Virus introuvable ou autre problème ??? [Résolu] - Forum Virus / Sécurité

Virus introuvable ou autre problème ??? Mon PC plante, virus introuvable !? (Résolu) » Forum - Virus / Sécurité Virus introuvable (Résolu) » Forum - Virus / Sécurité Virus introuvable, probleme de popup (Résolu) » Forum - Virus / Sécurité Virus introuvable (Résolu) » Forum - Virus / Sécurité J'ai un virus introuvable [Résolu] (Résolu) » Forum - Virus / Sécurité

Bonjour,
J'ai eu récement un virus (Vundo) que j'ai supprimé, cependant, ma navigation sur le web reste très lente (j'ai essayé sur un autre pc, le débit est normal).
D'où peut venir le problème, car mon antivirus ainsi que les antivirus en ligne ne détectent plus aucun virus. Je ne sais plus quoi faire !!!

J'ai lancé une analyse avec HJTInstall.
Voici le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:26:02, on 05/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smartorrent.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {9DDAB3DB-55DC-4333-B3B9-7B6F80F0FDFE} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: {230e3640-0105-105b-ecf4-7114a58cc4fd} - {df4cc85a-4117-4fce-b501-50100463e032} - (no file)
O2 - BHO: (no name) - {F4EC8660-73BB-420B-81E2-8535083E97CA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Forum

Virus introuvable ou autre problème ??? Mon PC plante, virus introuvable !? (Résolu) » Forum - Virus / Sécurité Virus introuvable (Résolu) » Forum - Virus / Sécurité Virus introuvable, probleme de popup (Résolu) » Forum - Virus / Sécurité Virus introuvable (Résolu) » Forum - Virus / Sécurité J'ai un virus introuvable [Résolu] (Résolu) » Forum - Virus / Sécurité

Web: www.shapebootstrap.net

14 réponses

Marsh

NOVEMBER 9, 2013 AT 9:15 PM

salut hercules03,

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

puis

Copie le texte ci-dessous :

DirLook::
C:\Temp
C:\WINDOWS\system32\bak
C:\WINDOWS\system32\ini

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt

@+

Reply
réponses:
  • hercules03

    voici le compte rendu :

    ComboFix 08-03-04.5 - PC FIXE 2008-03-05 6:43:13.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.618 [GMT 1:00]
    Endroit: C:\Documents and Settings\PC FIXE\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\PC FIXE\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\BM174fdaf3.xml
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system\hipsrv.mm

    .
    --------------- FMove ---------------

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\hipsrv


    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-05 to 2008-03-05 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-05 03:25 . 2008-03-05 03:25 <REP> d-------- C:\Program Files\Trend Micro
    2008-03-03 08:43 . 2008-03-03 08:41 691,545 --a------ C:\WINDOWS\unins000.exe
    2008-03-03 08:43 . 2008-03-03 08:43 2,549 --a------ C:\WINDOWS\unins000.dat
    2008-03-03 08:33 . 2008-03-04 23:00 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-03-03 08:33 . 2008-03-04 23:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-03-03 08:04 . 2008-03-03 08:04 0 --a------ C:\WINDOWS\nsreg.dat
    2008-03-03 08:03 . 2008-03-03 08:15 <REP> d-------- C:\Program Files\Mozilla Firefox 3 Beta 3
    2008-03-01 00:59 . 2008-03-01 00:59 <REP> d-------- C:\Program Files\CCleaner
    2008-02-29 09:02 . 2007-06-28 14:36 401,720 --a------ C:\HijackThis.exe
    2008-02-29 08:42 . 2008-02-29 08:46 <REP> d-------- C:\Program Files\Navilog1
    2008-02-29 08:29 . 2008-02-06 01:56 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
    2008-02-29 08:29 . 2008-02-06 01:56 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-02-29 08:29 . 2008-02-06 01:16 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
    2008-02-29 08:29 . 2008-02-06 01:56 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
    2008-02-29 08:29 . 2008-02-06 01:56 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
    2008-02-29 08:29 . 2008-02-06 01:56 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
    2008-02-29 08:29 . 2008-02-06 01:56 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-02-29 08:04 . 2008-02-29 08:04 <REP> d-------- C:\Program Files\Uniblue
    2008-02-29 08:04 . 2008-02-29 08:04 <REP> d-------- C:\Documents and Settings\PC FIXE\Application Data\Uniblue
    2008-02-29 07:07 . 2008-02-29 07:07 <REP> d-------- C:\Rustbfix
    2008-02-29 05:20 . 2008-02-29 05:20 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-02-28 22:27 . 2008-02-28 22:27 <REP> d-------- C:\Documents and Settings\PC FIXE\Application Data\Leadertech
    2008-02-28 08:18 . 2008-02-28 17:11 <REP> d-------- C:\VundoFix Backups
    2008-02-28 02:25 . 2008-02-28 02:25 <REP> d-------- C:\Program Files\EA GAMES
    2008-02-28 02:25 . 2004-08-18 09:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
    2008-02-26 04:15 . 2008-02-26 04:15 <REP> d-------- C:\Program Files\SuperCopier2
    2008-02-25 01:58 . 2008-02-25 01:58 <REP> d-------- C:\Program Files\Intel
    2008-02-25 01:54 . 2008-02-25 01:54 <REP> d-------- C:\Program Files\Intel Desktop Board
    2008-02-23 16:50 . 2008-02-23 16:50 <REP> d-------- C:\WINDOWS\Sun
    2008-02-22 07:57 . 2005-01-29 09:44 24,576 -ra------ C:\WINDOWS\system32\AsIO.dll
    2008-02-22 07:57 . 2004-10-15 10:52 4,962 -ra------ C:\WINDOWS\system32\drivers\AsIO.sys
    2008-02-22 07:56 . 2008-02-22 07:57 <REP> d-------- C:\Program Files\ASUS
    2008-02-22 07:56 . 2008-02-22 07:56 606,848 --a------ C:\WINDOWS\flashax.exe
    2008-02-22 07:56 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
    2008-02-22 07:56 . 2008-02-22 07:56 12,288 --a------ C:\WINDOWS\impborl.dll
    2008-02-22 07:55 . 2008-02-25 01:40 26,059 --a------ C:\WINDOWS\Ascd_tmp.ini
    2008-02-19 07:59 . 2008-02-19 07:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
    2008-02-19 07:07 . 2008-02-19 07:07 <REP> d-------- C:\Program Files\SAGEM
    2008-02-19 06:56 . 2008-02-19 06:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Prism
    2008-02-19 06:07 . 2008-02-19 06:07 268 --ah----- C:\sqmdata03.sqm
    2008-02-19 06:07 . 2008-02-19 06:07 244 --ah----- C:\sqmnoopt03.sqm
    2008-02-19 06:02 . 2005-06-17 10:26 114,688 --a------ C:\WINDOWS\system32\WLANUTL.dll
    2008-02-17 06:33 . 2008-03-03 07:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-02-17 03:51 . 2008-03-04 16:42 69 --a------ C:\WINDOWS\NeroDigital.ini
    2008-02-16 22:32 . 2008-03-01 06:55 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2008-02-15 06:32 . 2008-02-15 06:32 268 --ah----- C:\sqmdata02.sqm
    2008-02-15 06:32 . 2008-02-15 06:32 244 --ah----- C:\sqmnoopt02.sqm
    2008-02-15 06:30 . 2008-02-15 06:30 268 --ah----- C:\sqmdata01.sqm
    2008-02-15 06:30 . 2008-02-15 06:30 244 --ah----- C:\sqmnoopt01.sqm
    2008-02-15 03:50 . 2008-02-28 00:00 <REP> d-------- C:\Documents and Settings\PC FIXE\Application Data\AdobeUM
    2008-02-14 16:53 . 2008-02-14 16:53 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
    2008-02-14 16:53 . 2008-02-14 16:53 <REP> d-------- C:\Program Files\Ahead
    2008-02-14 16:53 . 2004-07-20 17:24 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
    2008-02-14 16:53 . 2004-07-20 17:24 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
    2008-02-14 16:53 . 2004-07-20 17:24 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
    2008-02-14 16:53 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
    2008-02-14 16:53 . 2004-07-20 17:24 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
    2008-02-14 16:53 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
    2008-02-14 16:53 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
    2008-02-14 16:53 . 2001-06-26 08:15 38,912 --------- C:\WINDOWS\system32\picn20.dll
    2008-02-13 00:27 . 2008-02-13 00:27 <REP> d-------- C:\Documents and Settings\PC FIXE\Application Data\vlc
    2008-02-13 00:26 . 2008-02-13 00:26 <REP> d-------- C:\Program Files\VideoLAN
    2008-02-12 22:39 . 2007-12-07 03:08 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
    2008-02-12 22:39 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2008-02-12 22:39 . 2007-07-01 04:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2008-02-12 22:39 . 2007-12-07 03:08 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2008-02-12 22:39 . 2007-12-07 03:08 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2008-02-12 22:39 . 2007-12-07 03:08 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
    2008-02-12 22:39 . 2007-12-07 03:08 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
    2008-02-12 22:39 . 2007-12-07 03:08 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2008-02-12 22:39 . 2007-12-06 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-02-12 22:38 . 2008-02-12 22:39 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2008-02-12 20:41 . 2008-03-03 02:58 16,574 --a------ C:\WINDOWS\EPISMF00.SWB
    2008-02-12 00:36 . 2008-02-12 00:37 <REP> d-------- C:\WINDOWS\_ISTMP2.DIR
    2008-02-12 00:36 . 2008-02-12 00:37 <REP> d-------- C:\WINDOWS\_ISTMP1.DIR
    2008-02-12 00:36 . 2008-02-23 04:06 <REP> d-------- C:\_ISTMP1.DIR
    2008-02-11 06:40 . 2008-02-11 06:40 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
    2008-02-09 06:52 . 2008-02-09 06:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
    2008-02-09 06:46 . 2008-02-09 06:46 268 --ah----- C:\sqmdata00.sqm
    2008-02-09 06:46 . 2008-02-09 06:46 244 --ah----- C:\sqmnoopt00.sqm
    2008-02-08 15:32 . 2004-11-25 06:07 79,679 --a------ C:\WINDOWS\system32\E_FLMADE.DLL
    2008-02-08 15:32 . 2003-05-21 03:27 64,000 --a------ C:\WINDOWS\system32\E_FBCBADE.DLL
    2008-02-08 15:32 . 2004-09-10 21:12 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
    2008-02-08 15:32 . 2000-06-07 02:01 34,304 --a------ C:\WINDOWS\system32\E_FBCHADE.DLL
    2008-02-08 15:32 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2008-02-08 15:32 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
    2008-02-08 15:32 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2008-02-08 15:32 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
    2008-02-08 15:31 . 2008-02-08 15:33 <REP> d-------- C:\Program Files\epson
    2008-02-08 15:31 . 2005-02-25 00:00 46,080 --a------ C:\WINDOWS\system32\escimgd.dll
    2008-02-08 15:31 . 2005-02-25 00:00 29,696 --a------ C:\WINDOWS\system32\escwiad.dll
    2008-02-08 15:31 . 2005-02-25 00:00 22,016 --a------ C:\WINDOWS\system32\esccmd.dll
    2008-02-08 00:21 . 2008-02-08 00:21 <REP> d-------- C:\Program Files\Ubisoft
    2008-02-08 00:20 . 2008-02-08 00:20 <REP> d-------- C:\WINDOWS\Cache
    2008-02-08 00:10 . 2004-02-13 11:59 30,456,330 --a------ C:\WINDOWS\RVS_1.0_1.54_FR.RTP
    2008-02-08 00:10 . 2003-11-04 13:30 49,152 --a------ C:\WINDOWS\Iniexpander.exe
    2008-02-08 00:10 . 2003-11-04 19:24 1,185 --a------ C:\WINDOWS\1.31.add
    2008-02-08 00:10 . 2003-11-04 19:27 216 --a------ C:\WINDOWS\1.50.add
    2008-02-08 00:03 . 2008-02-08 00:03 <REP> d-------- C:\WINDOWS\system32\Adobe
    2008-02-08 00:03 . 2008-02-08 00:03 <REP> d-------- C:\WINDOWS\Profiles

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-06 01:47 294,912 ----a-w C:\WINDOWS\HideWin.exe
    2008-02-06 00:19 --------- d-----w C:\Program Files\microsoft frontpage
    2008-02-06 00:18 --------- d-----w C:\Program Files\Services en ligne
    2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    ---- Directory of C:\Temp ----

    C:\Temp\

    ---- Directory of C:\WINDOWS\system32\bak ----

    C:\WINDOWS\system32\bak\

    ---- Directory of C:\WINDOWS\system32\ini ----

    C:\WINDOWS\system32\ini\


    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9DDAB3DB-55DC-4333-B3B9-7B6F80F0FDFE}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{df4cc85a-4117-4fce-b501-50100463e032}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F4EC8660-73BB-420B-81E2-8535083E97CA}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WOOKIT"="C:\Program Files\Wanadoo\Shell.exe" [2004-08-23 15:50 122880]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-10 07:24 68856]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-06 03:42 249896]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 10:22 7618560]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 32768]
    "SW24"="C:\WINDOWS\system32\sw24.exe" [2006-05-17 03:37 69632]
    "SW20"="C:\WINDOWS\system32\sw20.exe" [2006-05-18 02:15 208896]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "RTHDCPL"="RTHDCPL.EXE" [2005-05-25 16:37 14477312 C:\WINDOWS\RTHDCPL.EXE]
    "nwiz"="nwiz.exe" [2006-06-01 10:22 1519616 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="NvMCTray.dll" [2006-06-01 10:22 86016 C:\WINDOWS\system32\nvmctray.dll]
    "EPSON Stylus DX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.exe" [2005-02-02 05:00 98304]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Azureus\\Azureus.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    S2 riode32;riode32;C:\WINDOWS\system32\drivers\riode32.sys []
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
    S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-05 06:45:44
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-05 6:47:10 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-03-05 05:47:07
    ComboFix2.txt 2008-02-29 06:13:23
    .
    2008-03-01 02:03:30 --- E O F ---

Marsh

NOVEMBER 9, 2013 AT 9:15 PM

bonsoir hercules 03,

on continue :

Copie le texte ci-dessous :

File::
C:\WINDOWS\nsreg.dat
C:\WINDOWS\impborl.dll
C:\WINDOWS\flashax.exe
C:\WINDOWS\IsUninst.exe
C:\WINDOWS\Ascd_tmp.ini
C:\sqmdata03.sqm
C:\sqmnoopt03.sqm
C:\sqmdata02.sqm
C:\sqmnoopt02.sqm
C:\sqmdata01.sqm
C:\sqmnoopt01.sqm
C:\sqmdata00.sqm
C:\sqmnoopt00.sqm
C:\WINDOWS\system32\drivers\riode32.sys

Folder::
C:\Rustbfix
C:\VundoFix Backups

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9DDAB3DB-55DC-4333-B3B9-7B6F80F0FDFE}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{df4cc85a-4117-4fce-b501-50100463e032}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F4EC8660-73BB-420B-81E2-8535083E97CA}]

driver::
riode32

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+

Reply

Marsh

NOVEMBER 9, 2013 AT 9:15 PM

Merci G!rly

Rapport ComboFix

ComboFix 08-03-04.5 - PC FIXE 2008-03-06 16:32:13.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.585 [GMT 1:00]
Endroit: C:\Documents and Settings\PC FIXE\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\PC FIXE\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
C:\WINDOWS\Ascd_tmp.ini
C:\WINDOWS\flashax.exe
C:\WINDOWS\impborl.dll
C:\WINDOWS\IsUninst.exe
C:\WINDOWS\nsreg.dat
C:\WINDOWS\system32\drivers\riode32.sys
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Rustbfix
C:\Rustbfix\1run.bat
C:\Rustbfix\2run.bat
C:\Rustbfix\avenger.exe
C:\Rustbfix\chkrustb.bat
C:\Rustbfix\LS.exe
C:\Rustbfix\pelog.txt
C:\Rustbfix\SF.exe
C:\Rustbfix\streamtools.zip
C:\Rustbfix\swreg.exe
C:\Rustbfix\tmp1.txt
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
C:\VundoFix Backups
C:\VundoFix Backups\addmorefiles.txt
C:\VundoFix Backups\khfdcya.dll.bad
C:\WINDOWS\Ascd_tmp.ini
C:\WINDOWS\flashax.exe
C:\WINDOWS\impborl.dll
C:\WINDOWS\IsUninst.exe
C:\WINDOWS\nsreg.dat

.
--------------- FMove ---------------

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\riode32


((((((((((((((((((((((((((((( Fichiers créés 2008-02-06 to 2008-03-06 ))))))))))))))))))))))))))))))))))))
.

2008-03-05 07:04 . 2008-03-05 07:04 <REP> d-------- C:\Program Files\Panda Security
2008-03-05 03:25 . 2008-03-05 03:25 <REP> d-------- C:\Program Files\Trend Micro
2008-03-03 08:43 . 2008-03-03 08:41 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-03 08:43 . 2008-03-03 08:43 2,549 --a------ C:\WINDOWS\unins000.dat
2008-03-03 08:33 . 2008-03-04 23:00 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-03 08:33 . 2008-03-04 23:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-03 08:03 . 2008-03-03 08:15 <REP> d-------- C:\Program Files\Mozilla Firefox 3 Beta 3
2008-03-01 00:59 . 2008-03-01 00:59 <REP> d-------- C:\Program Files\CCleaner
2008-02-29 09:02 . 2007-06-28 14:36 401,720 --a------ C:\HijackThis.exe
2008-02-29 08:29 . 2008-02-06 01:56 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-02-29 08:29 . 2008-02-06 01:56 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-02-29 08:29 . 2008-02-06 01:16 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-02-29 08:29 . 2008-02-06 01:56 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-02-29 08:29 . 2008-02-06 01:56 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-02-29 08:29 . 2008-02-06 01:56 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-02-29 08:29 . 2008-02-06 01:56 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-02-29 08:04 . 2008-02-29 08:04 <REP> d-------- C:\Program Files\Uniblue
2008-02-29 08:04 . 2008-02-29 08:04 <REP> d-------- C:\Documents and Settings\PC FIXE\Application Data\Uniblue
2008-02-29 05:20 . 2008-02-29 05:20 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-28 22:27 . 2008-02-28 22:27 <REP> d-------- C:\Documents and Settings\PC FIXE\Application Data\Leadertech
2008-02-28 02:25 . 2008-02-28 02:25 <REP> d-------- C:\Program Files\EA GAMES
2008-02-28 02:25 . 2004-08-18 09:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-02-26 04:15 . 2008-02-26 04:15 <REP> d-------- C:\Program Files\SuperCopier2
2008-02-25 01:58 . 2008-02-25 01:58 <REP> d-------- C:\Program Files\Intel
2008-02-25 01:54 . 2008-02-25 01:54 <REP> d-------- C:\Program Files\Intel Desktop Board
2008-02-23 16:50 . 2008-02-23 16:50 <REP> d-------- C:\WINDOWS\Sun
2008-02-22 07:57 . 2005-01-29 09:44 24,576 -ra------ C:\WINDOWS\system32\AsIO.dll
2008-02-22 07:57 . 2004-10-15 10:52 4,962 -ra------ C:\WINDOWS\system32\drivers\AsIO.sys
2008-02-22 07:56 . 2008-02-22 07:57 <REP> d-------- C:\Program Files\ASUS
2008-02-19 07:59 . 2008-02-19 07:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-02-19 07:07 . 2008-02-19 07:07 <REP> d-------- C:\Program Files\SAGEM
2008-02-19 06:56 . 2008-02-19 06:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Prism
2008-02-19 06:02 . 2005-06-17 10:26 114,688 --a------ C:\WINDOWS\system32\WLANUTL.dll
2008-02-17 06:33 . 2008-03-03 07:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-17 03:51 . 2008-03-06 04:41 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-02-16 22:32 . 2008-03-01 06:55 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-02-15 03:50 . 2008-02-28 00:00 <REP> d-------- C:\Documents and Settings\PC FIXE\Application Data\AdobeUM
2008-02-14 16:53 . 2008-02-14 16:53 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2008-02-14 16:53 . 2008-02-14 16:53 <REP> d-------- C:\Program Files\Ahead
2008-02-14 16:53 . 2004-07-20 17:24 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-02-14 16:53 . 2004-07-20 17:24 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-02-14 16:53 . 2004-07-20 17:24 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-02-14 16:53 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-02-14 16:53 . 2004-07-20 17:24 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-02-14 16:53 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-02-14 16:53 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-02-14 16:53 . 2001-06-26 08:15 38,912 --------- C:\WINDOWS\system32\picn20.dll
2008-02-13 00:27 . 2008-02-13 00:27 <REP> d-------- C:\Documents and Settings\PC FIXE\Application Data\vlc
2008-02-13 00:26 . 2008-02-13 00:26 <REP> d-------- C:\Program Files\VideoLAN
2008-02-12 22:39 . 2007-12-07 03:08 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-02-12 22:39 . 2007-07-01 04:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-02-12 22:39 . 2007-07-01 04:36 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-02-12 22:39 . 2007-12-07 03:08 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-02-12 22:39 . 2007-12-07 03:08 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-02-12 22:39 . 2007-12-07 03:08 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-02-12 22:39 . 2007-12-07 03:08 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-02-12 22:39 . 2007-12-07 03:08 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-02-12 22:39 . 2007-12-06 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-12 22:38 . 2008-02-12 22:39 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-02-12 20:41 . 2008-03-03 02:58 16,574 --a------ C:\WINDOWS\EPISMF00.SWB
2008-02-12 00:36 . 2008-02-12 00:37 <REP> d-------- C:\WINDOWS\_ISTMP2.DIR
2008-02-12 00:36 . 2008-02-12 00:37 <REP> d-------- C:\WINDOWS\_ISTMP1.DIR
2008-02-12 00:36 . 2008-02-23 04:06 <REP> d-------- C:\_ISTMP1.DIR
2008-02-11 06:40 . 2008-02-11 06:40 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-02-09 06:52 . 2008-02-09 06:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2008-02-08 15:32 . 2004-11-25 06:07 79,679 --a------ C:\WINDOWS\system32\E_FLMADE.DLL
2008-02-08 15:32 . 2003-05-21 03:27 64,000 --a------ C:\WINDOWS\system32\E_FBCBADE.DLL
2008-02-08 15:32 . 2004-09-10 21:12 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2008-02-08 15:32 . 2000-06-07 02:01 34,304 --a------ C:\WINDOWS\system32\E_FBCHADE.DLL
2008-02-08 15:32 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-02-08 15:32 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-02-08 15:32 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-02-08 15:32 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-02-08 15:31 . 2008-02-08 15:33 <REP> d-------- C:\Program Files\epson
2008-02-08 15:31 . 2005-02-25 00:00 46,080 --a------ C:\WINDOWS\system32\escimgd.dll
2008-02-08 15:31 . 2005-02-25 00:00 29,696 --a------ C:\WINDOWS\system32\escwiad.dll
2008-02-08 15:31 . 2005-02-25 00:00 22,016 --a------ C:\WINDOWS\system32\esccmd.dll
2008-02-08 00:21 . 2008-02-08 00:21 <REP> d-------- C:\Program Files\Ubisoft
2008-02-08 00:20 . 2008-02-08 00:20 <REP> d-------- C:\WINDOWS\Cache
2008-02-08 00:10 . 2004-02-13 11:59 30,456,330 --a------ C:\WINDOWS\RVS_1.0_1.54_FR.RTP
2008-02-08 00:10 . 2003-11-04 13:30 49,152 --a------ C:\WINDOWS\Iniexpander.exe
2008-02-08 00:10 . 2003-11-04 19:24 1,185 --a------ C:\WINDOWS\1.31.add
2008-02-08 00:10 . 2003-11-04 19:27 216 --a------ C:\WINDOWS\1.50.add
2008-02-08 00:03 . 2008-02-08 00:03 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-02-08 00:03 . 2008-02-08 00:03 <REP> d-------- C:\WINDOWS\Profiles
2008-02-08 00:03 . 2008-02-08 00:03 <REP> d-------- C:\Documents and Settings\PC FIXE\Application Data\InterTrust
2008-02-08 00:02 . 1998-11-13 11:16 308,224 --a------ C:\WINDOWS\IsUn040c.exe
2008-02-07 23:47 . 2006-06-01 19:09 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-02-07 23:42 . 2008-02-07 23:42 <REP> d-------- C:\Program Files\Ubi Soft
2008-02-07 23:42 . 2002-09-29 01:09 140,488 -ra------ C:\WINDOWS\system32\comdlg32.ocx
2008-02-07 23:42 . 2002-09-29 01:09 115,016 -ra------ C:\WINDOWS\system32\MSINET.OCX
2008-02-07 23:42 . 2002-09-29 01:09 89,360 -ra------ C:\WINDOWS\system32\VB5DB.DLL
2008-02-07 23:42 . 2002-09-29 01:09 69,632 -ra------ C:\WINDOWS\system32\xmltok.dll
2008-02-07 23:42 . 2002-09-29 01:09 36,864 -ra------ C:\WINDOWS\system32\xmlparse.dll
2008-02-07 23:42 . 2002-09-29 01:09 35,840 -ra------ C:\WINDOWS\system32\comdlg32.oca
2008-02-07 23:42 . 2002-09-29 01:09 29,184 -ra------ C:\WINDOWS\system32\MSINET.oca
2008-02-07 23:42 . 2002-12-23 17:54 26,096 -ra------ C:\WINDOWS\system32\xmlinst.exe
2008-02-07 23:42 . 2002-09-29 01:09 24,576 -ra------ C:\WINDOWS\system32\msxml3a.dll
2008-02-07 23:36 . 2008-02-08 00:11 <REP> d-------- C:\Program Files\Red Storm Entertainment
2008-02-07 07:14 . 2008-02-28 22:28 <REP> d-------- C:\Program Files\Fichiers communs\Adobe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-06 01:47 294,912 ----a-w C:\WINDOWS\HideWin.exe
2008-02-06 00:19 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-06 00:18 --------- d-----w C:\Program Files\Services en ligne
2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9DDAB3DB-55DC-4333-B3B9-7B6F80F0FDFE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{df4cc85a-4117-4fce-b501-50100463e032}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F4EC8660-73BB-420B-81E2-8535083E97CA}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\Program Files\Wanadoo\Shell.exe" [2004-08-23 15:50 122880]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-10 07:24 68856]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-06 03:42 249896]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 10:22 7618560]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 32768]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-05-17 03:37 69632]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-05-18 02:15 208896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"RTHDCPL"="RTHDCPL.EXE" [2005-05-25 16:37 14477312 C:\WINDOWS\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2006-06-01 10:22 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 10:22 86016 C:\WINDOWS\system32\nvmctray.dll]
"EPSON Stylus DX4800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.exe" [2005-02-02 05:00 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-06 16:35:05
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-06 16:36:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-06 15:36:40
ComboFix2.txt 2008-03-05 05:47:11
ComboFix3.txt 2008-02-29 06:13:23
.
2008-03-01 02:03:30 --- E O F ---




Rapport HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:39:03, on 06/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smartorrent.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800"
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Reply

Marsh

NOVEMBER 9, 2013 AT 9:15 PM

Tout semble être revenu en ordre.
Internet explorer affiche de nouveau les pages à vitesse normal.
D'ou`venait le problème en fait que si ça m'arrive de nouveau je sache quoi faire ?

Reply

Marsh

NOVEMBER 9, 2013 AT 9:15 PM

bonsoir hercules03,

quelques trojants on ete supprimés ainsi qu´un rootkit...

la suite :

a l´aide de hijack this coche et fix les lignes suivantes :
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

vas dans C:\WINDOWS\ et doube click sur bdoscandel.exe cela va supprimer les bouts du scanner bitdefender

click sur demarrer / executer tape sc stop FTRTSVC puis valide par ok

demarrer/ executer tape sc delete FTRTSVC puis valide par ok"

ta version de acrobat reader n´est pas a jour, tu veux la version 8.1 derniere en date alors desinstale ta version par le panneau de configuration / ajoue et suppression de programme

et instale la derniere :

http://www.adobe.com/fr/products/acrobat/readstep2.html

ou desinstales completement acrobat reader pour instaler foxit plus léger a sa place :

http://www.clubic.com/telecharger-fiche13808-foxit-pdf-reader.html

pourquoi ne pas surfer avec firefox? = plus sur, tout en gardant ie 7.0 pour les mises a jour windows car impossible a effectuer sous firefox

http://www.firefox.fr/

puis instales un par feu :

par feu : kerio

http://www.malekal.com/kerio_firewall.php#mozTocId721480

http://www.vulgarisation-informatique.com/kerio.php

http://kerio.probb.fr/configurer-parametrer-sunbelt-personal-firewall-kerio-f2/

Comodo 3 pro :

http://www.commentcamarche.net/telecharger/telecharger 34055041 comodo firewall pro

Online armor :

http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall

tuto : http://forum.pcastuces.com/sujet.asp?f=25&s=35606

ou zone alarm plus facil a configurer mais moins performant

http://www.malekal.com/tutorial_zonealarm.php

puis regarde ceci et règle antivir de la sorte :

une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes :
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

Je te dis tous ca car j´aimerais que tu performes un scan entier de ta machine a l´aide d´antivir avec les reglages stipulés ci dessus et que tu post le rapport généré ici stp

@+

Reply

Marsh

NOVEMBER 9, 2013 AT 9:15 PM

Bonjour G!rly,
voici le rapport AntiVir :



AntiVir PersonalEdition Classic
Report file date: vendredi 7 mars 2008 02:29

Scanning for 1136109 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: PC-FIXE

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 02:42:54
ANTIVIR2.VDF : 7.0.2.181 1993728 Bytes 24/02/2008 06:59:48
ANTIVIR3.VDF : 7.0.2.245 216576 Bytes 06/03/2008 01:29:35
AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 01/03/2008 07:00:05
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 06/02/2008 02:42:55
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high

Start of the scan: vendredi 7 mars 2008 02:29

Starting search for hidden objects.
'34249' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'Watch.exe' - '1' Module(s) have been scanned
Scan process 'AlertModule.exe' - '1' Module(s) have been scanned
Scan process 'PollingModule.exe' - '1' Module(s) have been scanned
Scan process 'Inactivity.exe' - '1' Module(s) have been scanned
Scan process 'Toaster.exe' - '1' Module(s) have been scanned
Scan process 'ComComp.exe' - '1' Module(s) have been scanned
Scan process 'GestionnaireInternet.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
37 processes with 37 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
Master boot sector HD1
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '35' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\Panda Security\NanoScan\Engine\psnflg.dll
[DETECTION] Is the Trojan horse TR/Agent.bux.1
[INFO] The file was deleted!
C:\Program Files\Panda Security\TotalScan\pskavs.dll
[DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738
[INFO] The file was deleted!
C:\QooBox\Quarantine\catchme2008-03-05_ 64540.23.zip
[0] Archive type: ZIP
--> hipsrv.mm
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system\hipsrv.mm.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{2920EFFC-486E-4AE5-8A1A-83935F481008}\RP73\A0022828.exe
[DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.50
[INFO] The file was deleted!
C:\System Volume Information\_restore{2920EFFC-486E-4AE5-8A1A-83935F481008}\RP83\A0026404.dll
[DETECTION] Is the Trojan horse TR/Agent.bux.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{2920EFFC-486E-4AE5-8A1A-83935F481008}\RP83\A0026405.dll
[DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738
[INFO] The file was deleted!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!


End of the scan: vendredi 7 mars 2008 04:07
Used time: 1:37:47 min

The scan has been done completely.

2996 Scanning directories
133459 Files were scanned
7 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
7 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
133452 Files not concerned
772 Archives were scanned
2 Warnings
0 Notes
34249 Objects were scanned with rootkit scan
0 Hidden objects were found



Reply

Marsh

NOVEMBER 9, 2013 AT 9:15 PM

salut hercules03,

bien,

maintenant fais ceci :

Désactive ta restauration système:
pour cela :
Click droit sur poste de travail, dans l´arborescence sur propriétés;
dans la nouvelle fenettre click sur l´onglet restauration système;
coche la case désactiver la restauration systèm et applique.
puis redemarre le pc et click droit sur poste de travail, dans l´arborescence sur propriétés;
dans la nouvelle fenettre click sur l´onglet restauration systèm
décoche la case désactiver la restauration systèm et applique.

puis

Télécharge ToolsCleaner sur ton bureau.
--> http://www.commentcamarche.net/telecharger/telechargement 34055291 toolsclean(...)
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

@+

Reply

Marsh

NOVEMBER 9, 2013 AT 9:15 PM

-->- Recherche:

C:\HijackThis.exe: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\PC FIXE\Recent\Navilog1.lnk: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\QooBox\Quarantine\C\Combofix: trouvé !
C:\QooBox\Quarantine\C\Rustbfix: trouvé !
C:\QooBox\Quarantine\C\Vundofix backups: trouvé !

---------------------------------
-->- Suppression:

C:\HijackThis.exe: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\PC FIXE\Recent\Navilog1.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Reply

Marsh

NOVEMBER 9, 2013 AT 9:15 PM

Ok hercules03,

Nos chemins se séparent ici...

Bonne continuation a toi ;-)

Bye`

g!rly

Reply
réponses:
  • hercules03

    encore merci à toi pour tous tes conseils

Marsh

NOVEMBER 9, 2013 AT 9:15 PM

De rien ;-)

Reply

Marsh

NOVEMBER 9, 2013 AT 9:15 PM

impossible d'insaller n'importe qu'il CD je sais pas un source de database qui manque .........VB5DB.DLL de securité
Merci m'aider

Reply

Marsh

NOVEMBER 9, 2013 AT 9:15 PM

je ne comprends pas trop ce que tu veux dire ?

Reply

Leave a Replay

Make sure you enter the(*)required information where indicate.HTML code is not allowed