Votre question

tratbho probleme de virus. Comme tout le monde

Tags :
  • Windows genuine advantage
  • Sécurité
Dernière réponse : dans Sécurité et virus
5 Février 2008 14:22:05

Bonjour à tous, je viens demander votre aide car j'y suis depuis le début de la matinée et franchement, ce virus commence à me lourder menu. Pour prendre un peu d'avance, je vais donc vous poster mon rapport hijackthis.

Logfile of HijackThis v1.99.1
Scan saved at 14:09, on 2008-02-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Kevtif\Local Settings\Temporary Internet Files\Content.IE5\3IGV9BSW\VundoFix[1].exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
O1 - Hosts: <HTML><HEAD>
O1 - Hosts: <TITLE>404 Not Found</TITLE>
O1 - Hosts: </HEAD><BODY>
O1 - Hosts: <H1>Not Found</H1>
O1 - Hosts: The requested URL /stat.dat was not found on this server.<P>
O1 - Hosts: </BODY></HTML>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3A4AA399-D670-406B-B07D-2A3634665FF6} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {CA8F48FC-015C-4EE8-8D70-A5EE0DDB2A2E} - C:\WINDOWS\system32\pmkjh.dll
O3 - Toolbar: (no name) - {9ea93803-e5b5-44c5-bd2c-ef106038dcba} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CCDE07D-4782-4723-885B-E9113113FA4B}: NameServer = 80.10.246.2,80.10.246.129
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: hgggfdb - C:\WINDOWS\SYSTEM32\hgggfdb.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

Merci de votre aide

Autres pages sur : tratbho probleme virus monde

5 Février 2008 14:24:09

Je suis également en train de faire un scan avec Vundofix, je poste dès que possible.
5 Février 2008 14:46:04

Voilà le résultat


[02/05/2008, 13:29:09] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Kevtif\Local Settings\Temporary Internet Files\Content.IE5\V16F6X8C\VirtumundoBeGone[1].exe" )
[02/05/2008, 13:29:16] - Detected System Information:
[02/05/2008, 13:29:16] - Windows Version: 5.1.2600, Service Pack 2
[02/05/2008, 13:29:16] - Current Username: Kevtif (Admin)
[02/05/2008, 13:29:16] - Windows is in NORMAL mode.
[02/05/2008, 13:29:16] - Searching for Browser Helper Objects:
[02/05/2008, 13:29:16] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/05/2008, 13:29:16] - BHO 2: {3A4AA399-D670-406B-B07D-2A3634665FF6} ()
[02/05/2008, 13:29:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/05/2008, 13:29:16] - Checking for HKLM\...\Winlogon\Notify\ddccy
[02/05/2008, 13:29:16] - Key not found: HKLM\...\Winlogon\Notify\ddccy, continuing.
[02/05/2008, 13:29:16] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/05/2008, 13:29:16] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[02/05/2008, 13:29:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/05/2008, 13:29:16] - No filename found. Continuing.
[02/05/2008, 13:29:16] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[02/05/2008, 13:29:16] - BHO 6: {E180F496-8A4B-44E2-9FE0-0364E345DB7F} ()
[02/05/2008, 13:29:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/05/2008, 13:29:16] - Checking for HKLM\...\Winlogon\Notify\nnnonkk
[02/05/2008, 13:29:16] - Found: HKLM\...\Winlogon\Notify\nnnonkk - This is probably Virtumundo.
[02/05/2008, 13:29:16] - Assigning {E180F496-8A4B-44E2-9FE0-0364E345DB7F} MSEvents Object
[02/05/2008, 13:29:16] - BHO list has been changed! Starting over...
[02/05/2008, 13:29:16] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/05/2008, 13:29:16] - BHO 2: {3A4AA399-D670-406B-B07D-2A3634665FF6} ()
[02/05/2008, 13:29:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/05/2008, 13:29:16] - Checking for HKLM\...\Winlogon\Notify\ddccy
[02/05/2008, 13:29:16] - Key not found: HKLM\...\Winlogon\Notify\ddccy, continuing.
[02/05/2008, 13:29:16] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/05/2008, 13:29:16] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[02/05/2008, 13:29:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/05/2008, 13:29:16] - No filename found. Continuing.
[02/05/2008, 13:29:16] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[02/05/2008, 13:29:16] - BHO 6: {E180F496-8A4B-44E2-9FE0-0364E345DB7F} (MSEvents Object)
[02/05/2008, 13:29:16] - ALERT: Found MSEvents Object!
[02/05/2008, 13:29:16] - Finished Searching Browser Helper Objects
[02/05/2008, 13:29:16] - *** Detected MSEvents Object
[02/05/2008, 13:29:16] - Trying to remove MSEvents Object...
[02/05/2008, 13:29:17] - Terminating Process: IEXPLORE.EXE
[02/05/2008, 13:29:17] - Terminating Process: RUNDLL32.EXE
[02/05/2008, 13:29:18] - Disabling Automatic Shell Restart
[02/05/2008, 13:29:18] - Terminating Process: EXPLORER.EXE
[02/05/2008, 13:29:18] - Suspending the NT Session Manager System Service
[02/05/2008, 13:29:18] - Terminating Windows NT Logon/Logoff Manager
[02/05/2008, 13:29:18] - Re-enabling Automatic Shell Restart
[02/05/2008, 13:29:18] - File to disable: C:\WINDOWS\system32\nnnonkk.dll
[02/05/2008, 13:29:18] - Renaming C:\WINDOWS\system32\nnnonkk.dll -> C:\WINDOWS\system32\nnnonkk.dll.vir
[02/05/2008, 13:29:18] - File successfully renamed!
[02/05/2008, 13:29:18] - Removing HKLM\...\Browser Helper Objects\{E180F496-8A4B-44E2-9FE0-0364E345DB7F}
[02/05/2008, 13:29:18] - Removing HKCR\CLSID\{E180F496-8A4B-44E2-9FE0-0364E345DB7F}
[02/05/2008, 13:29:18] - Adding Kill Bit for ActiveX for GUID: {E180F496-8A4B-44E2-9FE0-0364E345DB7F}
[02/05/2008, 13:29:18] - Deleting ATLEvents/MSEvents Registry entries
[02/05/2008, 13:29:18] - Removing HKLM\...\Winlogon\Notify\nnnonkk
[02/05/2008, 13:29:18] - Searching for Browser Helper Objects:
[02/05/2008, 13:29:18] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/05/2008, 13:29:18] - BHO 2: {3A4AA399-D670-406B-B07D-2A3634665FF6} ()
[02/05/2008, 13:29:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/05/2008, 13:29:18] - Checking for HKLM\...\Winlogon\Notify\ddccy
[02/05/2008, 13:29:18] - Key not found: HKLM\...\Winlogon\Notify\ddccy, continuing.
[02/05/2008, 13:29:18] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/05/2008, 13:29:18] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[02/05/2008, 13:29:18] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/05/2008, 13:29:18] - No filename found. Continuing.
[02/05/2008, 13:29:18] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[02/05/2008, 13:29:18] - Finished Searching Browser Helper Objects
[02/05/2008, 13:29:18] - Finishing up...
[02/05/2008, 13:29:18] - A restart is needed.
[02/05/2008, 13:29:26] - Attempting to Restart via STOP error (Blue Screen!)

[02/05/2008, 14:42:05] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Kevtif\Local Settings\Temporary Internet Files\Content.IE5\YLEN9U3D\VirtumundoBeGone[1].exe" )
[02/05/2008, 14:42:11] - Detected System Information:
[02/05/2008, 14:42:12] - Windows Version: 5.1.2600, Service Pack 2
[02/05/2008, 14:42:12] - Current Username: Kevtif (Admin)
[02/05/2008, 14:42:12] - Windows is in NORMAL mode.
[02/05/2008, 14:42:12] - Searching for Browser Helper Objects:
[02/05/2008, 14:42:12] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/05/2008, 14:42:12] - BHO 2: {3A4AA399-D670-406B-B07D-2A3634665FF6} ()
[02/05/2008, 14:42:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/05/2008, 14:42:12] - No filename found. Continuing.
[02/05/2008, 14:42:12] - BHO 3: {73995121-93A9-4513-A69E-0306E2141530} ()
[02/05/2008, 14:42:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/05/2008, 14:42:12] - Checking for HKLM\...\Winlogon\Notify\pmkjh
[02/05/2008, 14:42:12] - Key not found: HKLM\...\Winlogon\Notify\pmkjh, continuing.
[02/05/2008, 14:42:12] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/05/2008, 14:42:12] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[02/05/2008, 14:42:12] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/05/2008, 14:42:12] - No filename found. Continuing.
[02/05/2008, 14:42:12] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[02/05/2008, 14:42:12] - Finished Searching Browser Helper Objects
[02/05/2008, 14:42:12] - Finishing up...
[02/05/2008, 14:42:12] - Nothing found! Exiting...
Contenus similaires
5 Février 2008 14:59:36

Voilà, j'ai également fait un scan combofix, mais je ne sais pas comment voir le résultat. Sinon, après ce scan, j'ai refais un scan Hijack, que voici. Merci de me donner un coup de main.

Logfile of HijackThis v1.99.1
Scan saved at 14:56, on 2008-02-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
O1 - Hosts: <HTML><HEAD>
O1 - Hosts: <TITLE>404 Not Found</TITLE>
O1 - Hosts: </HEAD><BODY>
O1 - Hosts: <H1>Not Found</H1>
O1 - Hosts: The requested URL /stat.dat was not found on this server.<P>
O1 - Hosts: </BODY></HTML>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {73995121-93A9-4513-A69E-0306E2141530} - C:\WINDOWS\system32\pmkjh.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {9ea93803-e5b5-44c5-bd2c-ef106038dcba} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\kmd.exe /c C:\ComboFix\Combobatch.bat
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CCDE07D-4782-4723-885B-E9113113FA4B}: NameServer = 80.10.246.2,80.10.246.129
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: tuvsqqp - C:\WINDOWS\SYSTEM32\tuvsqqp.dll
O20 - Winlogon Notify: vtustqr - vtustqr.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

5 Février 2008 15:21:50

Bon, après toutes ces manip, PC toujours infecté. J'espère que quelqu'un aura une solution à me proposer
5 Février 2008 15:39:18

A chaque redémarrage de Windows, une fenêtre bleue apparait. Est ce normal ?
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS