Virus de type Worm win32.netskyFermé

Question

Bonjour,


Voici mon probleme :


je viens d'attraper un virus depuis hier avec les caracteristiques suivants
- affichage en fond d'ecran de " your privacy is in danger " avec une espece de tete de mort sur fond rouge
- un message m'indiquant que mon ordinateur est infecté par worm.win32.netsky.
- un programme qui n'etait pas sur mon ordinateur et qui s'appelle "systeme alert"
- un message de windows security alert qui m'indique que mon ordi est infecté par un virus et que cela peut-etre dangereux
- des connexions automatiques et intermittentes à internet explorer


Ce que j'ai deja effectué pour tenter de supprimer le virus

J'ai essayé 2 restaurations de systemes à 2 dates différentes, elles  n'ont pas été accepté par mon ordi.

J'ai fait une analyse complete de mon systeme par NORTON qui a detecté 1 virus " advanced cleaner " et que j'ai supprimé grace à norton et suite à l'analyse, mais cela n'a entrainé aucun changement.

J'ai telechargé le kit symantec donné sur la page du site ( http://www.commentcamarche.net/faq/sujet 2618 virus kit de desinfection pour eradiquer w32 netsky) : apres analyse du systeme, il ne detecte aucun virus

J'ai telechargé "hijack this" sur la page :  http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe  et apres analyse
j'ai obtenu dans le bloc note la sequence suivante :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:26:13, on 17/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet	hotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Hercules\Hercules DualPix HD Webcam\CamService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Vidal\Communs\Vidal.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
C:\Program Files\Fichiers communs\Mediafour\MACVNTFY.EXE
C:\Program Files\TOSHIBA\TOSCDSPD	oscdspd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Audacity\audacity.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxybiblio.hec.fr:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\msntb.dll
O2 - BHO: XTN Monitor - {F1F22D55-94CB-4433-9D58-B08C8C47DDF0} - C:\WINDOWS\ddwlxtqxdm.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\msntb.dll
O3 - Toolbar: The enqvwkp - {A276B2DF-BC3A-4144-9902-58BA41D7203F} - C:\WINDOWS\enqvwkp.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32
vsysrot.dll,Enable
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet	hotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [HerculesCamService] C:\Program Files\Hercules\Hercules DualPix HD Webcam\CamService.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [vdlDeamon] C:\Program Files\Vidal\Communs\Vidal.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6] "C:\Program Files\Mediafour\MacDrive\MacDrive.exe" /runonce
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Fichiers communs\Mediafour\MACVNTFY.EXE" /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD	oscdspd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\fr-fr\msntabres.dll.mui/229?2237dd14d4c04700b56d3597d73310a8
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\fr-fr\msntabres.dll.mui/230?2237dd14d4c04700b56d3597d73310a8
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Fichiers communs\Mediafour\MacDriveiTunesPatch.dll
O21 - SSODL: bmlvqkn - {2CF249E6-D9F6-431B-9842-9A98512229AD} - C:\WINDOWS\bmlvqkn.dll
O21 - SSODL: agrlmvp - {80A07F58-9F30-4784-B3CA-4F58D4926769} - C:\WINDOWS\agrlmvp.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

g!rly · Answer

salut, 

télécharges smitfraudfix :

En image :
http://siri.urz.free.fr/Fix/SmitfraudFix.php

tu doubles cliques sur smitfraudfix.cmd et tu choisi l option 1
cela vas générer un rapport.

Copie/colle le rapport sur le forum stp.

@+

juliano2007 · Answer

Rebonjour,

Voici le rapport affiché apres l'operation effectué:

SmitFraudFix v2.274

Rapport fait à 18:52:11,25, 17/01/2008
Executé à partir de C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet	hotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Hercules\Hercules DualPix HD Webcam\CamService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Vidal\Communs\Vidal.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
C:\Program Files\Fichiers communs\Mediafour\MACVNTFY.EXE
C:\Program Files\TOSHIBA\TOSCDSPD	oscdspd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\privacy_danger PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Julien


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Julien\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Julien\Favoris

C:\DOCUME~1\Julien\Favoris\Error Cleaner.url PRESENT !
C:\DOCUME~1\Julien\Favoris\Privacy Protector.url PRESENT !
C:\DOCUME~1\Julien\Favoris\Spyware?Malware Protection.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

C:\DOCUME~1\Julien\Bureau\Error Cleaner.url PRESENT !
C:\DOCUME~1\Julien\Bureau\Privacy Protector.url PRESENT !
C:\DOCUME~1\Julien\Bureau\Spyware?Malware Protection.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:\WINDOWS\privacy_danger\index.htm"
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/100 VE Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{6DB5CB48-752B-4DEB-8EC2-98A34C82D9CF}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6DB5CB48-752B-4DEB-8EC2-98A34C82D9CF}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

g!rly · Answer

re,

Redémarre le PC en mode sans échec : tu tapotes sur la touche F8 de ton clavier (ou F5 ) dès le démarrage et tu choisis le mode sans échec)

- Ouvre le dossier "SmitfraudFix" et double clique sur "Smitfraudfix.cmd", choisit l 'option 2 et tu réponds oui à tout.

Enregistre le rapport puis Copie/colle le rapport sur le forum stp.

et post aussi un nouveau hijack this stp

@+

juliano2007 · Answer

Bonjour Girly,

Merci pour ton aide !
J'ai peur que la demarche que tu me demandes de faire va aboutir à la perte de l'ensemble des données de mon pc.
Je souhaiterai trouver un moyen de supprimer le virus tout en gardant mes donnees . En connait-tu un ?

merci encore

Amicalement 

juliano2007

g!rly · Answer

re,

la demarche que je te demande d´effectuer va seulement supprimé ce que smitfaudfix a détécté a savoir :

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Julien\Favoris

C:\DOCUME~1\Julien\Favoris\Error Cleaner.url PRESENT !
C:\DOCUME~1\Julien\Favoris\Privacy Protector.url PRESENT !
C:\DOCUME~1\Julien\Favoris\Spyware?Malware Protection.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

C:\DOCUME~1\Julien\Bureau\Error Cleaner.url PRESENT !
C:\DOCUME~1\Julien\Bureau\Privacy Protector.url PRESENT !
C:\DOCUME~1\Julien\Bureau\Spyware?Malware Protection.url PRESENT !

et les entrées visibles dans hijack this :

O3 - Toolbar: The enqvwkp - {A276B2DF-BC3A-4144-9902-58BA41D7203F} - C:\WINDOWS\enqvwkp.dll
O21 - SSODL: bmlvqkn - {2CF249E6-D9F6-431B-9842-9A98512229AD} - C:\WINDOWS\bmlvqkn.dll
O21 - SSODL: agrlmvp - {80A07F58-9F30-4784-B3CA-4F58D4926769} - C:\WINDOWS\agrlmvp.dll 
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

je voie que la confience regne ;-(

@+

juliano2007 · Answer

re,

desole j'aime bien savoir ce que je fais avant de le faire. 
J'effectue cela de ce pas

g!rly · Answer

tu as bien raison ;-)

si tu veux tu peux jetter un coup d´oeuil sur ce topik, j´ai demandé a la personne de passé smitfraud également :

http://www.commentcamarche.net/forum/affich 4670868 infection de mon pc g rly aide moi#dernier

@+

juliano2007 · Answer

Re,


Voici le rapport Hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:04:38, on 17/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32undll32.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet	hotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Hercules\Hercules DualPix HD Webcam\CamService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Vidal\Communs\Vidal.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
C:\Program Files\Fichiers communs\Mediafour\MACVNTFY.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD	oscdspd.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\Julien\SmitfraudFix\IEDFix.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\MSN Toolbar Suite\msn_sl.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxybiblio.hec.fr:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\msntb.dll
O2 - BHO: XTN Monitor - {F1F22D55-94CB-4433-9D58-B08C8C47DDF0} - C:\WINDOWS\ddwlxtqxdm.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\msntb.dll
O3 - Toolbar: The enqvwkp - {A276B2DF-BC3A-4144-9902-58BA41D7203F} - C:\WINDOWS\enqvwkp.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32
vsysrot.dll,Enable
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet	hotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [HerculesCamService] C:\Program Files\Hercules\Hercules DualPix HD Webcam\CamService.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [vdlDeamon] C:\Program Files\Vidal\Communs\Vidal.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6] "C:\Program Files\Mediafour\MacDrive\MacDrive.exe" /runonce
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Fichiers communs\Mediafour\MACVNTFY.EXE" /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD	oscdspd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\fr-fr\msntabres.dll.mui/229?2237dd14d4c04700b56d3597d73310a8
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\fr-fr\msntabres.dll.mui/230?2237dd14d4c04700b56d3597d73310a8
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Fichiers communs\Mediafour\MacDriveiTunesPatch.dll
O21 - SSODL: bmlvqkn - {2CF249E6-D9F6-431B-9842-9A98512229AD} - C:\WINDOWS\bmlvqkn.dll
O21 - SSODL: agrlmvp - {80A07F58-9F30-4784-B3CA-4F58D4926769} - C:\WINDOWS\agrlmvp.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

g!rly · Answer

re,

peux tu me poster le rapport smitfraudfix option 2 stp, car la tu as reposter le meme que tout a l´heure,  a savoir smitfraudfix option 1.

@+

juliano2007 · Answer

re,


Avec difficulté voila ce que tu m'as demandé :

SmitFraudFix v2.274

Rapport fait à 20:23:10,01, 17/01/2008
Executé à partir de C:\Documents and Settings\Julien\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1       localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found. 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\DOCUME~1\Julien\Bureau\Error Cleaner.url supprimé
C:\DOCUME~1\Julien\Bureau\Privacy Protector.url supprimé
C:\DOCUME~1\Julien\Bureau\Spyware?Malware Protection.url supprimé
C:\DOCUME~1\Julien\Favoris\Error Cleaner.url supprimé
C:\DOCUME~1\Julien\Favoris\Privacy Protector.url supprimé
C:\DOCUME~1\Julien\Favoris\Spyware?Malware Protection.url supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{6DB5CB48-752B-4DEB-8EC2-98A34C82D9CF}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6DB5CB48-752B-4DEB-8EC2-98A34C82D9CF}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{6DB5CB48-752B-4DEB-8EC2-98A34C82D9CF}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
 
Nettoyage terminé. 
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

g!rly · Answer

ok merci, 

on continue :

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe      

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

@+

juliano2007 · Answer

ComboFix 08-01-18.1 - Julien 2008-01-18 21:22:24.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.461 [GMT 1:00] Running from: C:\Documents and Settings\Julien\Bureau\ComboFix.exe [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((( Fichiers créés 2007-12-18 to 2008-01-18 )))))))))))))))))))))))))))))))))))) . 2008-01-18 21:08 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-17 20:03 . 2008-01-17 20:05 d-------- C:\Documents and Settings\Julien\SmitfraudFix 2008-01-17 18:43 . 2008-01-17 20:23 4,834 --a------ C:\WINDOWS\system32 mp.reg 2008-01-17 18:42 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-01-17 18:42 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-01-17 18:42 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-01-17 18:42 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-01-17 18:42 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-01-17 18:42 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-01-17 18:35 . 2008-01-17 18:35 668 --a------ C:\Documents and Settings\Julien\Application Data\waver_2.95.dat 2008-01-17 18:29 . 2008-01-17 18:29 d-------- C:\Program Files\Flop 2008-01-17 18:29 . 2008-01-17 18:29 4 --a------ C:\WINDOWS\system32\qwolt.pdg 2008-01-17 17:25 . 2008-01-17 17:25 d-------- C:\Program Files\Trend Micro 2008-01-17 01:39 . 2008-01-16 21:13 323,584 --a------ C:\WINDOWS\bmlvqkn.dll 2008-01-17 01:39 . 2008-01-16 21:13 229,376 --a------ C:\WINDOWS\agrlmvp.dll 2008-01-17 01:39 . 2008-01-16 21:13 81,920 --a------ C:\WINDOWS\fxtqdrl.exe 2008-01-07 23:22 . 2008-01-07 23:22 d-------- C:\Program Files\Fichiers communs\Mediafour 2008-01-07 23:21 . 2008-01-07 23:22 d-------- C:\Program Files\Mediafour 2008-01-02 09:47 . 2008-01-02 09:47 d-------- C:\Documents and Settings\Julien\Application Data\Steinberg 2008-01-02 09:44 . 2000-12-05 15:57 286,720 --a------ C:\WINDOWS\system32\Mp3com.dll 2008-01-02 09:44 . 2001-05-31 11:53 36,864 --a------ C:\WINDOWS\system32\Mros432.dll 2008-01-02 09:44 . 2001-08-07 14:03 36,864 --a------ C:\WINDOWS\system32\audioencoderenum.dll 2008-01-02 09:43 . 2000-04-27 12:31 19,456 --a------ C:\WINDOWS\system32\asapi.dll 2008-01-02 09:43 . 2000-05-12 14:48 8,768 --a------ C:\WINDOWS\system32\drivers\asapi.sys 2008-01-02 09:42 . 2008-01-02 09:44 d-------- C:\Program Files\Steinberg 2007-12-29 00:17 . 2007-12-29 00:17 d-------- C:\Documents and Settings\Julien\Application Data\InterVideo 2007-12-28 18:43 . 2007-12-28 18:43 d-------- C:\Program Files\Happyneuron 2007-12-28 18:24 . 2007-12-28 18:24 d-------- C:\Program Files\JoWood 2007-12-28 16:08 . 2007-12-28 16:08 d-------- C:\Program Files\EA GAMES 2007-12-28 15:58 . 2004-08-18 09:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll 2007-12-25 17:35 . 2008-01-02 10:49 138 --a------ C:\WINDOWS\cdplayer.ini 2007-12-24 02:11 . 2007-12-24 02:11 d-------- C:\Program Files\IVCsoft 2007-12-24 01:41 . 2007-12-24 01:46 d-------- C:\Documents and Settings\Julien\dwhelper 2007-12-18 19:35 . 2007-12-18 19:35 d-------- C:\Program Files\Real 2007-12-18 19:35 . 2007-12-18 19:35 d-------- C:\Program Files\Fichiers communs\xing shared 2007-12-18 19:35 . 2007-12-18 19:35 d-------- C:\Program Files\Fichiers communs\Real . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-17 06:59 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2007-12-28 17:24 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-16 21:37 --------- d-----w C:\Program Files\AV MP3 Player-Morpher 2007-12-13 07:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2007-12-10 17:26 --------- d-----w C:\Program Files\VIDAL 2007-12-06 06:33 --------- d-----w C:\Program Files\Norton Internet Security 2007-12-04 16:54 --------- d-----w C:\Program Files\Google 2007-12-01 16:02 --------- d-----w C:\Program Files\Investintech.com Inc 2007-12-01 09:29 --------- d-----w C:\Program Files\Windows Live 2007-12-01 09:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-11-30 13:15 --------- d-----w C:\Documents and Settings\Julien\Application Data\HPAppData 2007-11-27 10:58 --------- d-----w C:\Documents and Settings\Julien\Application Data\HP 2007-11-27 10:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\WEBREG 2007-11-27 10:28 --------- d-----w C:\Program Files\HP 2007-11-27 10:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\HPSSUPPLY 2007-11-27 10:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP 2007-11-27 10:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP Product Assistant 2007-11-27 10:24 --------- d-----w C:\Program Files\Hewlett-Packard 2007-11-27 10:24 --------- d-----w C:\Program Files\Fichiers communs\HP 2007-11-27 10:23 --------- d-----w C:\Program Files\Fichiers communs\Hewlett-Packard 2007-11-27 10:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard 2007-11-26 20:38 --------- d-----w C:\Documents and Settings\All Users\Application Data View_Profiles 2007-11-26 20:34 --------- d-----w C:\Documents and Settings\Julien\Application Data\vlc 2007-11-26 20:20 --------- d-----w C:\Program Files\VideoLAN 2007-11-25 19:41 --------- d-----w C:\Program Files\Hercules 2007-11-25 19:41 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2007-11-25 19:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield 2007-11-25 19:33 --------- d-----w C:\Documents and Settings\Julien\Application Data\InstallShield 2007-11-25 14:31 --------- d-----w C:\Program Files\eMule 2007-11-24 14:40 --------- d-----w C:\Documents and Settings\Julien\Application Data\Sony Corporation 2007-11-23 02:12 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-11-23 02:03 --------- d-----w C:\Program Files\MSXML 4.0 2007-11-22 16:51 --------- d-----w C:\Program Files\Sony 2007-11-22 16:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Corporation 2007-11-22 16:50 --------- d-----w C:\Program Files\Fichiers communs\Sony Shared 2007-11-22 11:23 --------- d-----w C:\Program Files\Winamp 2007-11-22 11:22 --------- d-----w C:\Program Files\Sonic 2007-11-22 11:22 --------- d-----w C:\Program Files\Audacity 2007-11-22 04:11 --------- d-----w C:\Documents and Settings\Julien\Application Data\Winamp 2007-11-22 02:49 --------- d-----w C:\Program Files\Fichiers communs\NSV 2007-11-22 01:16 --------- d-----w C:\Program Files\X10 Hardware 2007-11-22 01:16 --------- d-----w C:\Program Files\Windows Plus 2007-11-22 01:16 --------- d-----w C:\Program Files\Windows Desktop Search 2007-11-22 01:16 --------- d-----w C:\Program Files\Toshiba 2007-11-22 01:14 --------- d---a-w C:\Program Files\Offre Wanadoo 2007-11-22 01:14 --------- d-----w C:\Program Files\Synaptics 2007-11-22 01:14 --------- d-----w C:\Program Files\Symantec 2007-11-22 01:14 --------- d-----w C:\Program Files\Services en ligne 2007-11-22 01:14 --------- d-----w C:\Program Files\Realtek 2007-11-22 01:13 --------- d-----w C:\Program Files\MSN Toolbar Suite 2007-11-22 01:13 --------- d-----w C:\Program Files\Microsoft.NET 2007-11-22 01:13 --------- d-----w C:\Program Files\microsoft frontpage 2007-11-22 01:13 --------- d-----w C:\Program Files\ltmoh 2007-11-22 01:12 --------- d-----w C:\Program Files\InterVideo 2007-11-22 01:11 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines 2007-11-22 01:11 --------- d-----w C:\Program Files\Fichiers communs\ODBC 2007-11-22 01:11 --------- d-----w C:\Program Files\Fichiers communs\MSSoap 2007-11-22 01:10 --------- d-----w C:\Program Files\Fichiers communs\Java 2007-11-22 01:10 --------- d-----w C:\Program Files\Fichiers communs\InterVideo 2007-11-22 01:10 --------- d-----w C:\Program Files\Common Files 2007-11-22 01:03 --------- d-----w C:\Documents and Settings\LocalService\Application Data\X10 Commander 2007-11-22 00:59 --------- d-----w C:\Documents and Settings\Julien\Application Data\Windows Desktop Search 2007-11-22 00:59 --------- d-----w C:\Documents and Settings\Julien\Application Data oshiba 2007-11-22 00:59 --------- d-----w C:\Documents and Settings\Julien\Application Data\Symantec 2007-11-22 00:59 --------- d-----w C:\Documents and Settings\Julien\Application Data\Sonic 2007-11-22 00:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-11-22 00:59 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Windows Desktop Search 2007-11-22 00:59 --------- d-----w C:\Documents and Settings\Administrateur\Application Data oshiba 2007-11-22 00:59 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Symantec 2007-11-22 00:59 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Sonic 2007-11-21 21:43 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2007-11-21 21:43 --------- d-----w C:\Documents and Settings\Julien\Application Data\InterTrust 2007-11-21 21:00 --------- d-----w C:\Documents and Settings\Julien\Application Data\AdobeUM 2007-11-21 20:19 --------- d-----w C:\Program Files\Microsoft Works 2007-11-21 18:24 --------- d-----w C:\Documents and Settings\Julien\Application Data\Windows Live Writer 2007-11-21 18:08 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition 2007-11-21 18:02 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller 2007-11-21 17:46 21,419 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys 2007-11-21 17:46 --------- d-----w C:\Program Files\Intel 2007-11-21 17:46 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Intel 2007-11-21 17:46 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Intel 2007-11-21 17:46 --------- d-----w C:\Documents and Settings\Julien\Application Data\Intel 2007-11-21 17:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel 2007-11-21 17:46 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Intel 2007-11-21 17:45 0 --sha-r C:\WINDOWS\system32\drivers\TOSHIBA_Satellite A100_04548-FR_PSAA9E-14W03.MRK 2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-10-29 22:36 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-24 16:58 228,864 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR 2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}] 2007-03-02 16:52 1298024 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}] 2007-03-02 16:52 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\{A08FB30D-51C4-4E54-AA5E-FF18739802EA}] @=Mediafour Mac Volume Icons [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD oscdspd.exe" [2005-04-11 15:08 65536] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 12:34 64512] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-01 21:04 7557120] "nwiz"="nwiz.exe" [2006-05-01 21:04 1519616 C:\WINDOWS\system32 wiz.exe] "NVRotateSysTray"="C:\WINDOWS\system32 vsysrot.dll" [2006-05-01 21:04 49152] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 00:02 761948] "RTHDCPL"="RTHDCPL.EXE" [2006-05-05 14:59 16206848 C:\WINDOWS\RTHDCPL.exe] "LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2004-08-18 11:37 184320] "AGRSMMSG"="AGRSMMSG.exe" [2005-12-13 15:50 88204 C:\WINDOWS\agrsmmsg.exe] "THotkey"="C:\Program Files\Toshiba\Toshiba Applet hotkey.exe" [2006-08-25 12:47 356352] "TPSMain"="TPSMain.exe" [2005-08-03 15:09 266240 C:\WINDOWS\system32\TPSMain.exe] "NDSTray.exe"="NDSTray.exe" [] "Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 12:11 73728] "SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 08:24 118784] "TFncKy"="TFncKy.exe" [] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 04:20 122940] "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2005-09-16 23:27 52848] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 00:38 802816] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 00:32 696320] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28 36352] "HerculesCamService"="C:\Program Files\Hercules\Hercules DualPix HD Webcam\CamService.exe" [2006-10-13 10:05 106496] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152] "CFSServ.exe"="CFSServ.exe" [] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-04 17:54 1840128] "vdlDeamon"="C:\Program Files\Vidal\Communs\Vidal.exe" [2004-12-29 18:49 1055744] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" [2007-12-18 19:35 185632] "MDDiskProtect.exe"="C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe" [2004-09-13 16:56 94208] "MediafourGettingStartedWithMacDrive6"="C:\Program Files\Mediafour\MacDrive\MacDrive.exe" [2004-08-26 13:12 86016] "Mediafour Mac Volume Notifications"="C:\Program Files\Fichiers communs\Mediafour\MACVNTFY.exe" [2002-12-17 15:43 61440] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24] Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 21:44:08] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 12:11 233472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "bmlvqkn"= {2CF249E6-D9F6-431B-9842-9A98512229AD} - C:\WINDOWS\bmlvqkn.dll [2008-01-16 21:13 323584] "agrlmvp"= {80A07F58-9F30-4784-B3CA-4F58D4926769} - C:\WINDOWS\agrlmvp.dll [2008-01-16 21:13 229376] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\MacDrive-iTunes compatibility] C:\Program Files\Fichiers communs\Mediafour\MacDriveiTunesPatch.dll 2003-11-07 10:24 61440 C:\Program Files\Fichiers communs\Mediafour\MacDriveiTunesPatch.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL R0 MDPMGRNT;MDPMGRNT;C:\WINDOWS\system32\drivers\MDPMGRNT.sys [2004-08-31 14:54] R1 MDFSYSNT;MDFSYSNT;C:\WINDOWS\system32\drivers\MDFSYSNT.sys [2004-09-13 19:08] R2 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2000-05-12 14:48] R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 17:29] R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 09:45] S3 APL531;Hercules Dualpix HD Webcam;C:\WINDOWS\system32\Drivers\HDvid.sys [2006-09-27 17:08] S3 camfilt;camfilt;C:\WINDOWS\system32\Drivers\camfilt.sys [2006-10-03 15:06] S3 GoogleDesktopManager-091907-194040;Google Desktop Manager 5.1.709.19590;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-04 17:54] S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS osrfec.sys [2005-09-09 13:47] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\Install.exe *Newly Created Service* - COMHOST . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-01-18 20:20:00 C:\WINDOWS\Tasks\Check Updates for MSN Search Toolbar.job" - C:\Program Files\MSN Toolbar Suite\MSNTBUP.EXE "2008-01-04 19:08:05 C:\WINDOWS\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - Julien.job" - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK: . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-18 21:24:24 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156] -> C:\WINDOWS\bmlvqkn.dll . Completion time: 2008-01-18 21:24:52 ComboFix-quarantined-files.txt 2008-01-18 20:24:49 . 2008-01-09 02:02:25 --- E O F ---

g!rly · Answer

re,

Copie le texte ci-dessous :

File::
C:\WINDOWS\bmlvqkn.dll
C:\WINDOWS\agrlmvp.dll

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"bmlvqkn"=-
"agrlmvp"=-

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix, 

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@´+

juliano2007 · Answer

Il n'y a pas eu de redemarrage ComboFix 08-01-18.1 - Julien 2008-01-19 1:58:04.4 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.409 [GMT 1:00] Running from: C:\Documents and Settings\Julien\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Julien\Mes documents\CFScript.txt..txt * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] FILE C:\WINDOWS\agrlmvp.dll C:\WINDOWS\bmlvqkn.dll . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\agrlmvp.dll C:\WINDOWS\bmlvqkn.dll . ((((((((((((((((((((((((((((( Fichiers créés 2007-12-19 to 2008-01-19 )))))))))))))))))))))))))))))))))))) . 2008-01-18 21:08 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-17 20:03 . 2008-01-17 20:05 d-------- C:\Documents and Settings\Julien\SmitfraudFix 2008-01-17 18:43 . 2008-01-17 20:23 4,834 --a------ C:\WINDOWS\system32\tmp.reg 2008-01-17 18:42 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-01-17 18:42 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-01-17 18:42 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-01-17 18:42 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-01-17 18:42 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-01-17 18:42 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-01-17 18:35 . 2008-01-17 18:35 668 --a------ C:\Documents and Settings\Julien\Application Data\waver_2.95.dat 2008-01-17 18:29 . 2008-01-17 18:29 d-------- C:\Program Files\Flop 2008-01-17 18:29 . 2008-01-17 18:29 4 --a------ C:\WINDOWS\system32\qwolt.pdg 2008-01-17 17:25 . 2008-01-17 17:25 d-------- C:\Program Files\Trend Micro 2008-01-17 01:39 . 2008-01-16 21:13 81,920 --a------ C:\WINDOWS\fxtqdrl.exe 2008-01-07 23:22 . 2008-01-07 23:22 d-------- C:\Program Files\Fichiers communs\Mediafour 2008-01-07 23:21 . 2008-01-07 23:22 d-------- C:\Program Files\Mediafour 2008-01-02 09:47 . 2008-01-02 09:47 d-------- C:\Documents and Settings\Julien\Application Data\Steinberg 2008-01-02 09:44 . 2000-12-05 15:57 286,720 --a------ C:\WINDOWS\system32\Mp3com.dll 2008-01-02 09:44 . 2001-05-31 11:53 36,864 --a------ C:\WINDOWS\system32\Mros432.dll 2008-01-02 09:44 . 2001-08-07 14:03 36,864 --a------ C:\WINDOWS\system32\audioencoderenum.dll 2008-01-02 09:43 . 2000-04-27 12:31 19,456 --a------ C:\WINDOWS\system32\asapi.dll 2008-01-02 09:43 . 2000-05-12 14:48 8,768 --a------ C:\WINDOWS\system32\drivers\asapi.sys 2008-01-02 09:42 . 2008-01-02 09:44 d-------- C:\Program Files\Steinberg 2007-12-29 00:17 . 2007-12-29 00:17 d-------- C:\Documents and Settings\Julien\Application Data\InterVideo 2007-12-28 18:43 . 2007-12-28 18:43 d-------- C:\Program Files\Happyneuron 2007-12-28 18:24 . 2007-12-28 18:24 d-------- C:\Program Files\JoWood 2007-12-28 16:08 . 2007-12-28 16:08 d-------- C:\Program Files\EA GAMES 2007-12-28 15:58 . 2004-08-18 09:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll 2007-12-25 17:35 . 2008-01-02 10:49 138 --a------ C:\WINDOWS\cdplayer.ini 2007-12-24 02:11 . 2007-12-24 02:11 d-------- C:\Program Files\IVCsoft 2007-12-24 01:41 . 2007-12-24 01:46 d-------- C:\Documents and Settings\Julien\dwhelper . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-17 06:59 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2007-12-28 17:24 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-18 18:35 --------- d-----w C:\Program Files\Real 2007-12-18 18:35 --------- d-----w C:\Program Files\Fichiers communs\xing shared 2007-12-18 18:35 --------- d-----w C:\Program Files\Fichiers communs\Real 2007-12-16 21:37 --------- d-----w C:\Program Files\AV MP3 Player-Morpher 2007-12-13 07:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2007-12-10 17:26 --------- d-----w C:\Program Files\VIDAL 2007-12-06 06:33 --------- d-----w C:\Program Files\Norton Internet Security 2007-12-04 16:54 --------- d-----w C:\Program Files\Google 2007-12-01 16:02 --------- d-----w C:\Program Files\Investintech.com Inc 2007-12-01 09:29 --------- d-----w C:\Program Files\Windows Live 2007-12-01 09:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-11-30 13:15 --------- d-----w C:\Documents and Settings\Julien\Application Data\HPAppData 2007-11-27 10:58 --------- d-----w C:\Documents and Settings\Julien\Application Data\HP 2007-11-27 10:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\WEBREG 2007-11-27 10:28 --------- d-----w C:\Program Files\HP 2007-11-27 10:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\HPSSUPPLY 2007-11-27 10:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP 2007-11-27 10:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP Product Assistant 2007-11-27 10:24 --------- d-----w C:\Program Files\Hewlett-Packard 2007-11-27 10:24 --------- d-----w C:\Program Files\Fichiers communs\HP 2007-11-27 10:23 --------- d-----w C:\Program Files\Fichiers communs\Hewlett-Packard 2007-11-27 10:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard 2007-11-26 20:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles 2007-11-26 20:34 --------- d-----w C:\Documents and Settings\Julien\Application Data\vlc 2007-11-26 20:20 --------- d-----w C:\Program Files\VideoLAN 2007-11-25 19:41 --------- d-----w C:\Program Files\Hercules 2007-11-25 19:41 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2007-11-25 19:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield 2007-11-25 19:33 --------- d-----w C:\Documents and Settings\Julien\Application Data\InstallShield 2007-11-25 14:31 --------- d-----w C:\Program Files\eMule 2007-11-24 14:40 --------- d-----w C:\Documents and Settings\Julien\Application Data\Sony Corporation 2007-11-23 02:12 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-11-23 02:03 --------- d-----w C:\Program Files\MSXML 4.0 2007-11-22 16:51 --------- d-----w C:\Program Files\Sony 2007-11-22 16:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Corporation 2007-11-22 16:50 --------- d-----w C:\Program Files\Fichiers communs\Sony Shared 2007-11-22 11:23 --------- d-----w C:\Program Files\Winamp 2007-11-22 11:22 --------- d-----w C:\Program Files\Sonic 2007-11-22 11:22 --------- d-----w C:\Program Files\Audacity 2007-11-22 04:11 --------- d-----w C:\Documents and Settings\Julien\Application Data\Winamp 2007-11-22 02:49 --------- d-----w C:\Program Files\Fichiers communs\NSV 2007-11-22 01:16 --------- d-----w C:\Program Files\X10 Hardware 2007-11-22 01:16 --------- d-----w C:\Program Files\Windows Plus 2007-11-22 01:16 --------- d-----w C:\Program Files\Windows Desktop Search 2007-11-22 01:16 --------- d-----w C:\Program Files\Toshiba 2007-11-22 01:14 --------- d---a-w C:\Program Files\Offre Wanadoo 2007-11-22 01:14 --------- d-----w C:\Program Files\Synaptics 2007-11-22 01:14 --------- d-----w C:\Program Files\Symantec 2007-11-22 01:14 --------- d-----w C:\Program Files\Services en ligne 2007-11-22 01:14 --------- d-----w C:\Program Files\Realtek 2007-11-22 01:13 --------- d-----w C:\Program Files\MSN Toolbar Suite 2007-11-22 01:13 --------- d-----w C:\Program Files\Microsoft.NET 2007-11-22 01:13 --------- d-----w C:\Program Files\microsoft frontpage 2007-11-22 01:13 --------- d-----w C:\Program Files\ltmoh 2007-11-22 01:12 --------- d-----w C:\Program Files\InterVideo 2007-11-22 01:11 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines 2007-11-22 01:11 --------- d-----w C:\Program Files\Fichiers communs\ODBC 2007-11-22 01:11 --------- d-----w C:\Program Files\Fichiers communs\MSSoap 2007-11-22 01:10 --------- d-----w C:\Program Files\Fichiers communs\Java 2007-11-22 01:10 --------- d-----w C:\Program Files\Fichiers communs\InterVideo 2007-11-22 01:10 --------- d-----w C:\Program Files\Common Files 2007-11-22 01:03 --------- d-----w C:\Documents and Settings\LocalService\Application Data\X10 Commander 2007-11-22 00:59 --------- d-----w C:\Documents and Settings\Julien\Application Data\Windows Desktop Search 2007-11-22 00:59 --------- d-----w C:\Documents and Settings\Julien\Application Data\toshiba 2007-11-22 00:59 --------- d-----w C:\Documents and Settings\Julien\Application Data\Symantec 2007-11-22 00:59 --------- d-----w C:\Documents and Settings\Julien\Application Data\Sonic 2007-11-22 00:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-11-22 00:59 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Windows Desktop Search 2007-11-22 00:59 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\toshiba 2007-11-22 00:59 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Symantec 2007-11-22 00:59 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Sonic 2007-11-21 21:43 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2007-11-21 21:43 --------- d-----w C:\Documents and Settings\Julien\Application Data\InterTrust 2007-11-21 21:00 --------- d-----w C:\Documents and Settings\Julien\Application Data\AdobeUM 2007-11-21 20:19 --------- d-----w C:\Program Files\Microsoft Works 2007-11-21 18:24 --------- d-----w C:\Documents and Settings\Julien\Application Data\Windows Live Writer 2007-11-21 18:08 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition 2007-11-21 18:02 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller 2007-11-21 17:46 21,419 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys 2007-11-21 17:46 --------- d-----w C:\Program Files\Intel 2007-11-21 17:46 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Intel 2007-11-21 17:46 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Intel 2007-11-21 17:46 --------- d-----w C:\Documents and Settings\Julien\Application Data\Intel 2007-11-21 17:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel 2007-11-21 17:46 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Intel 2007-11-21 17:45 0 --sha-r C:\WINDOWS\system32\drivers\TOSHIBA_Satellite A100_04548-FR_PSAA9E-14W03.MRK 2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-10-29 22:36 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-24 16:58 228,864 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR . ((((((((((((((((((((((((((((( snapshot@2008-01-18_21.24.30.59 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-17 19:57:00 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT + 2008-01-19 00:57:31 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT - 2008-01-17 19:57:00 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat + 2008-01-19 00:57:32 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat - 2008-01-17 19:57:00 4,100,096 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT + 2008-01-19 00:57:32 4,100,096 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT - 2008-01-17 19:57:01 249,856 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat + 2008-01-19 00:57:32 253,952 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat - 2008-01-17 19:57:01 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT + 2008-01-19 00:57:32 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT - 2008-01-17 19:57:01 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat + 2008-01-19 00:57:32 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}] 2007-03-02 16:52 1298024 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}] 2007-03-02 16:52 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\{A08FB30D-51C4-4E54-AA5E-FF18739802EA}] @=Mediafour Mac Volume Icons [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 15:08 65536] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 12:34 64512] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-01 21:04 7557120] "nwiz"="nwiz.exe" [2006-05-01 21:04 1519616 C:\WINDOWS\system32\nwiz.exe] "NVRotateSysTray"="C:\WINDOWS\system32\nvsysrot.dll" [2006-05-01 21:04 49152] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 00:02 761948] "RTHDCPL"="RTHDCPL.EXE" [2006-05-05 14:59 16206848 C:\WINDOWS\RTHDCPL.exe] "LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2004-08-18 11:37 184320] "AGRSMMSG"="AGRSMMSG.exe" [2005-12-13 15:50 88204 C:\WINDOWS\agrsmmsg.exe] "THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-25 12:47 356352] "TPSMain"="TPSMain.exe" [2005-08-03 15:09 266240 C:\WINDOWS\system32\TPSMain.exe] "NDSTray.exe"="NDSTray.exe" [] "Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 12:11 73728] "SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 08:24 118784] "TFncKy"="TFncKy.exe" [] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 04:20 122940] "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2005-09-16 23:27 52848] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 00:38 802816] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 00:32 696320] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28 36352] "HerculesCamService"="C:\Program Files\Hercules\Hercules DualPix HD Webcam\CamService.exe" [2006-10-13 10:05 106496] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 21:34 49152] "CFSServ.exe"="CFSServ.exe" [] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-04 17:54 1840128] "vdlDeamon"="C:\Program Files\Vidal\Communs\Vidal.exe" [2004-12-29 18:49 1055744] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-18 19:35 185632] "MDDiskProtect.exe"="C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe" [2004-09-13 16:56 94208] "MediafourGettingStartedWithMacDrive6"="C:\Program Files\Mediafour\MacDrive\MacDrive.exe" [2004-08-26 13:12 86016] "Mediafour Mac Volume Notifications"="C:\Program Files\Fichiers communs\Mediafour\MACVNTFY.exe" [2002-12-17 15:43 61440] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24] Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2006-03-26 21:44:08] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 12:11 233472] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MacDrive-iTunes compatibility] C:\Program Files\Fichiers communs\Mediafour\MacDriveiTunesPatch.dll 2003-11-07 10:24 61440 C:\Program Files\Fichiers communs\Mediafour\MacDriveiTunesPatch.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL R0 MDPMGRNT;MDPMGRNT;C:\WINDOWS\system32\drivers\MDPMGRNT.sys [2004-08-31 14:54] R1 MDFSYSNT;MDFSYSNT;C:\WINDOWS\system32\drivers\MDFSYSNT.sys [2004-09-13 19:08] R2 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2000-05-12 14:48] R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 17:29] R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 09:45] S3 APL531;Hercules Dualpix HD Webcam;C:\WINDOWS\system32\Drivers\HDvid.sys [2006-09-27 17:08] S3 camfilt;camfilt;C:\WINDOWS\system32\Drivers\camfilt.sys [2006-10-03 15:06] S3 GoogleDesktopManager-091907-194040;Google Desktop Manager 5.1.709.19590;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-04 17:54] S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 13:47] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\Install.exe *Newly Created Service* - COMHOST . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-01-18 20:20:00 C:\WINDOWS\Tasks\Check Updates for MSN Search Toolbar.job" - C:\Program Files\MSN Toolbar Suite\MSNTBUP.EXE "2008-01-04 19:08:05 C:\WINDOWS\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - Julien.job" - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK: . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-19 01:59:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-19 1:59:53 ComboFix-quarantined-files.txt 2008-01-19 00:59:51 ComboFix2.txt 2008-01-18 20:24:53 . 2008-01-09 02:02:25 --- E O F ---

juliano2007 · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:31, on 2008-01-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet	hotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Hercules\Hercules DualPix HD Webcam\CamService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Vidal\Communs\Vidal.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Fichiers communs\Mediafour\MACVNTFY.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD	oscdspd.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxybiblio.hec.fr:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\msntb.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32
vsysrot.dll,Enable
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet	hotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [HerculesCamService] C:\Program Files\Hercules\Hercules DualPix HD Webcam\CamService.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [vdlDeamon] C:\Program Files\Vidal\Communs\Vidal.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6] "C:\Program Files\Mediafour\MacDrive\MacDrive.exe" /runonce
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Fichiers communs\Mediafour\MACVNTFY.EXE" /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD	oscdspd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\fr-fr\msntabres.dll.mui/229?2237dd14d4c04700b56d3597d73310a8
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\fr-fr\msntabres.dll.mui/230?2237dd14d4c04700b56d3597d73310a8
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Fichiers communs\Mediafour\MacDriveiTunesPatch.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.1.709.19590 (GoogleDesktopManager-091907-194040) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

g!rly · Answer

salut juliano2007,

ca a l´air d´aller mieux, non?

tu surf avec internet explorer 6.0 = failles de securitées importantes

alors fais les mises a jour windows : tu veux la version 7.0 

et pourquoi ne pas surfer avec firefox? = plus sur,  tout en gardant ie 7.0 pour les mises a jour windows car impossible a effectuer sous firefox

http://www.firefox.fr/ 

ta version de acrobat reader n´est pas a jour, tu veux la version 8.1 derniere en date alors desinstale ta version par le panneau de configuration / ajoue et suppression de programme

et instale la derniere :

https://get2.adobe.com/reader/otherversions/

ou foxit plus léger :

https://www.clubic.com/telecharger-fiche13808-foxit-reader.html

appuie simultanement sur la touche windows a droit de la barre d´espace (drapeau windows) et sur "e" ->une fois dans le post de travail click sur le disk c > program files >java ouvre le fichier java et click sur le fichier jre1.5.0_06 pour l´ouvrir puis ouvre le fichier bin et dedans tu recherche ceci : jucheck.exe tu double click dessus et effectue la mise a jour de java> tu veux la version 1.6.0_03
une fois la mise a jour effectuée tu va dans ajoute/suppression de program et tu supprime toutes les autres update de java, il ne doit te rester que celle que tu viens de faire : 1.6.0_03 

https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/

puis fais ce scan a l´aide d´avg antispyware et post le resultat ici stp :

A.V.G :

-> Télécharger AVG Anti-Spyware (ewido)

   http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware

-> L´installer.

-> lancer AVG Anti-Spyware et clicker sur le bouton Mise à jour. Patienter...
   
   p.s : si les mises a jours ne se font pas, elles sont telechargable ici :

   http://downloads.ewido.net/avgas-signatures-full-current.exe

-> Sur la page "analyse":

   choisir d´abord l'onglet "paramètres".
   
   sous « Comment réagir » clicker sur « Actions recommandées » et dans le menu déroulant, choisir « Supprimer ».

-> Lancer le scan, (c´est long...).

-> A la fin du scan copier Et coller le rapport ici. 

-> Une aide en image au cas ou :

   Tutoriel d´installation et de parametrages :

   http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

@+

juliano2007 · Answer

Salut Girly,

Merci infiniement pour ton efficacité et ta rapidité d'action.
L'ordi marche bp mieux ( a part le fond d'ecran qui reste bleu bizarrement). Voici mon rapport AVG

AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	20:46 2008-01-20

 + Résultat de l'analyse:	



:mozilla.144:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.145:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.405:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.407:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.66:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.67:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.68:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.69:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\Julien\Cookies\julien@2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\Julien\Cookies\julien@msnaccountservices.112.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\Julien\Cookies\julien@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.103:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Adtech : Aucune action entreprise.
:mozilla.6:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.7:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.8:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.9:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
C:\Documents and Settings\Julien\Cookies\julien@advertising[1].txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.265:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Adviva : Aucune action entreprise.
:mozilla.37:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\Documents and Settings\Julien\Cookies\julien@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
:mozilla.101:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
:mozilla.421:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Documents and Settings\Julien\Cookies\julien@bluestreak[1].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
:mozilla.31:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\Documents and Settings\Julien\Cookies\julien@doubleclick[2].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
:mozilla.166:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Estat : Aucune action entreprise.
:mozilla.306:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Euroclick : Aucune action entreprise.
:mozilla.307:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Euroclick : Aucune action entreprise.
:mozilla.309:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Euroclick : Aucune action entreprise.
:mozilla.310:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Euroclick : Aucune action entreprise.
:mozilla.311:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Euroclick : Aucune action entreprise.
:mozilla.313:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Euroclick : Aucune action entreprise.
:mozilla.219:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise.
:mozilla.220:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise.
:mozilla.221:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise.
:mozilla.222:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise.
C:\Documents and Settings\Julien\Cookies\julien@ehg-myspaceinc.hitbox[2].txt -> TrackingCookie.Hitbox : Aucune action entreprise.
C:\Documents and Settings\Julien\Cookies\julien@hitbox[1].txt -> TrackingCookie.Hitbox : Aucune action entreprise.
:mozilla.174:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Imrworldwide : Aucune action entreprise.
:mozilla.175:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Imrworldwide : Aucune action entreprise.
:mozilla.333:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
C:\Documents and Settings\Julien\Cookies\julien@mediaplex[1].txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
:mozilla.78:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Overture : Aucune action entreprise.
C:\Documents and Settings\Julien\Cookies\julien@real[2].txt -> TrackingCookie.Real : Aucune action entreprise.
:mozilla.317:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.318:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.319:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.320:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.321:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.322:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.323:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\Documents and Settings\Julien\Cookies\julien@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\Documents and Settings\Julien\Cookies\julien@serving-sys[1].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.398:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Sitestat : Aucune action entreprise.
:mozilla.399:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Sitestat : Aucune action entreprise.
:mozilla.82:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.83:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.84:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.85:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\Documents and Settings\Julien\Cookies\julien@smartadserver[2].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.93:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.94:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.95:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.96:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.167:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.168:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.169:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.170:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.171:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
C:\Documents and Settings\Julien\Cookies\julien@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.125:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.126:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\Documents and Settings\Julien\Cookies\julien@weborama[2].txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.338:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Webtrendslive : Aucune action entreprise.
:mozilla.25:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.26:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.27:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.28:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.29:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.30:C:\Documents and Settings\Julien\Application Data\Mozilla\Firefox\Profiles\gbwfkfvm.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
C:\Documents and Settings\Julien\Cookies\julien@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.


Fin du rapport

Amiclement 


Juliano2007

g!rly · Answer

bonjour,

peux tu refaire smitfraud fix option 1 pour voir stp

post le rapport ici 

@+

juliano2007 · Answer

Bonjour Girly,

Voici le nouveau rapport Smitfraud fix option 1

SmitFraudFix v2.274

Rapport fait à  8:44:00.62, 2008-01-23
Executé à partir de C:\Documents and Settings\Julien\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Toshiba Applet	hotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Hercules\Hercules DualPix HD Webcam\CamService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Vidal\Communs\Vidal.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
C:\Program Files\Fichiers communs\Mediafour\MACVNTFY.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD	oscdspd.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Julien


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Julien\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Julien\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
 

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/Wireless 3945ABG Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{7E8B454F-541C-4E4C-BB17-6FC4B1A8EC91}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7E8B454F-541C-4E4C-BB17-6FC4B1A8EC91}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7E8B454F-541C-4E4C-BB17-6FC4B1A8EC91}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Merci 


Juliano2007

g!rly · Answer

salut juliano2007,

ok pour smitfraudfix.

toujours ton fond d´ecran bleu?

@+

dr-sniper · Answer

VOICI MON RAPORT SVP AID MOI

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:12:26, on 23/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32	askmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://codecs.r8.org/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: SXG Advisor - {846034C7-4A99-4334-B701-A09EA3164949} - C:\WINDOWS\dpvtpormqv.dll
O3 - Toolbar: The elfwgps - {7BEF19B0-E219-418B-916B-836635B35328} - C:\WINDOWS\elfwgps.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O21 - SSODL: bqxomdo - {13B031CD-6191-4A18-80B3-960E61A7A81B} - C:\WINDOWS\bqxomdo.dll
O21 - SSODL: aswmklt - {C01849C5-84B5-478B-AFC2-C7ED7C4F71A4} - C:\WINDOWS\aswmklt.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe

g!rly · Answer

dr-sniper,

C´est le topik a juliano ici,  alors :

Il serait préférable que tu fasses ton message personnel, cela rendra les postes plus compréhensibles et la réponse à ton problème sera plus efficace
Procèdes comme ceci :
http://pageperso.aol.fr/balltrap34/demofairesontmessage.htm

A bientôt ''

Virus de type Worm win32.netsky

22 réponses

Discussions similaires

Newsletters