Se connecter / S'enregistrer
Votre question

plus de bureau ni barre des taches

Tags :
  • barre de tache
  • Sécurité
Dernière réponse : dans Sécurité et virus
12 Juin 2008 13:11:50

bonjour à tous!
Comme le dit le titre du sujet j'ai un problème avec mon ordinateur (celui de ma cousine plutôt), son bureau a disparu, il n'y a que l'image de fond le clic de droite de marche pas, le bureau semble inactif...
J'ai déjà vu d'autres messages du genre ou ça disait de taper c:\\windows\explorer.exe, je compte le faire pour essayer mais aussi de faire une une analyse hijackthis pour voir si l'ordinateur n'est pas infecté... je vais cet après-midi chez ma cousine et vers 2h30 je posterai le rapport d'erreur et l'évolution avec l'inscription de explorer.exe.
Sur ce, à toute pour ceux qui pourraient m'aider.
merci beaucoup d'avance.

Autres pages sur : bureau barre taches

12 Juin 2008 14:13:40

voici le rapport hijackthis :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:07:17, on 12/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\windows-kb890830-v1.42-delta.exe
c:\d28654a1ecfa5bc9300bfe\mrtstub.exe
C:\WINDOWS\system32\MRT.exe
C:\Documents and Settings\jeremy\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = France Télécom Câble
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [REV] c:\documents and settings\jeremy\mes documents\jeux\conter\steamapps\fafgremy\counter-strike\Revolution_Script.exe
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Steam] C:\Documents and Settings\jeremy\Mes documents\jeux\Steam.exe -silent
O4 - HKCU\..\Run: [VoipBuster] "C:\program files\voipbuster.com\voipbuster\voipbuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Documents and Settings\jeremy\Bureau\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Documents and Settings\jeremy\Bureau\Titan Poker\casino.exe
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.linkautomatici.com
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.skymasters.biz
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 9656 bytes
Contenus similaires
12 Juin 2008 17:00:12

Mais commet j'accède au panneau de configuration pour pouvoir désinstaller avast si je n'ai aps accès au bureau et au menu démarrer, je n'ai pas trouvé. Sinon je ne fais rien avec Hijackthis rien à checkfix?
a b 8 Sécurité
12 Juin 2008 18:03:59

Tu as regardé mon lien pour désinstaller ?
13 Juin 2008 11:47:29

ok j'ai installé antivir et maintenant je fais l'analyse, je poste le rapport ensuite !
a b 8 Sécurité
13 Juin 2008 12:06:47

Oki :) 
13 Juin 2008 13:26:26

voici le rapport de antivir :





Avira AntiVir Personal
Report file date: vendredi 13 juin 2008 11:53

Scanning for 1329971 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PC

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
ANTIVIR2.VDF : 7.0.4.120 2206720 Bytes 01/06/2008 09:46:57
ANTIVIR3.VDF : 7.0.4.189 361984 Bytes 13/06/2008 09:47:03
Engineversion : 8.1.0.55
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.40 266618 Bytes 13/06/2008 09:47:42
AESCN.DLL : 8.1.0.21 119156 Bytes 13/06/2008 09:47:40
AERDL.DLL : 8.1.0.20 418165 Bytes 13/06/2008 09:47:39
AEPACK.DLL : 8.1.1.5 364918 Bytes 13/06/2008 09:47:34
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 13/06/2008 09:47:27
AEHEUR.DLL : 8.1.0.30 1253750 Bytes 13/06/2008 09:47:24
AEHELP.DLL : 8.1.0.15 115063 Bytes 13/06/2008 09:47:14
AEGEN.DLL : 8.1.0.28 307572 Bytes 13/06/2008 09:47:13
AEEMU.DLL : 8.1.0.6 430451 Bytes 13/06/2008 09:47:09
AECORE.DLL : 8.1.0.31 168310 Bytes 13/06/2008 09:47:06
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: vendredi 13 juin 2008 11:53

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'taskmgr.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'StarWindService.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'pctspk.exe' - '1' Module(s) have been scanned
Scan process 'MSCamS32.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
26 processes with 26 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '32' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\jeremy\bnfijaob.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\1\hbtwallpaper.exe
[DETECTION] Is the Trojan horse TR/Agent.154032
[NOTE] The file was deleted!
C:\Documents and Settings\jeremy\Application Data\HbTools\v3.0\HbTools\static\2\hbtwallpaper.exe
[DETECTION] Is the Trojan horse TR/Agent.154032
[NOTE] The file was deleted!
C:\Documents and Settings\jeremy\Local Settings\Temp\dllhost.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\jeremy\Mes documents\Nero Burning ROM 6.6.0.8\KeyGen\MultiKeyGen.exe
[DETECTION] Contains detection pattern of a probably damaged sample CC/00233
[NOTE] The file was deleted!
C:\Documents and Settings\mathieu\bnfijaob.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\mathieu\Mes documents\youtube.com
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\utilisateur\bnfijaob.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\utilisateur\Local Settings\Temporary Internet Files\Content.IE5\SXAZW5UB\trace[1].htm
[DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen
[NOTE] The file was deleted!
C:\Program Files\eMule\Incoming\Nero Burning Rom 6.6.0.8 Multilang Incl Keygen.rar
[0] Archive type: RAR
--> Nero Burning ROM 6.6.0.8\KeyGen\MultiKeyGen.exe
[DETECTION] Contains detection pattern of a probably damaged sample CC/00233
[NOTE] The file was deleted!
C:\Program Files\HbTools\HBTV\uninstaller.exe
[DETECTION] Contains detection pattern of the dropper DR/180Solutions.AY.2
[NOTE] The file was deleted!
C:\Program Files\Montorgueil\archives-stars-nues\archives-stars-nues.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/302366
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP708\A0368514.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP708\A0369514.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP708\A0369526.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP708\A0369533.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP709\A0369558.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP709\A0369571.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP710\A0369586.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP710\A0369607.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP710\A0369620.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP711\A0369669.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP711\A0369673.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP711\A0370659.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP711\A0370665.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP712\A0370668.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP712\A0370683.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP713\A0370709.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP714\A0370724.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP714\A0370740.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP715\A0370767.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP715\A0370788.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP716\A0370792.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP716\A0370823.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP717\A0370838.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP717\A0370849.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP718\A0371850.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP718\A0371859.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP718\A0371872.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP718\A0371887.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP719\A0371920.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP719\A0372918.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP719\A0372925.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP720\A0372943.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP720\A0372959.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP721\A0372963.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP721\A0373001.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP722\A0373009.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP722\A0373025.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP722\A0373045.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP723\A0373076.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP723\A0373081.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP724\A0373099.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP724\A0373114.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP725\A0373132.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP726\A0373158.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP726\A0373172.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP727\A0373189.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP727\A0373197.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP728\A0373226.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP728\A0373240.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP729\A0373258.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP729\A0373291.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP729\A0373294.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP729\A0373306.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP730\A0373329.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP730\A0373334.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP730\A0374329.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP750\A0380532.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP750\A0380533.exe
[DETECTION] Is the Trojan horse TR/Agent.154032
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP750\A0380534.exe
[DETECTION] Is the Trojan horse TR/Agent.154032
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP750\A0380535.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP750\A0380536.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP750\A0380537.exe
[DETECTION] Contains detection pattern of the dropper DR/180Solutions.AY.2
[NOTE] The file was deleted!
C:\System Volume Information\_restore{9884EDDB-E8C7-4489-85EC-DDB9C4F6628E}\RP750\A0380538.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/302366
[NOTE] The file was deleted!
C:\WINDOWS\Downloaded Program Files\AUTO_598_N.exe
[DETECTION] Is the Trojan horse TR/Dialer.HH.557
[NOTE] The file was deleted!
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\AUTO_598_N.exe
[DETECTION] Is the Trojan horse TR/Dialer.HH.557
[NOTE] The file was deleted!
C:\WINDOWS\system32\drivers\dtscsi.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd7533.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\vaxscsi.sys
[WARNING] The file could not be opened!
C:\WINDOWS\Temp\NSIS_Install_WMP.exe
[DETECTION] Contains detection pattern of the dropper DR/Agent.bdo.1
[NOTE] The file was deleted!
C:\WINDOWS\Temp\MT\archives-stars-nues.exe
[DETECTION] Contains detection pattern of the dial-up program DIAL/302366
[WARNING] 'Contains detection pattern of the dial-up program DIAL/302366'. This detection is probably an error. Please send us this file immediately for further analysis.


End of the scan: vendredi 13 juin 2008 13:23
Used time: 1:29:28 min

The scan has been done completely.

8608 Scanning directories
353649 Files were scanned
79 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
78 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
6 Files cannot be scanned
353570 Files not concerned
2622 Archives were scanned
7 Warnings
78 Notes

a b 8 Sécurité
13 Juin 2008 15:35:19

Reposte un rapport Hijackthis.
13 Juin 2008 20:00:52

rapport Hijackthis :



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:31:13, on 13/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\jeremy\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = France Télécom Câble
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [REV] c:\documents and settings\jeremy\mes documents\jeux\conter\steamapps\fafgremy\counter-strike\Revolution_Script.exe
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Steam] C:\Documents and Settings\jeremy\Mes documents\jeux\Steam.exe -silent
O4 - HKCU\..\Run: [VoipBuster] "C:\program files\voipbuster.com\voipbuster\voipbuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Documents and Settings\jeremy\Bureau\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Documents and Settings\jeremy\Bureau\Titan Poker\casino.exe
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.linkautomatici.com
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.skymasters.biz
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 9396 bytes
a b 8 Sécurité
14 Juin 2008 11:16:03

Re,

Télécharge [#FF0000]DelDomains.inf[/#F] (de Mike Burgess) sur ton Bureau.
**Si tu utilises FireFox : fais un clic droit sur le lien et choisis "Enregistrer la cible du lien sous..."**
  • Fais un clique droit sur le fichier, puis choisis "Installer" du menu contextuel.
  • Le script s'installe rapidement et aucune confirmation ne sera affichée à l'écran, ceci est normal.
    14 Juin 2008 11:19:46

    ok et ensuite?
    a b 8 Sécurité
    14 Juin 2008 11:35:23

    Reposte un rapport Hijackthis.
    14 Juin 2008 11:41:19

    nouveau rapport Hijackthis :



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:40:33, on 14/06/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Documents and Settings\jeremy\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = France Télécom Câble
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [REV] c:\documents and settings\jeremy\mes documents\jeux\conter\steamapps\fafgremy\counter-strike\Revolution_Script.exe
    O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [Steam] C:\Documents and Settings\jeremy\Mes documents\jeux\Steam.exe -silent
    O4 - HKCU\..\Run: [VoipBuster] "C:\program files\voipbuster.com\voipbuster\voipbuster.exe" -nosplash -minimized
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
    O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Documents and Settings\jeremy\Bureau\Titan Poker\casino.exe
    O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Documents and Settings\jeremy\Bureau\Titan Poker\casino.exe
    O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
    O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    --
    End of file - 9113 bytes
    a b 8 Sécurité
    14 Juin 2008 11:52:26

    Encore des soucis ?
    14 Juin 2008 11:54:48

    ben les icones et la barre des taches ne sont toujours pas revenu je ne peux rien faire sur le bureau...
    merci encore de ton aide
    a b 8 Sécurité
    14 Juin 2008 12:10:22

    Gestionnaire des Tâches > Nouvelle tâche > explorer
    14 Juin 2008 13:21:25

    ben désolé mais ça ne marche pas je met explorer, explorer.exe ne marche pas...
    a b 8 Sécurité
    14 Juin 2008 15:17:24

    Tu as le CD de Windows ?

    Télécharge Smitfraudfix (de S!ri).
    Enregistre-le sur ton bureau.
    Lance SmitfraudFix.exe (le .exe peut ne pas apparaitre).
    Choisis l'Option 1 (Recherche)
    Poste le premier rapport ici.

    **Si le lien ne fonctionne pas, clique ici**
    14 Juin 2008 18:12:40

    rapport Smitfraudfix :



    SmitFraudFix v2.324

    Rapport fait à 18:10:45,29, 14/06/2008
    Executé à partir de C:\Documents and Settings\jeremy\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Documents and Settings\jeremy\Bureau\SmitfraudFix\Policies.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\jeremy


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\jeremy\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\jeremy\Favoris


    »»»»»»»»»»»»»»»»»»»»»»»» Bureau


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"


    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Rustock



    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: SiS 900-Based PCI Fast Ethernet Adapter - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 212.27.54.252
    DNS Server Search Order: 212.27.53.252

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{82381EBB-BFA4-42BF-8E91-E604AF839C0B}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{E72828CA-7B0F-4252-8BD1-801A051237BB}: DhcpNameServer=82.216.111.124 82.216.111.125
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{F40A3FBE-FFA4-45B7-B642-773B273A908E}: DhcpNameServer=85.68.0.7 85.68.0.8
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{82381EBB-BFA4-42BF-8E91-E604AF839C0B}: DhcpNameServer=82.216.111.125 82.216.111.123 82.216.111.122 82.216.111.121
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{E72828CA-7B0F-4252-8BD1-801A051237BB}: DhcpNameServer=82.216.111.124 82.216.111.125
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{F40A3FBE-FFA4-45B7-B642-773B273A908E}: DhcpNameServer=85.68.0.7 85.68.0.8
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{82381EBB-BFA4-42BF-8E91-E604AF839C0B}: DhcpNameServer=82.216.111.125 82.216.111.123 82.216.111.122 82.216.111.121
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{E72828CA-7B0F-4252-8BD1-801A051237BB}: DhcpNameServer=82.216.111.124 82.216.111.125
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{F40A3FBE-FFA4-45B7-B642-773B273A908E}: DhcpNameServer=85.68.0.7 85.68.0.8
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{82381EBB-BFA4-42BF-8E91-E604AF839C0B}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{E72828CA-7B0F-4252-8BD1-801A051237BB}: DhcpNameServer=82.216.111.124 82.216.111.125
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{F40A3FBE-FFA4-45B7-B642-773B273A908E}: DhcpNameServer=85.68.0.7 85.68.0.8
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.125 82.216.111.123 82.216.111.122 82.216.111.121
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.125 82.216.111.123 82.216.111.122 82.216.111.121
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252


    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    14 Juin 2008 18:13:19

    et non je n'ai pas de cd de windows...
    a b 8 Sécurité
    15 Juin 2008 12:36:33

    Passe l'option 2 en mode sans échec pour voir.
    15 Juin 2008 15:15:37

    L'analyse n'a pu finir car ça m'a dit que le fichier explorer.exe ne pouvait être trouver, qu'il fallait que je fasse une recherche de ce fichier. Le problème est comment je fais la recherche si je ne peux pas accéder au menu démarrer...

    voici quand même le rapport :



    SmitFraudFix v2.324

    Rapport fait à 15:06:30,03, 15/06/2008
    Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{82381EBB-BFA4-42BF-8E91-E604AF839C0B}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{E72828CA-7B0F-4252-8BD1-801A051237BB}: DhcpNameServer=82.216.111.124 82.216.111.125
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{F40A3FBE-FFA4-45B7-B642-773B273A908E}: DhcpNameServer=85.68.0.7 85.68.0.8
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{82381EBB-BFA4-42BF-8E91-E604AF839C0B}: DhcpNameServer=82.216.111.125 82.216.111.123 82.216.111.122 82.216.111.121
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{E72828CA-7B0F-4252-8BD1-801A051237BB}: DhcpNameServer=82.216.111.124 82.216.111.125
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{F40A3FBE-FFA4-45B7-B642-773B273A908E}: DhcpNameServer=85.68.0.7 85.68.0.8
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{82381EBB-BFA4-42BF-8E91-E604AF839C0B}: DhcpNameServer=82.216.111.125 82.216.111.123 82.216.111.122 82.216.111.121
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{E72828CA-7B0F-4252-8BD1-801A051237BB}: DhcpNameServer=82.216.111.124 82.216.111.125
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{F40A3FBE-FFA4-45B7-B642-773B273A908E}: DhcpNameServer=85.68.0.7 85.68.0.8
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{82381EBB-BFA4-42BF-8E91-E604AF839C0B}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{E72828CA-7B0F-4252-8BD1-801A051237BB}: DhcpNameServer=82.216.111.124 82.216.111.125
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{F40A3FBE-FFA4-45B7-B642-773B273A908E}: DhcpNameServer=85.68.0.7 85.68.0.8
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.125 82.216.111.123 82.216.111.122 82.216.111.121
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.125 82.216.111.123 82.216.111.122 82.216.111.121
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252


    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    a b 8 Sécurité
    15 Juin 2008 20:23:27

    Tu as le fichier explorer.exe dans ton System32 ?
    15 Juin 2008 21:04:28

    non justement je ne l'ai pas du tout. (c'est bien juste dans le disque dur(il y en a qu'un)/windows ? car j'ai regardé sur mon ordi et c'est dans windows et pas dans windows/system32, voila donc il n'y ai pas...)
    a b 8 Sécurité
    16 Juin 2008 11:11:47

    Tu as un autre pc sous la main ?
    16 Juin 2008 12:25:17

    oui j'ai deux autres pc mais vista et non xp je ne sais pas si ça change ou pas.
    a b 8 Sécurité
    16 Juin 2008 13:22:41

    Tu peux toujours tenter de copier le fichier explorer afin de le mettre sur le pc.
    17 Juin 2008 10:24:50

    re. désolé pour hier je n'étais pas chez moi.

    Donc j'ai copier coller l'explorer.exe dans c://windows/ sur le pc ou le bureau n'apparait pas et quand je tente de l'exécuter, cela me dit que ce n'est pas une application win32 valide. J'ai reessayé de faire l'analyse avec smitfraudfix (option 2) mais pareil ça ne finit pas et ça me dit que explorer.exe n'est pas une application valide...

    voici quand même le rapport smitfraudfix (option 2) :




    SmitFraudFix v2.324

    Rapport fait à 10:11:19,46, 17/06/2008
    Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{82381EBB-BFA4-42BF-8E91-E604AF839C0B}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{E72828CA-7B0F-4252-8BD1-801A051237BB}: DhcpNameServer=82.216.111.124 82.216.111.125
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{F40A3FBE-FFA4-45B7-B642-773B273A908E}: DhcpNameServer=85.68.0.7 85.68.0.8
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{82381EBB-BFA4-42BF-8E91-E604AF839C0B}: DhcpNameServer=82.216.111.125 82.216.111.123 82.216.111.122 82.216.111.121
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{E72828CA-7B0F-4252-8BD1-801A051237BB}: DhcpNameServer=82.216.111.124 82.216.111.125
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{F40A3FBE-FFA4-45B7-B642-773B273A908E}: DhcpNameServer=85.68.0.7 85.68.0.8
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{82381EBB-BFA4-42BF-8E91-E604AF839C0B}: DhcpNameServer=82.216.111.125 82.216.111.123 82.216.111.122 82.216.111.121
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{E72828CA-7B0F-4252-8BD1-801A051237BB}: DhcpNameServer=82.216.111.124 82.216.111.125
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{F40A3FBE-FFA4-45B7-B642-773B273A908E}: DhcpNameServer=85.68.0.7 85.68.0.8
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{82381EBB-BFA4-42BF-8E91-E604AF839C0B}: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{E72828CA-7B0F-4252-8BD1-801A051237BB}: DhcpNameServer=82.216.111.124 82.216.111.125
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{F40A3FBE-FFA4-45B7-B642-773B273A908E}: DhcpNameServer=85.68.0.7 85.68.0.8
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.125 82.216.111.123 82.216.111.122 82.216.111.121
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.125 82.216.111.123 82.216.111.122 82.216.111.121
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252


    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    a b 8 Sécurité
    17 Juin 2008 13:03:12

    Ce n'est pas un problème d'infection, tu devrais voir dans la section OS.
    17 Juin 2008 13:06:58

    ok je vais reposter le message dans cette partie.
    merciencore de ton aide
    a b 8 Sécurité
    17 Juin 2008 13:20:44

    Bonne chance.
    17 Juin 2008 13:23:05

    merci beaucoup
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS