Se connecter / S'enregistrer
Votre question

Virus non trouvable, Conséquences Invivable

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
27 Février 2008 19:32:28

Bonjour tout le monde,

je suis nouveau sur le Forum et C'est la premier fois que je demadne de l'aide pour supprimer un virus. habituellement je me débrouille. Cette fois-ci jai des problemes.

Après plusieurs scans avec des antivirus gratuit ( AVG, AVAST!) aucun des deux n'a réglé le problème. Même les logiciel anti-psyware n'ont rien trouvé.

Mais j'ai souvent des Crash de Explorer.exe:
microsoft visual c++ runtime library
program:c\windows\explorer.exe

a buffer overrun has been detected which has corrupted the program's internal state.the progam cannot safely continue execution and must now be terminated

Ensuite, lorsque je me promène avec explorer sur internet, jais des Spam me disant d'installer 'Nettordinateur' ou 'Repareteurdesystem' parce que mon PC est infecté. OU j'ai des pubs de site de Poker ou de jeux online, qui semble douteux.

J'ai bien sur fait un rechercher sur internet et j'ai découvert que ces Spam était en lien avec 'MonContenuassistant'. J'ai aussi fait des recherche pour savoir qui avait eu se problèmes ainsi que les solutions, mais dans mon cas, rien n'a fonctionné.

Alors je vous demande votre aide pour réglé mon problème! je me débrouille assez bien habituellement mais là, c'est hors de mes capacités!

Merci d'Avance, Désolé pour les fautes :D 

Autres pages sur : virus trouvable consequences invivable

27 Février 2008 19:45:02

Salut,

Télécharge Hijackthis (de Trend Micro)
Poste un rapport en suivant ce tuto.
27 Février 2008 19:51:51

Alors voilà:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:50:16, on 2008-02-27
Platform: Windows Vista SP1, v.668 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.17052)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\CtHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\fcywx.dll,#1
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 6304 bytes
Contenus similaires
27 Février 2008 20:21:15

Re,

Télécharge Combofix (de sUBs) sur ton Bureau.

Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique combofix.exe. (Clique droit->Exécuter en tant qu'administrateur si sous Vista)
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : C:\Combofix.txt
27 Février 2008 20:37:11

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\fcywx.dll
C:\Windows\system32\jkkkl.dll
C:\Windows\System32\lkkkj.ini
C:\Windows\System32\lkkkj.ini2

.
((((((((((((((((((((((((( Files Created from 2008-01-27 to 2008-02-27 )))))))))))))))))))))))))))))))
.

2008-02-27 14:29 . 2008-02-27 14:29 4,958,588 --a------ C:\Windows\{00000001-00000000-00000007-00001102-00000008-10011102}.BAK
2008-02-27 13:49 . 2008-02-27 13:49 <REP> d-------- C:\Program Files\Trend Micro
2008-02-27 13:16 . 2008-02-27 13:16 <REP> d-------- C:\_OTMoveIt
2008-02-27 13:05 . 2008-02-27 13:05 250 --a------ C:\Windows\gmer.ini
2008-02-27 13:01 . 2008-02-27 13:01 <REP> d-------- C:\fixwareout
2008-02-27 12:39 . 2008-02-27 12:39 <REP> d-------- C:\VundoFix Backups
2008-02-26 22:05 . 2008-02-26 22:05 <REP> d-------- C:\Users\Steven\AppData\Roaming\Grisoft
2008-02-26 22:04 . 2007-05-30 07:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-02-26 21:39 . 2008-02-26 21:46 912 --a------ C:\Windows\eReg.dat
2008-02-26 21:28 . 1998-06-17 18:07 57,344 --a------ C:\Windows\System32\Mfc42loc.dll
2008-02-26 21:19 . 2008-02-26 21:21 <REP> d-------- C:\Program Files\EA GAMES
2008-02-26 18:17 . 2008-02-27 08:00 <REP> d-------- C:\Users\Steven\AppData\Roaming\AVG7
2008-02-26 18:16 . 2008-02-26 22:04 <REP> d-------- C:\Users\All Users\Grisoft
2008-02-26 18:16 . 2008-02-26 18:24 <REP> d-------- C:\Users\All Users\avg7
2008-02-26 18:16 . 2008-02-26 22:04 <REP> d-------- C:\ProgramData\Grisoft
2008-02-26 18:16 . 2008-02-26 18:24 <REP> d-------- C:\ProgramData\avg7
2008-02-26 18:16 . 2008-02-26 18:16 63,867 --a------ C:\Windows\BMcdde8e77.xml
2008-02-26 18:16 . 2008-02-26 18:16 9,216 --a------ C:\Windows\System32\avgwlntf.dll
2008-02-26 18:16 . 2008-02-26 18:20 22 --a------ C:\Windows\pskt.ini
2008-02-26 17:39 . 2008-02-26 17:39 102,664 --a------ C:\Windows\System32\drivers\tmcomm.sys
2008-02-26 13:36 . 2008-02-26 13:36 <REP> d-------- C:\Program Files\Alwil Software
2008-02-25 18:39 . 2008-02-25 18:39 <REP> d-------- C:\Program Files\Creative
2008-02-23 16:15 . 2008-02-23 16:15 <REP> d-------- C:\Users\All Users\GlobalSCAPE
2008-02-23 16:15 . 2008-02-23 16:15 <REP> d-------- C:\ProgramData\GlobalSCAPE
2008-02-23 15:17 . 2008-02-23 15:17 <REP> d-------- C:\Users\Steven\AppData\Roaming\GlobalSCAPE
2008-02-23 15:16 . 2008-02-26 20:09 <REP> d-------- C:\Program Files\GlobalSCAPE
2008-02-23 14:44 . 2008-02-23 14:44 <REP> d-------- C:\Program Files\WinSCP
2008-02-19 14:15 . 2008-02-19 14:15 <REP> d-------- C:\Program Files\Yahoo!
2008-02-18 19:49 . 2008-02-18 19:49 <REP> d-------- C:\Windows\Sun
2008-02-15 14:50 . 2008-02-15 14:50 <REP> d-------- C:\Program Files\Common Files\Adobe
2008-02-13 21:51 . 2008-02-13 21:51 98,304 --a------ C:\Windows\system32CmdLineExt.dll
2008-02-13 21:49 . 2006-09-28 16:05 2,414,360 --a------ C:\Windows\System32\d3dx9_31.dll
2008-02-13 21:49 . 2006-09-28 16:05 237,848 --a------ C:\Windows\System32\xactengine2_4.dll
2008-02-13 21:49 . 2006-07-28 09:30 236,824 --a------ C:\Windows\System32\xactengine2_3.dll
2008-02-13 21:49 . 2006-07-28 09:30 62,744 --a------ C:\Windows\System32\xinput1_2.dll
2008-02-13 21:49 . 2006-09-28 16:03 15,128 --a------ C:\Windows\System32\x3daudio1_1.dll
2008-02-13 21:37 . 2008-02-13 21:37 <REP> d-------- C:\Program Files\Ubisoft
2008-02-12 21:45 . 2008-02-25 16:57 <REP> d-------- C:\Program Files\IGZones
2008-02-12 20:35 . 2008-02-12 20:42 <REP> d-------- C:\Program Files\Age Of empire
2008-02-12 19:48 . 2008-02-25 16:57 <REP> d-------- C:\Program Files\GameSpy Arcade
2008-02-11 20:26 . 2008-02-11 20:26 <REP> d-------- C:\Users\Steven\AppData\Roaming\Bioshock
2008-02-11 17:08 . 2008-02-11 17:08 <REP> d-------- C:\Users\Steven\AppData\Roaming\Sierra Entertainment
2008-02-08 19:11 . 2008-02-09 17:16 <REP> d-------- C:\Users\Steven\AppData\Roaming\Apple Computer
2008-02-08 19:11 . 2008-02-27 14:31 54,156 --ah----- C:\Windows\QTFont.qfn
2008-02-08 19:11 . 2008-02-08 19:11 1,409 --a------ C:\Windows\QTFont.for
2008-02-08 19:10 . 2008-02-08 19:10 <REP> d-------- C:\Users\All Users\Apple Computer
2008-02-08 19:10 . 2008-02-08 19:10 <REP> d-------- C:\ProgramData\Apple Computer
2008-02-08 19:10 . 2008-02-08 19:10 <REP> d-------- C:\Program Files\QuickTime
2008-02-08 19:10 . 2008-02-08 19:10 <REP> d-------- C:\Program Files\iTunes
2008-02-08 19:10 . 2008-02-08 19:10 <REP> d-------- C:\Program Files\iPod
2008-02-08 19:09 . 2008-02-08 19:09 <REP> d-------- C:\Users\All Users\Apple
2008-02-08 19:09 . 2008-02-08 19:09 <REP> d-------- C:\ProgramData\Apple
2008-02-08 19:09 . 2008-02-08 19:09 <REP> d-------- C:\Program Files\Common Files\Apple
2008-02-08 19:09 . 2008-02-08 19:09 <REP> d-------- C:\Program Files\Apple Software Update
2008-02-08 18:59 . 2008-02-08 18:59 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-02-06 13:11 . 2008-02-06 13:11 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-02-04 14:18 . 2008-02-12 20:39 <REP> d-------- C:\Program Files\Dofus
2008-02-03 16:58 . 2008-02-26 18:15 1,787,709 --ahs---- C:\Windows\System32\tsohsvs.dat
2008-02-03 16:58 . 2008-02-04 15:40 499,712 --a------ C:\Windows\System32\MSVCP71.DLL
2008-02-03 16:58 . 2008-02-04 15:40 348,160 --a------ C:\Windows\System32\msvcr71.dll
2008-02-03 16:58 . 2008-02-03 16:58 32 --ahs---- C:\Windows\System32\tsohsvs.le
2008-02-03 16:57 . 2008-02-26 20:10 <REP> d-a------ C:\Users\Steven\d2hackmap_v2.10_lite
2008-02-01 16:55 . 2008-02-01 16:55 70,656 --a------ C:\Windows\ScUnin.exe
2008-02-01 16:55 . 2008-02-01 16:55 34,706 --a------ C:\Windows\scunin.dat
2008-02-01 16:55 . 2008-02-01 16:55 967 --a------ C:\Windows\ScUnin.pif
2008-02-01 16:54 . 2008-02-13 14:30 <REP> d-------- C:\Program Files\Starcraft
2008-02-01 16:49 . 2008-02-01 16:49 <REP> d-------- C:\Program Files\PowerISO
2008-01-31 23:13 . 2008-01-31 23:13 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx
2008-01-31 23:13 . 2008-01-31 23:13 57,344 --a------ C:\Windows\System32\QuickTime.qts
2008-01-30 10:11 . 2008-01-30 10:11 764,416 --a------ C:\Windows\System32\drivers\athr.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-27 02:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-27 02:17 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-27 01:10 --------- d-----w C:\Users\Steven\AppData\Roaming\Winamp
2008-02-27 01:10 --------- d-----w C:\Users\Steven\AppData\Roaming\Azureus
2008-02-27 01:10 --------- d-----w C:\Program Files\Winamp
2008-02-25 22:04 --------- d-----w C:\ProgramData\Media Center Programs
2008-02-23 19:50 --------- d-----w C:\Users\Steven\AppData\Roaming\LimeWire
2008-02-13 23:44 --------- d-----w C:\Program Files\Diablo II
2008-02-13 17:54 --------- d-----w C:\ProgramData\Microsoft Help
2008-02-13 01:45 --------- d-----w C:\Program Files\Hero Editor
2008-02-11 21:55 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-02-06 19:34 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-02-01 19:23 --------- d-----w C:\Program Files\Java
2008-01-20 14:06 --------- d-----w C:\Users\Steven\AppData\Roaming\mIRC
2008-01-20 13:46 --------- d-----w C:\Users\Steven\AppData\Roaming\Locktime
2008-01-20 13:44 --------- d-----w C:\ProgramData\Locktime
2008-01-18 22:18 73,216 ----a-w C:\Windows\ST6UNST.EXE
2008-01-18 22:18 249,856 ------w C:\Windows\Setup1.exe
2008-01-15 07:39 30,464 ----a-w C:\Windows\system32\drivers\usbaapl.sys
2008-01-14 04:49 --------- d--h--w C:\ProgramData\CanonBJ
2008-01-14 04:47 --------- d--h--w C:\Program Files\CanonBJ
2008-01-07 06:07 --------- d-----w C:\Program Files\CCleaner
2008-01-07 05:41 94,208 ----a-w C:\Windows\DIIUnin.exe
2008-01-07 03:34 22,328 ----a-w C:\Users\Steven\AppData\Roaming\PnkBstrK.sys
2008-01-07 03:33 669,184 ----a-w C:\Windows\System32\pbsvc.exe
2008-01-07 03:23 --------- d-----w C:\Program Files\Electronic Arts
2008-01-07 01:23 --------- d-----w C:\Users\Steven\AppData\Roaming\DAEMON Tools
2008-01-06 21:09 --------- d-----w C:\Program Files\Aspyr
2008-01-06 02:47 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-01-06 02:47 --------- d--h--r C:\Users\Steven\AppData\Roaming\SecuROM
2008-01-06 02:37 --------- d-----w C:\Program Files\Flagship Studios
2008-01-05 22:37 --------- d-----w C:\Program Files\LimeWire
2008-01-05 22:35 --------- d-----w C:\Program Files\Common Files\Java
2008-01-05 11:23 --------- d-----w C:\Program Files\Microsoft Games
2008-01-05 10:48 174 --sha-w C:\Program Files\desktop.ini
2008-01-05 10:42 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-05 10:42 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-01-05 10:42 --------- d-----w C:\Program Files\Windows Mail
2008-01-05 10:42 --------- d-----w C:\Program Files\Windows Journal
2008-01-05 10:42 --------- d-----w C:\Program Files\Windows Defender
2008-01-05 10:42 --------- d-----w C:\Program Files\Windows Collaboration
2008-01-05 10:42 --------- d-----w C:\Program Files\Windows Calendar
2008-01-05 10:21 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-01-05 10:21 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-01-05 00:11 --------- d-----w C:\Program Files\MSBuild
2008-01-05 00:11 --------- d-----w C:\Program Files\Microsoft Works
2008-01-05 00:09 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-05 00:07 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-01-04 21:44 --------- d-----w C:\Program Files\BitLocker
2008-01-04 21:31 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-01-04 21:24 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
2008-01-04 21:18 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2008-01-04 21:17 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2008-01-02 23:32 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-01-02 23:32 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-01-02 23:32 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
2008-01-02 23:11 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-02 23:11 --------- d-----w C:\Program Files\Windows Live
2008-01-02 23:05 --------- d-----w C:\ProgramData\WLInstaller
2007-12-31 22:44 --------- d-----w C:\ProgramData\NVIDIA
2007-12-31 22:41 715,248 ----a-w C:\Windows\system32\drivers\sptd.sys
2007-12-31 22:33 --------- d-----w C:\ProgramData\Azureus
2007-12-31 22:33 --------- d-----w C:\Program Files\Azureus
2007-12-31 22:26 --------- d-----w C:\Users\Steven\AppData\Roaming\DAEMON Tools Pro
2007-12-31 22:05 233,888 ----a-w C:\Windows\System32\DreamScene.dll
2007-12-31 21:55 409,600 ----a-w C:\Windows\System32\wrap_oal.dll
2007-12-31 21:55 114,688 ----a-w C:\Windows\System32\OpenAL32.dll
2007-12-12 02:15 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2007-11-30 12:19 986,680 ----a-w C:\Windows\System32\winload.exe
2007-11-30 12:19 926,776 ----a-w C:\Windows\System32\winresume.exe
2007-11-30 12:17 614,968 ----a-w C:\Windows\System32\ci.dll
2007-11-30 12:17 376,376 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2007-11-30 12:17 3,599,928 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-11-30 12:17 3,547,192 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-11-30 12:17 247,352 ----a-w C:\Windows\System32\clfs.sys
2007-11-30 12:17 177,208 ----a-w C:\Windows\System32\halmacpi.dll
2007-11-30 12:16 94,776 ----a-w C:\Windows\System32\MigAutoPlay.exe
2007-11-30 12:16 141,880 ----a-w C:\Windows\System32\halacpi.dll
2007-11-30 12:15 51,768 ----a-w C:\Windows\System32\PSHED.DLL
2007-11-30 12:15 1,203,792 ----a-w C:\Windows\System32\ntdll.dll
2007-11-30 12:14 24,120 ----a-w C:\Windows\System32\BOOTVID.DLL
2007-11-30 12:14 21,560 ----a-w C:\Windows\System32\kdusb.dll
2007-11-30 12:14 19,512 ----a-w C:\Windows\System32\kdcom.dll
2007-11-30 12:13 46,080 ----a-w C:\Windows\System32\NAPCRYPT.DLL
2007-11-30 12:13 103,936 ----a-w C:\Windows\System32\NAPHLPR.DLL
2007-11-30 12:12 4,595,712 ----a-w C:\Windows\System32\AuthFWSnapin.dll
2007-11-30 12:12 241,720 ----a-w C:\Windows\System32\rsaenh.dll
2007-11-30 12:12 155,704 ----a-w C:\Windows\System32\dssenh.dll
2007-11-30 12:12 131,640 ----a-w C:\Windows\System32\basecsp.dll
2007-11-30 12:10 98,816 ----a-w C:\Windows\System32\sdshext.dll
2007-11-30 12:09 98,816 ----a-w C:\Windows\System32\mfps.dll
2007-11-30 12:08 98,304 ----a-w C:\Windows\System32\iasrecst.dll
2007-11-30 12:07 98,304 ----a-w C:\Windows\System32\makecab.exe
2007-11-30 12:06 879,616 ----a-w C:\Windows\System32\Bubbles.scr
2007-11-30 12:06 1,370,624 ----a-w C:\Windows\System32\Aurora.scr
2007-11-30 12:05 7,680 ----a-w C:\Windows\System32\spwizres.dll
2007-11-30 12:05 57,856 ----a-w C:\Windows\System32\nlsbres.dll
2007-11-30 12:05 118,272 ----a-w C:\Windows\System32\RDPENCDD.dll
2007-11-30 12:04 17,920 ----a-w C:\Windows\System32\netevent.dll
2007-11-30 12:03 58,880 ----a-w C:\Windows\System32\msobjs.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2007-11-30 07:07 1233920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-29 07:05 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-30 07:13 1008184]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 05:28 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 05:28 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 05:28 81920]
"CTHelper"="CTHELPER.EXE" [2007-04-09 12:32 19456 C:\Windows\System32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 12:32 19968 C:\Windows\System32\Ctxfihlp.exe]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-15 17:54 37376]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 17:08 813912]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 12:01 1037736]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 07:23 200704]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 14:18 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-26 18:16 579072]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="C:\Windows\system32\READREG /SILENT /FAIL=1" [ ]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-26 18:16 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-02-26 18:16 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\svshost]
svshost.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link Wireless G WDA-1320]
C:\Program Files\D-Link\Wireless G WDA-1320\AirGCFG.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{BAB82DB1-C388-4505-862E-DD37A3DF2CB0}C:\program files\azureus\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus|Desc=Azureus
"UDP Query User{973247F7-0DDE-408B-B66A-95A435813D89}C:\program files\azureus\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus|Desc=Azureus
"{A4710074-DBE5-454B-A24B-D4F945871913}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"TCP Query User{802B63FF-76B2-4954-909F-4C84FFDA0641}C:\program files\internet explorer\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
"UDP Query User{5C83AA8F-CF91-4DAF-9B37-15D09E0281DB}C:\program files\internet explorer\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
"{DA2BD669-BD24-473F-A418-424CECB6E104}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{31067D60-1245-4869-9845-F5E7CD8652DE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"TCP Query User{C664E2B8-BE4F-42E9-91C7-04D06003E689}C:\program files\aspyr\guitar hero iii\gh3.exe"= UDP:C:\program files\aspyr\guitar hero iii\gh3.exe:Guitar Hero III|Desc=Guitar Hero III
"UDP Query User{6203AF60-5B04-448B-BB34-6C9F05F0F377}C:\program files\aspyr\guitar hero iii\gh3.exe"= TCP:C:\program files\aspyr\guitar hero iii\gh3.exe:Guitar Hero III|Desc=Guitar Hero III
"{36E1DB86-C8BF-45C8-A9E2-0C867DEA280F}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{C65D466C-E50E-44E5-9809-020A87678FF6}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{5AF6E523-095E-486B-93D6-99C89BBAFC4D}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{2C851684-1E82-4896-A0FF-2461C9DBFC20}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{5720AEA0-411D-4FF1-A94D-5AEB7082F64E}"= UDP:C:\Windows\System32\PnkBstrA.exe:p nkBstrA
"{A08148AB-1487-4973-AF9E-461448C2C934}"= TCP:C:\Windows\System32\PnkBstrA.exe:p nkBstrA
"{D9CCE14D-976E-4692-9D47-81E69096F9A2}"= UDP:C:\Windows\System32\PnkBstrB.exe:p nkBstrB
"{A280C0E0-B0E1-4850-AB5C-3E850719A47B}"= TCP:C:\Windows\System32\PnkBstrB.exe:p nkBstrB
"{93E3E001-C4BB-4FC1-A6FF-B79F71C43174}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{5EC2C0FC-8B21-454A-BA4C-6540C7B39F13}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{8F6A3334-72C8-4DC2-A46C-62F6BF3B9618}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe:Rainbow Six Vegas
"{995527E7-FCC9-4FBC-ADB7-64A527153847}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe:Rainbow Six Vegas
"{A7944645-141B-488B-9908-C7C06EA5DC04}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe:Rainbow Six Vegas Updater
"{370FB4F9-B965-4068-872D-0FA6827E38E0}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe:Rainbow Six Vegas Updater

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\Windows\system32\DRIVERS\A3AB.sys [2005-08-25 15:00]
S3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2008-01-30 10:11]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d92aa0f-b7e3-11dc-8197-806e6f6e6963}]
\shell\AutoRun\command - E:\AUTORUN.EXE

*Newly Created Service* - AVGASCLN
.
Contents of the 'Scheduled Tasks' folder
"2008-02-26 23:35:21 C:\Windows\Tasks\User_Feed_Synchronization-{74C20820-DC95-4AAB-990B-D949BF1487C4}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-27 14:31:10
Windows 6.0.6001 Service Pack 1, v.668 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\lpksetup.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2008-02-27 14:33:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-27 19:33:33
.
2008-02-21 22:04:59 --- E O F ---
27 Février 2008 21:08:50

Re,

Télécharge OTMoveIt > Tuto <

Sauvegarde-le sur le Bureau

Séléctionne l'encadré ci-dessous
C:\Windows\System32\tsohsvs.dat
C:\Windows\System32\tsohsvs.le
C:\Windows\pskt.ini
C:\Windows\BMcdde8e77.xml
C:\Windows\{00000001-00000000-00000007-00001102-00000008-10011102}.BAK

Lance maintenant OTMoveIt .
Assure toi que la case unregister dll’s and ocx’s soit cochée.
Deux cadres apparaissent , clique droit sur le cadre de gauche , puis colle l'encadré ci desssus.
Et clique sur Movelt !

Si le programme te demande de redemarrer, accepte.

Poste le rapport qui se trouve dans : C:\_OTMoveIt\MovedFiles\date de création!

NOTE : Si tu obtiens un message comme quoi le rapport ne peut pas être créé, copie/colle ce qui apparaît dans la colonne droite de l’outil.
27 Février 2008 21:18:14

C:\Windows\System32\tsohsvs.dat moved successfully.
C:\Windows\System32\tsohsvs.le moved successfully.
C:\Windows\pskt.ini moved successfully.
C:\Windows\BMcdde8e77.xml moved successfully.
C:\Windows\{00000001-00000000-00000007-00001102-00000008-10011102}.BAK moved successfully.

OTMoveIt2 v1.0.20 log created on 02272008_151619
27 Février 2008 22:04:34

C'est mieux ?

Reposte un HijackThis.
29 Février 2008 04:12:06

Merci michou!

Plus de spam, plus de crash de explorer, s'est terminé. tu as résolu mon probleme!

Merci!
29 Février 2008 11:26:58

Reposte quand même un HijackThis pour finir le nettoyage :) 
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS