA90-ECDF-4492-81CD-6C72D7E42914} - C:\Program Files\Services en ligne\homer83122.dll (file missing)
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi           .exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask        .exe" -atboottime
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Aoes] "C:\WINDOWS\WNSXS~1undll.exe" -vt yazb
O4 - HKCU\..\Run: [kernel] C:\Program Files\kernel\kernel.exe
O4 - HKCU\..\Run: [Mfarnmg] "C:\Documents and Settings\blanchard\Application Data\??crosoft\w?wexec.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Icône AOL.lnk = C:\Program Files\AOL 7.0b\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\WINDOWS\RaUI.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?5063f681811e4e77af5cf0edda902b0c
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?5063f681811e4e77af5cf0edda902b0c
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imageservr.com (HKLM)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs8.chat.sc5.yahoo.com/v43/yacscom.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://charon777.free.fr/plugins/hardwaredetection.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_7.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32
vsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

^^Marie^^ · Answer

Pourrais tu répondre à la queqstion du poste <13>

DID2 · Answer

qu'est ce que tu appelle une version officielle ?

^^Marie^^ · Answer

Voilà par exemple des versions officielles

 	Platform: Windows XP SP1(WinNT 5.01.2600)
ou
 	Platform: Windows XP SP2 (WinNT 5.01.2600)

Démarrer
Tous les programmes
En haut tu as &#9658; Windows Update et tu mets ta version à jour...

Sinon, soit c'est une copie, soit c'est une version piratée.... Dans ce cas ...........

DID2 · Answer

merci de ta reponse mais sur une discussion voisine j'ai vu ce post et lui c'est pas une copie ? pourtant depanné
cdr Didier

J' ai un probleme avec mon ordinateur qui n'arrete pas de bugger j'ai regulierement explorer.exe qui se ferme et se rouvre et mon pc est très lent . 
Je pense avoir un virus car mon antivirus(avast) detecte des virus mais je n'ai pas l'impression qu'il les supprime. 
J'ai fais un rapport avec hijackthis si dessous 

Logfile of Trend Micro HijackThis v2.0.2 
Scan saved at 22:19:00, on 15/12/2007 
Platform: Windows XP (WinNT 5.01.2600) 
MSIE: Internet Explorer v6.00 (6.00.2600.0000) 
Boot mode: Normal

^^Marie^^ · Answer

Qui t'a dit de passer CombFix ???
Le rapport il est où ???



Ton pc est mal protégé....

http://www.microsoft.com/downloads/details.aspx?FamilyID=9EC51594-992C-4165-A997-25DA01F388F5&displaylang=fr
http://www.microsoft.com/downloads/details.aspx?FamilyID=049c9dbe-3b8e-4f30-8245-9e368d3cdb5a&displaylang=fr

DID2 · Answer

je suis pas rester inerte et j'ai trouvé au depart d'une recherche de forum 3 explications pour attaquer virtumonde 1 a2free sans resultat 2 que je n'ai pas essayé puis combfix ComboFix 08-01-04.1 - blanchard 2008-01-05 19:14:42.5 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.231 [GMT 1:00] Running from: C:\Documents and Settings\blanchard\Bureau\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\sstrp.dll . ---- Previous Run ------- . C:\Documents and Settings\blanchard\Application Data\CROSOF~1 C:\Documents and Settings\blanchard\Menu Démarrer\Programmes\Outerinfo C:\Documents and Settings\blanchard\Menu Démarrer\Programmes\Outerinfo\Terms.lnk C:\Documents and Settings\blanchard\Menu Démarrer\Programmes\Outerinfo\Uninstall.lnk C:\Documents and Settings\LocalService\Application Data\NetMon C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt C:\Documents and Settings\NetworkService\Application Data\NetMon C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Creative\SBLive\Program\ADGJDet.exe C:\Program Files\Fichiers communs\Yazzle1281OinAdmin.exe C:\Program Files\Fichiers communs\Yazzle1281OinUninstaller.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\kernel\kernel.exe C:\Program Files\montorgueil C:\Program Files\montorgueil\14.06348 C:\Program Files\montorgueil\Choc-fetish\Choc-fetish.ico C:\Program Files etwork monitor C:\Program Files\outerinfo C:\Program Files\outerinfo\FF\chrome.manifest C:\Program Files\outerinfo\FF\components\FF.dll C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt C:\Program Files\outerinfo\FF\install.rdf C:\Program Files\outerinfo\Terms.rtf C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\Program Files\Temporary C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\WINDOWS\b122.exe C:\WINDOWS\Mixer.exe C:\WINDOWS\system32\atmtd.dll C:\WINDOWS\system32\atmtd.dll._ C:\WINDOWS\system32\ctfmon .exe C:\WINDOWS\system32\ctfmon.exe.tmp C:\WINDOWS\system32\f1 C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\prtss.ini C:\WINDOWS\system32\prtss.ini2 C:\WINDOWS\system32\RCX46.tmp C:\WINDOWS\system32\RCX47.tmp C:\WINDOWS\system32\RCX63.tmp C:\WINDOWS\system32\sstrp.exe C:\WINDOWS\system32\wintit32.exe C:\WINDOWS\system32\y2 C:\WINDOWS\system32\y2\gyreo83122.exe C:\WINDOWS\TTC-4444.exe C:\WINDOWS\uninstall_nmon.vbs C:\WINDOWS\UpdReg.EXE C:\WINDOWS\wnsxs~1 C:\WINDOWS\wnsxs~1 undll .exe C:\WINDOWS\WNSXS~1 undll.exe C:\WINDOWS\wnsxs~1\W?nSxS\ [code]

"C:\Program Files\Alwil Software\Avast4\ashDisp .exe" replaces infected copy of "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
"C:\Program Files\Creative\SBLive\Program\ADGJDet .exe" replaces infected copy of "C:\Program Files\Creative\SBLive\Program\ADGJDet.exe"
"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe" replaces infected copy of "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"C:\Program Files\Java\jre1.6.0_02\bin\jusched .exe" replaces infected copy of "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
"C:\Program Files\kernel\kernel .exe" replaces infected copy of "C:\Program Files\kernel\kernel.exe"
"C:\Program Files\Real\RealPlayer\RealPlay .exe" replaces infected copy of "C:\Program Files\Real\RealPlayer\RealPlay.exe"
"C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe" replaces infected copy of "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
"C:\Program Files\Spyware Doctor\SDTrayApp .exe" replaces infected copy of "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
"C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont .exe" replaces infected copy of "C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe"
"C:\WINDOWS\Mixer .exe" replaces infected copy of "C:\WINDOWS\Mixer.exe"
"C:\WINDOWS\UpdReg .EXE" replaces infected copy of "C:\WINDOWS\UpdReg.EXE"
"C:\WINDOWS\system32\ctfmon .exe" moved to QooBox

[/code] . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_CMDSERVICE -------\LEGACY_NETWORK_MONITOR -------\cmdService -------\Network Monitor ((((((((((((((((((((((((((((( Fichiers créés 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))))))) . 2008-01-04 23:10 . 2008-01-05 18:04 1,818,624 --a------ C:\WINDOWS\Mixer.exe 2008-01-04 23:10 . 2008-01-05 18:04 90,112 --a------ C:\WINDOWS\UpdReg.EXE 2008-01-04 21:50 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-04 21:30 . 2008-01-04 21:35 d-------- C:\Program Files\a-squared Free 2008-01-04 18:50 . 2008-01-04 20:52 d-------- C:\VundoFix Backups 2008-01-03 23:14 . 2008-01-05 19:02 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-01-03 23:01 . 2008-01-03 23:03 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-01-03 23:01 . 2008-01-03 23:03 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-01-03 23:01 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-01-03 23:01 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-01-03 23:00 . 2008-01-05 19:22 d-------- C:\Program Files\Spyware Doctor 2008-01-03 23:00 . 2008-01-03 23:00 d-------- C:\Documents and Settings\blanchard\Application Data\PC Tools 2008-01-03 23:00 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2008-01-03 21:34 . 2008-01-03 22:18 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-01-03 20:25 . 2008-01-03 20:25 d-------- C:\Program Files\Trend Micro 2008-01-02 21:09 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-01-02 21:09 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-01-02 21:09 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2008-01-02 21:08 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2008-01-02 21:08 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-01-02 21:08 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-01-02 21:07 . 2008-01-02 21:07 d-------- C:\Program Files\Alwil Software 2008-01-02 21:07 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2008-01-02 21:07 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2008-01-02 21:07 . 2003-03-18 20:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll 2008-01-02 21:07 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2008-01-02 16:42 . 2008-01-05 19:00 d-------- C:\Program Files\kernel 2008-01-02 16:08 . 2008-01-02 21:37 d--hs---- C:\WINDOWS\RGlkaWVyIEJMQU5DSEFSRA 2008-01-02 16:08 . 2008-01-02 22:09 389,120 --a------ C:\WINDOWS\mrofinu1000106.exe.tmp 2008-01-02 16:07 . 2008-01-02 16:07 d-------- C:\WINDOWS\system32\ardCo01 2008-01-02 16:07 . 2008-01-02 16:07 d-------- C:\Temp\cEeer12 2008-01-02 16:07 . 2008-01-05 18:57 d-------- C:\Temp 2008-01-02 11:56 . 2008-01-03 20:57 2,218 --a------ C:\WINDOWS\ACROREAD.INI 2008-01-02 11:53 . 2008-01-02 11:53 d-------- C:\Program Files\Canon 2008-01-02 11:46 . 2008-01-02 11:46 d-------- C:\Program Files\Ulead Systems 2008-01-02 11:46 . 1998-09-29 17:22 27,648 --a------ C:\WINDOWS\Photo Express 2 SE.scr 2007-12-25 22:20 . 2007-12-25 22:21 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-12-25 22:20 . 2007-12-25 22:21 1,409 --a------ C:\WINDOWS\QTFont.for 2007-12-25 20:57 . 2006-11-30 15:14 18,704 -ra------ C:\WINDOWS\system32\drivers\se45nd5.sys 2007-12-25 20:56 . 2006-11-30 15:14 90,800 -ra------ C:\WINDOWS\system32\drivers\se45unic.sys 2007-12-25 20:56 . 2006-11-30 15:14 5,872 -ra------ C:\WINDOWS\system32\drivers\se45wh.sys 2007-12-25 20:56 . 2006-11-30 15:14 4,128 -ra------ C:\WINDOWS\system32\drivers\se45cr.sys 2007-12-25 20:55 . 2006-11-30 15:14 88,624 -ra------ C:\WINDOWS\system32\drivers\se45mgmt.sys 2007-12-25 20:55 . 2006-11-30 15:13 6,240 -ra------ C:\WINDOWS\system32\drivers\se45cmnt.sys 2007-12-25 20:55 . 2006-11-30 15:13 6,240 -ra------ C:\WINDOWS\system32\drivers\se45cm.sys 2007-12-25 20:54 . 2006-11-30 15:14 86,432 -ra------ C:\WINDOWS\system32\drivers\se45obex.sys 2007-12-25 20:51 . 2006-11-30 15:14 97,088 -ra------ C:\WINDOWS\system32\drivers\se45mdm.sys 2007-12-25 20:51 . 2006-11-30 15:14 9,360 -ra------ C:\WINDOWS\system32\drivers\se45mdfl.sys 2007-12-25 20:49 . 2006-11-30 15:13 61,536 -ra------ C:\WINDOWS\system32\drivers\se45bus.sys 2007-12-25 20:49 . 2006-11-30 15:14 5,872 -ra------ C:\WINDOWS\system32\drivers\se45whnt.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-04 21:50 --------- d-----w C:\Program Files\QuickTime 2008-01-03 20:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-02 20:25 --------- d-----w C:\Program Files\Services en ligne 2007-12-25 21:31 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-22 18:09 258,048 ------w C:\WINDOWS\Setup1.exe 2007-11-22 18:09 --------- d-----w C:\Program Files\DahediSign 2007-11-22 18:08 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE 2007-11-22 16:44 --------- d-----w C:\Program Files\StepMania 2007-11-22 16:37 --------- d-----w C:\Program Files\Lavasoft 2007-11-22 16:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-10-24 19:47 45,224 ----a-w C:\Documents and Settings\blanchard\Application Data\GDIPFONTCACHEV1.DAT 2005-07-29 15:24 472 --sha-r C:\WINDOWS\RGlkaWVyIEJMQU5DSEFSRA\l354uqpVKHLgkocGmHImlE.vbs . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34C00A56-6582-487A-80A4-2FA963C56F21}] C:\Program Files\MSN Gaming Zone\laxulix539.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6ADDC12-10FB-4A08-DA5F-3EE600F55E99}] C:\WINDOWS\System32\xnw.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC0BEA90-ECDF-4492-81CD-6C72D7E42914}] C:\Program Files\Services en ligne\homer83122.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-05 18:05 68856] "ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-28 13:00 13312] "Aoes"="C:\WINDOWS\WNSXS~1 undll.exe" [ ] "kernel"="C:\Program Files\kernel\kernel.exe" [2008-01-05 18:05 61440] "Mfarnmg"="C:\Documents and Settings\blanchard\Application Data\??crosoft\w?wexec.exe" [ ] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-05 18:05 1460560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "C-Media Mixer"="Mixer.exe" [2008-01-05 18:04 1818624 C:\WINDOWS\Mixer.exe] "NvCplDaemon"="NvQTwk" [] "nwiz"="nwiz.exe" [2002-07-16 11:16 372736 C:\WINDOWS\system32 wiz.exe] "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-01-05 18:04 26112] "WINDVDPatch"="CTHELPER.EXE" [2002-07-02 16:56 24576 C:\WINDOWS\system32\CTHELPER.EXE] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2008-01-05 18:04 90112] "Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2008-01-05 18:04 28672] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2008-01-05 18:04 132496] "Autoconfigurateur WiFi Neuf"="C:\Program Files\Neuf\Kit\WiFi\9wifi .exe" [ ] "QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ] "PE2CKFNT SE"="C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [2008-01-05 18:05 25088] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-01-05 18:05 79224] "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2008-01-05 18:02 1065800] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 13:00 13312] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{ED0ACB58-556F-21DA-DDFE-6D20F3F611BB}"= C:\WINDOWS\system32\kb1ss1p.dll [ ] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER R3 ADM8511;Convertisseur USB vers Fast Ethernet ADMtek ADM8511/AN986;C:\WINDOWS\System32\DRIVERS\ADM8511.SYS [2001-08-17 19:11] S3 als4k;Avance Audio Miniport Driver (WDM);C:\WINDOWS\System32\drivers\als4000.sys [] S3 ctlsb16;Pilote Creative SB16/AWE32/AWE64 (WDM);C:\WINDOWS\System32\drivers\ctlsb16.sys [2001-08-17 19:19] S3 cwbmidi_device;Pilote UART Crystal WDM MPU-401;C:\WINDOWS\System32\drivers\cwbmidi.sys [2001-08-17 19:19] S3 ELNK3;3Com EtherLink III;C:\WINDOWS\System32\DRIVERS\elnk3.sys [2001-08-17 19:10] S3 gsplittm;gsplittm;C:\DOCUME~1\BLANCH~1\LOCALS~1\Temp\gsplittm.sys [2001-07-28 08:54] S3 LcdMini;Digital Audio Player(Model : PA30B);C:\WINDOWS\System32\DRIVERS\LcdMini.sys [2002-03-28 12:38] S3 msloop;Pilote de carte de bouclage Microsoft;C:\WINDOWS\System32\DRIVERS\loop.sys [2001-08-17 20:53] S3 NtApm;Pilote d'interface NT APM/hérité;C:\WINDOWS\System32\DRIVERS\NtApm.sys [2001-08-23 16:11] S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\System32\Drivers\PCASp50.sys [2005-11-19 02:13] . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-01-05 18:00:57 C:\WINDOWS\Tasks\Nettoyage de disque.job" - C:\WINDOWS\system32\cleanmgr.exe "2008-01-05 17:54:23 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-05 19:39:21 Windows 5.1.2600 NTFS detected NTDLL code modification: ZwClose scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-05 19:49:38 ComboFix-quarantined-files.txt 2008-01-05 18:48:57 . 2008-01-05 17:09:38 --- E O F ---

DID2 · Answer

pour Marie
j'avais trouvé cela en cherchant des forums sur virtumonde 

Supprimer le trojan Vundo/Virtumonde green day samedi 1 décembre 2007 à 01:12:46 jorginho67 

Ce trojan nommé Vundo ou Virtumonde, ou encore trojan agent cs se caractérise par la présence d’un ou plusieurs fichiers.dll au nom aléatoire, se situant dans les fichiers system32 et visibles dans un rapport hijackthis au niveau des lignes 02 et/ou 020. 
Les dernières variantes parfois assez coriaces à supprimer présentes plusieurs particularités comme l’ouverture de fenêtres publicitaires intempestives ou l’absence de lignes 02 et 020 dans un rapport hijackthis. 
Il existe aujourd’hui plusieurs méthodes pour le supprimer ! 


Procédure de désinfection : 
1er méthode : Vundofix 
2ème méthode : VirtumundoBegone 
3ème méthode : Combofix

didier2 · Answer

Bonjour je vous remercie mon pc a l'air de fonctionner correctement merci de votre aide
derniere question comment on ferme un post (discussion terminé) ?

^^Marie^^ · Answer

OK

Bon surf

Au secours virtumonde win32:tratBHO PURITYSCA

22 réponses

Discussions similaires

Newsletters