Ordinateur infesté par brontok-ceRésolu/Fermé

Question

Bonjour,

J'ai un PC infesté par le virus ver brontok-ce, ce pc est en réseau avec serveur sans connexion Internet, j'ai voulu ouvrir un dossier présent sur une clé usb, et c'était en faite un exe. ce qui a fait redémarrer le PC. J'ai tout de suite débrancher le cable réseau. puis analyse avec avast au redémarrage il a trouvé des fichiers windows infectés et ne veux pas les réparer, que doit-je faire ?
C'est un XP sans parefeu ni antivirus récent (pas de connexion internet)


Merci d'avance

jlpjlp · Answer

slt,

il va falloir que tu mette les logiciels sur une clé puis scanner ton ordi: telecharge tous les logiciels sur ta clé

1/ # Télécharge RavAntivirus d'Evosla :
http://ww25.evosla.com/compteur.php?soft=rav_antivirus

# Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX
# Fais un clic droit sur le fichier .ZIP > Extraire sur > le Bureau
# Doucle-clique sur >> RAV.exe << afin de lancer l'outil.
# Une fois RAV ANTIVIRUS lancé, laisse-le réagir , il scanne automatiquement tout les lecteurs (disques fixes et amovibles)
# Si infection > un log s'établira, sinon le soft affichera (très rapide) ==>Votre Ordinateur est sain .
# Retire tes disques amovibles et redémarrez votre ordinateur.
# Poste le rapport, si infection!

2/
Télécharge CleanX-II de sUBs (merci mOe) ici :

http://download.bleepingcomputer.com/sUBs/CleanX-II.exe

Déconnecte tes accès internet. Coupe tous les accès physiques (débranchement du modem, ...).
Ferme toutes les applications.
Désactive puis réactive ta restauration système.
Clic droit sur CleanX-II.exe et "exécuter en mode administrateur" pour démarrer la réparation (UAC désactivée).
Clique OK lorsque tu reçois un message d'avertissement.
A la fin du scan (qui peut prendre plusieurs minutes, patiente le temps qu'il finisse), il va produire un message d'erreur (parce que l'outil ne prend pas en compte la copie pour un Windows français). Pour contourner cette erreur, fais ceci :
Démarrer, exécuter et tape %temp%\report.txt . Le bloc-note va ouvrir le rapport.

Si ce rapport montre qu'il reste encore des fichiers infectés (en fin de rapport après "POST RUN ANALYSIS"), relance l'outil une nouvelle fois.
Ouvre à nouveau le rapport avec la méthode ci-dessus et copie le dans ta réponse. S'il reste encore des fichiers infectés, inutile de relancer encore l'outil. Il faut examiner le rapport.

3/ installe l'antivirus gratuit

https://www.malekal.com/avira-free-security-antivirus-gratuit/

4/
colle un rapport hijackthis

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :

https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."

Jul. · Answer

Merci je fais les manips et te tiens au courant

Jul. · Answer

Bonjour, alors voilà les résultats :

=> RavAntivirus, le pc et les clés sont sains
=> CleanX-II, je l'ai lancé dans ma cession par défaut (Sur mon nom de domaine où je suis admin) est-ce que ça a une incidence?
voilà le rapport :
#######################################################################
 
                        Brontok Worm Removal Tool - (Version - 06.09.17B)
                                                 by sUBs 

#######################################################################
 
Current date: 02/09/08  Current time:  8:13:51,75

=== PRE RUN ANALYSIS ===================================

C:\WINDOWS\system32\Julien's Setting.scr
 
......................................

C:\Documents and Settings\Julien\Local Settings\Application Data\Bron.tok-17-1 

............... 

C:\Documents and Settings\Julien\Local Settings\Application Data\Bron.tok-17-1
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\adaniel1@eesus.jnj.com.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\adelton@fi.muni.cz.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\agl@bitbike.com.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\allan@lodestone.co.za.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\anders@johannsen.com.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\andrei@ispi.net.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\bar@izhcom.ru.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\bernard@bmpsystems.com.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\bmansion@mamasam.com.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\carsten.pedersen@bitbybit.dk.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\ch.longueval@cra-mp.org.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\ch.montgobert@cra-mp.org.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\ch.motgobert@cra-mp.org.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\chregu@nomad.ch.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\chregu@phant.ch.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\chuck@horde.org.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\colin@easydns.com.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\danone@aruba.it.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\david@infotrek.co.uk.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\dmun@4t2.com.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\eric@themepark.com.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\eric@urbanrage.com.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\erkac@vault-tec.sk.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\feherp@mail.matav.hu.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\francois.lameche@wanadoo.fr.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\frank@frontbase.com.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\gurima@owari.ne.jp.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\j.llibre@codetel.net.do.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\jean@bureau.com.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\jef@acme.com.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\jeremy@nirvani.net.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\jon@csh.rit.edu.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\jotel@itnet.com.pl.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\knudriis@post.tele.dk.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\kopp@netzarbeiter.de.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\manon@passionet.de.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\marie@maison.com.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\martinsc@uol.com.br.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\metallic@noworlater.net.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\mligor@zimco.com.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\mnot@pobox.com.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\monte@ispi.net.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\mpg4@duluoz.net.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\petko@unitra.sk.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tokichard.heyes@heyes-computing.net.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tokichard@phpguru.org.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\sascha@schumann.cx.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\sb@sebastian-bergmann.de.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\siusun@best-view.net.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\snajdr@cpress.cz.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\snajdr@pvt.net.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\ssb@fast.no.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok	david@ptt.yu.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok	obias@dnet.it.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok	ranslate@bat.ru.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok	uupola@appelsiini.net.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok	zoompy@cs.washington.edu.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\ulf.wendel@phpdoc.de.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\urs@circle.ch.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\uw@netuse.de.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\VBS.Quocus@mm.int.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\vincent@blavet.net.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\visa@visakopu.net.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\W32.Babybear@mm.int.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\yen789@pchome.com.tw.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Ok-SendMail-Bron-tok


=== POST RUN ANALYSIS ==================================



NOTE
The post-run analysis portion should be empty. If it's not, reboot and run the tool a second time.
 8:15:58,04

======================================================


=> Antivir, je l'ai installé mais pas mis à jour car pas de connexions internet sur le poste

voilà le rapport :


Avira AntiVir Personal
Report file date: mardi 2 septembre 2008  08:26

Scanning for 1369550 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (Service Pack 2)  [5.1.2600]
Boot mode:        Normally booted
Username:         Julien
Computer name:    XP_JULIEN

Version information:
BUILD.DAT     : 8.1.0.331      16934 Bytes    12/08/08 11:46:00
AVSCAN.EXE    : 8.1.4.7       315649 Bytes    26/06/08 08:57:53
AVSCAN.DLL    : 8.1.4.0        40705 Bytes    26/05/08 07:56:40
LUKE.DLL      : 8.1.4.5       164097 Bytes    12/06/08 12:44:19
LUKERES.DLL   : 8.1.4.0        12033 Bytes    26/05/08 07:58:52
ANTIVIR0.VDF  : 6.40.0.0    11030528 Bytes    18/07/07 10:33:34
ANTIVIR1.VDF  : 7.0.5.1      8182784 Bytes    24/06/08 13:54:15
ANTIVIR2.VDF  : 7.0.5.20      142336 Bytes    30/06/08 05:20:53
ANTIVIR3.VDF  : 7.0.5.23       17408 Bytes    30/06/08 09:24:47
Engineversion : 8.1.1.19  
AEVDF.DLL     : 8.1.0.5       102772 Bytes    25/02/08 09:58:21
AESCRIPT.DLL  : 8.1.0.63      311673 Bytes    06/08/08 13:13:47
AESCN.DLL     : 8.1.0.23      119156 Bytes    10/07/08 12:44:49
AERDL.DLL     : 8.1.0.20      418165 Bytes    24/04/08 12:37:48
AEPACK.DLL    : 8.1.2.1       364917 Bytes    15/07/08 12:58:35
AEOFFICE.DLL  : 8.1.0.21      192891 Bytes    18/07/08 06:35:21
AEHEUR.DLL    : 8.1.0.47     1368437 Bytes    06/08/08 13:13:47
AEHELP.DLL    : 8.1.0.15      115063 Bytes    10/07/08 12:44:48
AEGEN.DLL     : 8.1.0.35      315764 Bytes    06/08/08 14:38:47
AEEMU.DLL     : 8.1.0.7       430452 Bytes    31/07/08 08:33:21
AECORE.DLL    : 8.1.1.8       172406 Bytes    31/07/08 08:33:21
AEBB.DLL      : 8.1.0.1        53617 Bytes    10/07/08 12:44:48
AVWINLL.DLL   : 1.0.0.12       15105 Bytes    09/07/08 08:40:05
AVPREF.DLL    : 8.0.2.0        38657 Bytes    16/05/08 09:28:01
AVREP.DLL     : 7.0.0.1       155688 Bytes    30/06/08 14:35:20
AVREG.DLL     : 8.0.0.1        33537 Bytes    09/05/08 11:26:40
AVARKT.DLL    : 1.0.0.23      307457 Bytes    12/02/08 08:29:23
AVEVTLOG.DLL  : 8.0.0.16      119041 Bytes    12/06/08 12:27:49
SQLITE3.DLL   : 3.3.17.1      339968 Bytes    22/01/08 17:28:02
SMTPLIB.DLL   : 1.2.0.23       28929 Bytes    12/06/08 12:49:40
NETNT.DLL     : 8.0.0.1         7937 Bytes    25/01/08 12:05:10
RCIMAGE.DLL   : 8.0.0.51     2371841 Bytes    12/06/08 13:48:07
RCTEXT.DLL    : 8.0.52.0       86273 Bytes    27/06/08 13:34:37

Configuration settings for the scan:
Jobname..........................: Windows System Directory
Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\setupprf.dat
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, 
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 2 septembre 2008  08:26

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'javaw.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'CursorXP.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'HPTLBXFX.exe' - '1' Module(s) have been scanned
Scan process 'hpgs2wnf.exe' - '1' Module(s) have been scanned
Scan process 'EEventManager.exe' - '1' Module(s) have been scanned
Scan process 'hpgs2wnd.exe' - '1' Module(s) have been scanned
Scan process 'Directcd.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'StatusClient.exe' - '1' Module(s) have been scanned
Scan process 'UpdaterUI.exe' - '1' Module(s) have been scanned
Scan process 'shstat.exe' - '1' Module(s) have been scanned
Scan process 'DrvLsnr.exe' - '1' Module(s) have been scanned
Scan process 'SMTray.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'naPrdMgr.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'VsTskMgr.exe' - '1' Module(s) have been scanned
Scan process 'Mcshield.exe' - '1' Module(s) have been scanned
Scan process 'FrameworkService.exe' - '1' Module(s) have been scanned
Scan process 'MantaManager.exe' - '1' Module(s) have been scanned
Scan process 'Manta.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
48 processes with 48 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
    [INFO]      No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
    [INFO]      No virus was found!

Starting to scan the registry.
The registry was scanned ( '62' files ).


Starting the file scan:

Begin scan in 'C:\WINDOWS\system32'


End of the scan: mardi 2 septembre 2008  08:29
Used time: 03:15 Minute(s)

The scan has been done completely.

    203 Scanning directories
   7958 Files were scanned
      0 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      0 Files cannot be scanned
   7958 Files not concerned
     90 Archives were scanned
      0 Warnings
      0 Notes

=>hijackThis
j'ai télécharger directement l'exe et non le zip, est-ce que ça a une incidence, il est installé dans prog files/TrendMicro, et il est renommé

voilà le rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:38:41, on 02/09/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Serveur HF\Manta.exe
C:\Serveur HF\MantaManager.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\eden.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/040C/bl8.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/040C/bl7.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/040C/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/040C/bl7.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [Tok-Cirrhatus-1761] "C:\Documents and Settings\Julien\Local Settings\Application Data\br4545on.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin
pjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin
pjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DomW3Sicagieb.local
O17 - HKLM\Software\..\Telephony: DomainName = DomW3Sicagieb.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{208C7A33-4948-4E90-800D-EB646ABC2AB5}: NameServer = 192.168.223.194
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = DomW3Sicagieb.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{208C7A33-4948-4E90-800D-EB646ABC2AB5}: NameServer = 192.168.223.194
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = DomW3Sicagieb.local
O17 - HKLM\System\CS2\Services\Tcpip\..\{208C7A33-4948-4E90-800D-EB646ABC2AB5}: NameServer = 192.168.223.194
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = DomW3Sicagieb.local
O17 - HKLM\System\CS3\Services\Tcpip\..\{208C7A33-4948-4E90-800D-EB646ABC2AB5}: NameServer = 192.168.223.194
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Hyper File Server : Xp_Julien - PC SOFT - C:\Serveur HF\Manta.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MantaManager - PC SOFT - C:\Serveur HF\MantaManager.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

jlpjlp · Answer

télécharge OTMoveIt 
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.  Ou sur  https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer. 
copie la liste qui se trouve en citation ci-dessous, 
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved. 

Citation : 


C:\Documents and Settings\Julien\Local Settings\Application Data\br4545on.exe


clique sur MoveIt! pour lancer la suppression. 
le résultat apparaitra dans le cadre "Results". 
clique sur Exit pour fermer. 
poste le rapport situé dans C:\_OTMoveIt\MovedFiles. 

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes. 

____________________
vire ce qui est dans moved files en allant dans poste de travail puis C puis otmovit

____________________

recolles un rapport clean 2 et hijackhtis et dis si encore des soucis

Jul. · Answer

OtMoveIT ne l'a pas retrouvé (entre temps, antivir tournait est-ce qu'il a pu le trouvé) du coup je te poste le résultat d'antivir aussi

=> OTMOVEIT
File/Folder C:\Documents and Settings\Julien\Local Settings\Application Data\br4545on.exe not found.

=>Antivir

Avira AntiVir Personal
Report file date: mardi 2 septembre 2008  08:58

Scanning for 1369550 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (Service Pack 2)  [5.1.2600]
Boot mode:        Normally booted
Username:         Julien
Computer name:    XP_JULIEN

Version information:
BUILD.DAT     : 8.1.0.331      16934 Bytes    12/08/08 11:46:00
AVSCAN.EXE    : 8.1.4.7       315649 Bytes    26/06/08 08:57:53
AVSCAN.DLL    : 8.1.4.0        40705 Bytes    26/05/08 07:56:40
LUKE.DLL      : 8.1.4.5       164097 Bytes    12/06/08 12:44:19
LUKERES.DLL   : 8.1.4.0        12033 Bytes    26/05/08 07:58:52
ANTIVIR0.VDF  : 6.40.0.0    11030528 Bytes    18/07/07 10:33:34
ANTIVIR1.VDF  : 7.0.5.1      8182784 Bytes    24/06/08 13:54:15
ANTIVIR2.VDF  : 7.0.5.20      142336 Bytes    30/06/08 05:20:53
ANTIVIR3.VDF  : 7.0.5.23       17408 Bytes    30/06/08 09:24:47
Engineversion : 8.1.1.19  
AEVDF.DLL     : 8.1.0.5       102772 Bytes    25/02/08 09:58:21
AESCRIPT.DLL  : 8.1.0.63      311673 Bytes    06/08/08 13:13:47
AESCN.DLL     : 8.1.0.23      119156 Bytes    10/07/08 12:44:49
AERDL.DLL     : 8.1.0.20      418165 Bytes    24/04/08 12:37:48
AEPACK.DLL    : 8.1.2.1       364917 Bytes    15/07/08 12:58:35
AEOFFICE.DLL  : 8.1.0.21      192891 Bytes    18/07/08 06:35:21
AEHEUR.DLL    : 8.1.0.47     1368437 Bytes    06/08/08 13:13:47
AEHELP.DLL    : 8.1.0.15      115063 Bytes    10/07/08 12:44:48
AEGEN.DLL     : 8.1.0.35      315764 Bytes    06/08/08 14:38:47
AEEMU.DLL     : 8.1.0.7       430452 Bytes    31/07/08 08:33:21
AECORE.DLL    : 8.1.1.8       172406 Bytes    31/07/08 08:33:21
AEBB.DLL      : 8.1.0.1        53617 Bytes    10/07/08 12:44:48
AVWINLL.DLL   : 1.0.0.12       15105 Bytes    09/07/08 08:40:05
AVPREF.DLL    : 8.0.2.0        38657 Bytes    16/05/08 09:28:01
AVREP.DLL     : 7.0.0.1       155688 Bytes    30/06/08 14:35:20
AVREG.DLL     : 8.0.0.1        33537 Bytes    09/05/08 11:26:40
AVARKT.DLL    : 1.0.0.23      307457 Bytes    12/02/08 08:29:23
AVEVTLOG.DLL  : 8.0.0.16      119041 Bytes    12/06/08 12:27:49
SQLITE3.DLL   : 3.3.17.1      339968 Bytes    22/01/08 17:28:02
SMTPLIB.DLL   : 1.2.0.23       28929 Bytes    12/06/08 12:49:40
NETNT.DLL     : 8.0.0.1         7937 Bytes    25/01/08 12:05:10
RCIMAGE.DLL   : 8.0.0.51     2371841 Bytes    12/06/08 13:48:07
RCTEXT.DLL    : 8.0.52.0       86273 Bytes    27/06/08 13:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, 
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 2 septembre 2008  08:58

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'eden.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'javaw.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'CursorXP.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'HPTLBXFX.exe' - '1' Module(s) have been scanned
Scan process 'hpgs2wnf.exe' - '1' Module(s) have been scanned
Scan process 'EEventManager.exe' - '1' Module(s) have been scanned
Scan process 'hpgs2wnd.exe' - '1' Module(s) have been scanned
Scan process 'Directcd.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'StatusClient.exe' - '1' Module(s) have been scanned
Scan process 'UpdaterUI.exe' - '1' Module(s) have been scanned
Scan process 'shstat.exe' - '1' Module(s) have been scanned
Scan process 'DrvLsnr.exe' - '1' Module(s) have been scanned
Scan process 'SMTray.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'naPrdMgr.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'VsTskMgr.exe' - '1' Module(s) have been scanned
Scan process 'Mcshield.exe' - '1' Module(s) have been scanned
Scan process 'FrameworkService.exe' - '1' Module(s) have been scanned
Scan process 'MantaManager.exe' - '1' Module(s) have been scanned
Scan process 'Manta.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
50 processes with 50 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
    [INFO]      No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
    [INFO]      No virus was found!

Starting to scan the registry.
The registry was scanned ( '62' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
    [WARNING]   The file could not be opened!
C:\pagefile.sys
    [WARNING]   The file could not be opened!
C:\Documents and Settings\Julien\Local Settings\Temp\bt2870.bat
    [DETECTION] Contains HEUR/HTML.Malware suspicious code
    [NOTE]      The detection was classified as suspicious.
    [WARNING]   An error has occurred and the file was not deleted. ErrorID: 26004
    [WARNING]   The source file could not be found.
    [NOTE]      Attempting to perform action using the ARK lib.
    [WARNING]   Error in ARK lib
    [NOTE]      The file is scheduled for deleting after reboot.


End of the scan: mardi 2 septembre 2008  09:55
Used time: 56:14 Minute(s)

The scan has been canceled!

   4263 Scanning directories
 355541 Files were scanned
      0 viruses and/or unwanted programs were found
      1 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      2 Files cannot be scanned
 355538 Files not concerned
   7546 Archives were scanned
      3 Warnings
      1 Notes

=> Cleanx2

#######################################################################
 
                        Brontok Worm Removal Tool - (Version - 06.09.17B)
                                                 by sUBs 

#######################################################################
 
Current date: 02/09/08  Current time: 10:04:28,06

=== PRE RUN ANALYSIS ===================================


=== POST RUN ANALYSIS ==================================



NOTE
The post-run analysis portion should be empty. If it's not, reboot and run the tool a second time.
10:06:49,53

======================================================



=>HitjackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:09:02, on 02/09/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Serveur HF\Manta.exe
C:\Serveur HF\MantaManager.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\Trend Micro\HijackThis\eden.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/040C/bl8.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/040C/bl7.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/040C/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/040C/bl7.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [Tok-Cirrhatus-1761] "C:\Documents and Settings\Julien\Local Settings\Application Data\br4545on.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin
pjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin
pjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DomW3Sicagieb.local
O17 - HKLM\Software\..\Telephony: DomainName = DomW3Sicagieb.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{208C7A33-4948-4E90-800D-EB646ABC2AB5}: NameServer = 192.168.223.194
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = DomW3Sicagieb.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{208C7A33-4948-4E90-800D-EB646ABC2AB5}: NameServer = 192.168.223.194
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = DomW3Sicagieb.local
O17 - HKLM\System\CS2\Services\Tcpip\..\{208C7A33-4948-4E90-800D-EB646ABC2AB5}: NameServer = 192.168.223.194
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = DomW3Sicagieb.local
O17 - HKLM\System\CS3\Services\Tcpip\..\{208C7A33-4948-4E90-800D-EB646ABC2AB5}: NameServer = 192.168.223.194
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Hyper File Server : Xp_Julien - PC SOFT - C:\Serveur HF\Manta.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MantaManager - PC SOFT - C:\Serveur HF\MantaManager.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

jlpjlp · Answer

relance hijackhtis : fais do a system scan only et fix ces lignes (fix cheked)

O4 - HKCU\..\Run: [Tok-Cirrhatus-1761] "C:\Documents and Settings\Julien\Local Settings\Application Data\br4545on.exe" 


_______________

télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :


C:\Documents and Settings\Julien\Local Settings\Application Data\br4545on.exe
C:\Documents and Settings\Julien\Local Settings\Temp\bt2870.bat 

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

____________________
vire ce qui est dans moved files en allant dans poste de travail puis C puis otmovit



____________________




encore des problèmes???

Jul. · Answer

Alors voici les résultats !!!
otmoveit ne les a paas trouvé, c'est normal ???
rapport :
File/Folder C:\Documents and Settings\Julien\Local Settings\Application Data\br4545on.exe not found.
File/Folder C:\Documents and Settings\Julien\Local Settings\Temp\bt2870.bat not found.
 
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09022008_124915

j'ai fait la manip avec hitjackthis 
et voici un nouveau rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:26, on 02/09/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Serveur HF\Manta.exe
C:\Serveur HF\MantaManager.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
c:\program files\avira\antivir personaledition classic\avcenter.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\eden.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/040C/bl8.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/040C/bl7.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/040C/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/040C/bl7.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin
pjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin
pjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DomW3Sicagieb.local
O17 - HKLM\Software\..\Telephony: DomainName = DomW3Sicagieb.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{208C7A33-4948-4E90-800D-EB646ABC2AB5}: NameServer = 192.168.223.194
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = DomW3Sicagieb.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{208C7A33-4948-4E90-800D-EB646ABC2AB5}: NameServer = 192.168.223.194
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = DomW3Sicagieb.local
O17 - HKLM\System\CS2\Services\Tcpip\..\{208C7A33-4948-4E90-800D-EB646ABC2AB5}: NameServer = 192.168.223.194
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = DomW3Sicagieb.local
O17 - HKLM\System\CS3\Services\Tcpip\..\{208C7A33-4948-4E90-800D-EB646ABC2AB5}: NameServer = 192.168.223.194
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Hyper File Server : Xp_Julien - PC SOFT - C:\Serveur HF\Manta.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MantaManager - PC SOFT - C:\Serveur HF\MantaManager.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

jlpjlp · Answer

je pense que c'est bon
reverifie avec antivir , si rien c'est bon

Jul. · Answer

Bon je viens de faire un dernier scan, rien de spécial sauf 2 warnings, je te poste le rapport :



Avira AntiVir Personal
Report file date: mardi 2 septembre 2008  13:51

Scanning for 1369550 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (Service Pack 2)  [5.1.2600]
Boot mode:        Normally booted
Username:         Julien
Computer name:    XP_JULIEN

Version information:
BUILD.DAT     : 8.1.0.331      16934 Bytes    12/08/08 11:46:00
AVSCAN.EXE    : 8.1.4.7       315649 Bytes    26/06/08 08:57:53
AVSCAN.DLL    : 8.1.4.0        40705 Bytes    26/05/08 07:56:40
LUKE.DLL      : 8.1.4.5       164097 Bytes    12/06/08 12:44:19
LUKERES.DLL   : 8.1.4.0        12033 Bytes    26/05/08 07:58:52
ANTIVIR0.VDF  : 6.40.0.0    11030528 Bytes    18/07/07 10:33:34
ANTIVIR1.VDF  : 7.0.5.1      8182784 Bytes    24/06/08 13:54:15
ANTIVIR2.VDF  : 7.0.5.20      142336 Bytes    30/06/08 05:20:53
ANTIVIR3.VDF  : 7.0.5.23       17408 Bytes    30/06/08 09:24:47
Engineversion : 8.1.1.19  
AEVDF.DLL     : 8.1.0.5       102772 Bytes    25/02/08 09:58:21
AESCRIPT.DLL  : 8.1.0.63      311673 Bytes    06/08/08 13:13:47
AESCN.DLL     : 8.1.0.23      119156 Bytes    10/07/08 12:44:49
AERDL.DLL     : 8.1.0.20      418165 Bytes    24/04/08 12:37:48
AEPACK.DLL    : 8.1.2.1       364917 Bytes    15/07/08 12:58:35
AEOFFICE.DLL  : 8.1.0.21      192891 Bytes    18/07/08 06:35:21
AEHEUR.DLL    : 8.1.0.47     1368437 Bytes    06/08/08 13:13:47
AEHELP.DLL    : 8.1.0.15      115063 Bytes    10/07/08 12:44:48
AEGEN.DLL     : 8.1.0.35      315764 Bytes    06/08/08 14:38:47
AEEMU.DLL     : 8.1.0.7       430452 Bytes    31/07/08 08:33:21
AECORE.DLL    : 8.1.1.8       172406 Bytes    31/07/08 08:33:21
AEBB.DLL      : 8.1.0.1        53617 Bytes    10/07/08 12:44:48
AVWINLL.DLL   : 1.0.0.12       15105 Bytes    09/07/08 08:40:05
AVPREF.DLL    : 8.0.2.0        38657 Bytes    16/05/08 09:28:01
AVREP.DLL     : 7.0.0.1       155688 Bytes    30/06/08 14:35:20
AVREG.DLL     : 8.0.0.1        33537 Bytes    09/05/08 11:26:40
AVARKT.DLL    : 1.0.0.23      307457 Bytes    12/02/08 08:29:23
AVEVTLOG.DLL  : 8.0.0.16      119041 Bytes    12/06/08 12:27:49
SQLITE3.DLL   : 3.3.17.1      339968 Bytes    22/01/08 17:28:02
SMTPLIB.DLL   : 1.2.0.23       28929 Bytes    12/06/08 12:49:40
NETNT.DLL     : 8.0.0.1         7937 Bytes    25/01/08 12:05:10
RCIMAGE.DLL   : 8.0.0.51     2371841 Bytes    12/06/08 13:48:07
RCTEXT.DLL    : 8.0.52.0       86273 Bytes    27/06/08 13:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, 
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 2 septembre 2008  13:51

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'javaw.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'CursorXP.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'hpgs2wnf.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'HPTLBXFX.exe' - '1' Module(s) have been scanned
Scan process 'EEventManager.exe' - '1' Module(s) have been scanned
Scan process 'hpgs2wnd.exe' - '1' Module(s) have been scanned
Scan process 'Directcd.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'StatusClient.exe' - '1' Module(s) have been scanned
Scan process 'UpdaterUI.exe' - '1' Module(s) have been scanned
Scan process 'shstat.exe' - '1' Module(s) have been scanned
Scan process 'DrvLsnr.exe' - '1' Module(s) have been scanned
Scan process 'SMTray.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'naPrdMgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'VsTskMgr.exe' - '1' Module(s) have been scanned
Scan process 'Mcshield.exe' - '1' Module(s) have been scanned
Scan process 'FrameworkService.exe' - '1' Module(s) have been scanned
Scan process 'MantaManager.exe' - '1' Module(s) have been scanned
Scan process 'Manta.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
50 processes with 50 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
    [INFO]      No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
    [INFO]      No virus was found!

Starting to scan the registry.
The registry was scanned ( '62' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
    [WARNING]   The file could not be opened!
C:\pagefile.sys
    [WARNING]   The file could not be opened!


End of the scan: mardi 2 septembre 2008  15:15
Used time:  1:24:54 Hour(s)

The scan has been done completely.

   7397 Scanning directories
 556007 Files were scanned
      0 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      2 Files cannot be scanned
 556005 Files not concerned
   8708 Archives were scanned
      2 Warnings
      0 Notes


et un rapport hitjackThis pour la forme !!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:30:11, on 02/09/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Serveur HF\Manta.exe
C:\Serveur HF\MantaManager.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
c:\program files\avira\antivir personaledition classic\avcenter.exe
c:\program files\avira\antivir personaledition classic\avcenter.exe
C:\WinDev 12\Programmes\WinDev12.exe
C:\Program Files\Trend Micro\HijackThis\eden.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/040C/bl8.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/040C/bl7.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/040C/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/040C/bl7.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin
pjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin
pjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DomW3Sicagieb.local
O17 - HKLM\Software\..\Telephony: DomainName = DomW3Sicagieb.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{208C7A33-4948-4E90-800D-EB646ABC2AB5}: NameServer = 192.168.223.194
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = DomW3Sicagieb.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{208C7A33-4948-4E90-800D-EB646ABC2AB5}: NameServer = 192.168.223.194
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = DomW3Sicagieb.local
O17 - HKLM\System\CS2\Services\Tcpip\..\{208C7A33-4948-4E90-800D-EB646ABC2AB5}: NameServer = 192.168.223.194
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = DomW3Sicagieb.local
O17 - HKLM\System\CS3\Services\Tcpip\..\{208C7A33-4948-4E90-800D-EB646ABC2AB5}: NameServer = 192.168.223.194
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Hyper File Server : Xp_Julien - PC SOFT - C:\Serveur HF\Manta.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MantaManager - PC SOFT - C:\Serveur HF\MantaManager.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

jlpjlp · Answer

ok c'est bon

par contre si tu as macafee et antivir n'en garde qu'un


bonne suite

Jul. · Answer

OK,  Macaffee était une vielle version de démo, je pensais qu'elle était désinstallée, je vais rêgler ça

en tout cas merci de ton aide,


ps : est-ce qu'il y a une solution pour tenir la base virale à jour pour un pc non connecté au net (copie de la base d'un pc connecté par ex)

jlpjlp · Answer

il suffit que tu télécharge antivir regulierement  et le transefere sur une clé et que tu le remplace


pour telecharger:
https://www.avira.com/en/downloads






ou alors en gratuit mais moins efficace: CLAMWIN
http://fr.clamwin.com/

Jul. · Answer

OK, merci des conseils

et bonne fin de journée

Jul. · Answer

Résolu !!!

Ordinateur infesté par brontok-ce

14 réponses

Discussions similaires

Newsletters