Votre question

HLDRRR : Me voilà infecté sur deux machines

Tags :
  • Windows XP
  • Sécurité
Dernière réponse : dans Sécurité et virus
28 Mai 2007 14:34:27

Bonjour,

J'ai joué et gagné, me voilà moi aussi infecté, j'ai essayé tellement de chose que je m'y suis perdu !!!

Maintenant si vous pouvez me filer un coup de main, ça serai avec grand plaisir.

A bientôt

Voilà mon log de HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 14:35:21, on 28/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [ReEXEc] C:\Documents and Settings\Cyril\Bureau\Tooso\hldrrr\elibagla.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Autres pages sur : hldrrr infecte machines

a b 8 Sécurité
28 Mai 2007 14:53:31

Bonjour,

Tu as le rapport EliBagla ?
28 Mai 2007 14:59:20

Bonjour,
Voici le rapport EliBagla ...........
J'ai tenter beaucoup de chose, on le vois dans le log, mais apparement il n'y est plus !!!!

Mon May 28 13:08:11 2007
EliBagle v10.39 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Renombrado a .VIR
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\CYRIL\APPLICATION DATA\HIDIRES\HIDR.EXE --> Eliminado Bagle
C:\DOCUMENTS AND SETTINGS\CYRIL\APPLICATION DATA\HIDIRES\M_HOOK.SYS --> Eliminado Bagle (rootkit)
C:\WINDOWS\SYSTEM32\HLDRRR.EXE --> Bagle.dldr Renombrado a .VIR
Eliminada Carpeta "%WinDir%\exefld"
Restaurada Clave: "SafeBoot\Minimal y Network"

Mon May 28 13:08:38 2007
EliBagle v10.39 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Mon May 28 13:16:31 2007
EliBagle v10.39 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad E:\

Mon May 28 13:16:37 2007
EliBagle v10.39 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Mon May 28 14:44:10 2007
EliBagle v10.39 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Eliminada Carpeta "%AppData%\Hidires"

Mon May 28 14:44:17 2007
EliBagle v10.39 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
Exploración Detenida por el Usuario.

Mon May 28 14:53:45 2007
EliBagle v10.39 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE.VIR --> Eliminado
C:\WINDOWS\SYSTEM32\HLDRRR.EXE.VIR --> Eliminado

Mon May 28 14:58:30 2007
EliBagle v10.39 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Mon May 28 14:58:33 2007
EliBagle v10.39 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Merci encore pour votre aide, j'ai le deuxième pc à traiter de toute façon dès que celui là sera clair.
A bientôt
Contenus similaires
a b 8 Sécurité
28 Mai 2007 15:03:19

Re,

Télécharge Blacklight (F-Secure), clique sur " I ACCEPT " en bas de la page :
Clique sur le premier " Download " afin de télécharger le programme
Sauvegarde le sur ton Bureau
Double-clique fsbl.exe et accepte la licence; clique Scan puis Next.

A la fin du scan, NE TOUCHE A RIEN !

Tu verras un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
Nous devons analyser ce rapport, ferme donc le BlackLight.

Poste le rapport sur le forum.

AIDE : Tuto sur BlackLight (Malekal)
28 Mai 2007 15:14:22

Re,

Voici le rapport Blacklight

05/28/07 15:14:17 [Info]: BlackLight Engine 1.0.61 initialized
05/28/07 15:14:17 [Info]: OS: 5.1 build 2600 (Service Pack 2)
05/28/07 15:14:17 [Note]: 7019 4
05/28/07 15:14:17 [Note]: 7005 0
05/28/07 15:14:30 [Note]: 7006 0
05/28/07 15:14:30 [Note]: 7011 160
05/28/07 15:14:30 [Note]: 7026 0
05/28/07 15:14:30 [Note]: 7026 0
05/28/07 15:14:31 [Note]: FSRAW library version 1.7.1021
05/28/07 15:16:50 [Note]: 7007 0
a b 8 Sécurité
28 Mai 2007 15:19:27

Re,

- Lance Hijackthis ->Do a system scan only
->Coche la ligne ci-dessous :

O4 - HKLM\..\RunOnce: [ReEXEc] C:\Documents and Settings\Cyril\Bureau\Tooso\hldrrr\elibagla.exe

Clique sur Fix checked (en bas à gauche)

Installe un antivirus comme Antivir d'urgence.
28 Mai 2007 15:25:59

Re,

Je n'a plus cette ligne dans le scan, je te remets le log de HijackThis ?????

Logfile of HijackThis v1.99.1
Scan saved at 15:28:57, on 28/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Hijackthis\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

a b 8 Sécurité
28 Mai 2007 15:28:33

Et Antivir ?
28 Mai 2007 15:37:04

Re,

J'installe avast! antivirus, le boot scan est en cours sur la machine.

A bientôt
a b 8 Sécurité
28 Mai 2007 15:38:53

Ok ;) 
28 Mai 2007 16:16:42

Re,

Impossible d'installer avast! antivirus.
il se fait supprimer aussitôt

J'installe Antivir, et je reposterai les logs

A bientôt
a b 8 Sécurité
28 Mai 2007 16:18:10

OK.
28 Mai 2007 18:24:24

Re,

Antivir est installé et fonctionne.

Voilà le dernier log de HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 18:27:36, on 28/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\AntiVir PersonalEdition Classic\avscan.exe
C:\WINDOWS\system32\notepad.exe
C:\Hijackthis\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

a b 8 Sécurité
28 Mai 2007 18:25:16

Fais un scan avec Antivir puis poste le rapport.
28 Mai 2007 18:45:30

Re,

Voilà le log de Antivir



AntiVir PersonalEdition Classic
Report file date: lundi 28 mai 2007 16:55

Scanning for 793316 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Cyril
Computer name: PCENFANTS

Version information:
BUILD.DAT : 247 14437 Bytes 10/05/2007 11:55:00
AVSCAN.EXE : 7.0.4.15 282664 Bytes 20/04/2007 11:37:14
AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/03/2007 11:31:54
LUKE.DLL : 7.0.4.11 143400 Bytes 27/03/2007 11:26:04
LUKERES.DLL : 7.0.4.0 10280 Bytes 19/03/2007 11:18:59
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 13:08:58
ANTIVIR1.VDF : 6.38.1.170 5569024 Bytes 21/05/2007 14:23:35
ANTIVIR2.VDF : 6.38.1.171 2048 Bytes 21/05/2007 14:23:35
ANTIVIR3.VDF : 6.38.1.195 140288 Bytes 28/05/2007 14:23:35
AVEWIN32.DLL : 7.4.0.27 2478592 Bytes 28/05/2007 14:23:35
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.1 24616 Bytes 27/03/2007 11:31:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.3.0.9 360488 Bytes 28/05/2007 14:23:35
AVREG.DLL : 7.0.1.2 31784 Bytes 15/03/2007 08:05:08
AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/03/2007 11:16:05
AVARKT.DLL : 1.0.0.17 278568 Bytes 02/05/2007 10:32:26
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13/03/2007 09:46:18
RCTEXT.DLL : 7.0.45.0 86056 Bytes 19/03/2007 11:42:42

Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: lundi 28 mai 2007 16:55

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
24 processes with 24 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '10' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Cyril\Bureau\Nettoyage\Norton SystemWorks Premier 2005 Fr + Antivirus 05 FR + Internet Security 05 Fr + Cracks ^^.rar
[0] Archive type: RAR
--> CD 1\GoBack\Setup.exe
[DETECTION] Contains signature of the dial-up program DIAL/Generic
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16001
[WARNING] Failed!
C:\Documents and Settings\Cyril\Bureau\Nettoyage\Norton SystemWork\CD 1\GoBack\Setup.exe
[DETECTION] Contains signature of the dial-up program DIAL/Generic
[INFO] The file was moved to '46ceeedd.qua'!
Begin scan in 'D:\' <DOCUMENTS>
D:\RECYCLER\NPROTECT\00000064.EXE
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000065.exe
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000066.exe
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000067.exe
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000068.EXE
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000069.exe
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000070.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000071.DLL
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000072.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000124.EXE
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000125.exe
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000126.exe
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000127.exe
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000128.EXE
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000129.exe
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000130.exe
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000131.exe
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000132.exe
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000133.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000134.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000135.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000136.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000137.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000138.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000139.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000140.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000141.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000142.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000143.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000144.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000145.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000146.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000147.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000148.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000149.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000150.DLL
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000151.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000152.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000153.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000154.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000155.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000156.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000157.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000158.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000159.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000160.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000161.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000162.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000163.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000164.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000165.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000166.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000167.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000168.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000169.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000170.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000171.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000172.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000173.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000174.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000175.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000176.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000177.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000178.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000179.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000192.EXE
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000193.exe
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000194.exe
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000195.exe
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000196.EXE
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000197.exe
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000198.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000199.DLL
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000200.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000252.EXE
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000253.exe
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000254.exe
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000255.exe
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000256.EXE
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000257.exe
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000258.exe
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000259.exe
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000260.exe
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000261.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000262.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000263.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000264.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000265.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000266.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000267.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000268.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000269.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000270.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000271.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000272.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000273.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000274.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000275.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000276.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000277.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000278.DLL
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000279.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000280.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000281.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000282.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000283.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000284.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000285.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000286.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000287.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000288.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000289.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000290.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000291.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000292.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000293.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000294.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000295.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000296.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000297.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000298.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000299.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000300.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000301.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000302.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000303.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000304.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000305.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000306.dll
[WARNING] The file could not be opened!
D:\RECYCLER\NPROTECT\00000307.dll
[WARNING] The file could not be opened!


End of the scan: lundi 28 mai 2007 17:10
Used time: 14:59 min

The scan has been done completely.

2195 Scanning directories
81945 Files were scanned
2 viruses and/or unwanted programs were found
0 classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
132 Files cannot be scanned
81943 Files not concerned
1668 Archives were scanned
133 Warnings
60 Notes
0 Hidden objects were found

a b 8 Sécurité
28 Mai 2007 18:46:49

Reposte un rapport Hijackthis.
28 Mai 2007 18:48:41

Re,
J'ai installé ANtivir, Kerio personnal firewall et AVG antispyware
Est-ce nécessaire et suffisant pour l'avenir ?
Merci de ta préçieuse aide
a b 8 Sécurité
28 Mai 2007 18:49:58

C'est suffisant.
28 Mai 2007 18:51:39

Encore moi avec le rapport Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 18:54:42, on 28/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Hijackthis\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe

a b 8 Sécurité
28 Mai 2007 18:58:33

C'est ok :) 
28 Mai 2007 19:02:54

Merci beaucoup GRAND chef !!!!!!!!!!!!!!!
Pour le deuxième PC je commence par le rapport HijackThis ...........
Je change de machine.
a b 8 Sécurité
28 Mai 2007 19:04:52

OK.
28 Mai 2007 19:06:28

Allez c'est reparti,
Les scans sur ce pc risque d'être plus long !!!!

Logfile of HijackThis v1.99.1
Scan saved at 19:09:27, on 28/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
E:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\MSN Messenger\usnsvc.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\sstray.exe
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\Program Files\MessengerPlus! 3\MsgPlus1.exe
E:\Program Files\Real\RealPlayer\RealPlay.exe
E:\Program Files\Philips ToUcam Camera\VProperty.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\D-Tools\daemon.exe
E:\Program Files\FLIR Systems\QuickView\T3Mon.exe
E:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
E:\Program Files\Cobian Backup 8\cbInterface.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Microsoft Money\System\mnyexpr.exe
E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
E:\WINDOWS\system32\hldrrr.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\PROGRA~1\MI3AA1~1\rapimgr.exe
E:\Program Files\Logitech\SetPoint\SetPoint.exe
E:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
E:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
E:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\WINDOWS\system32\winlogon.exe
E:\Program Files\Microsoft ActiveSync\WCESMgr.exe
E:\Program Files\Microsoft ActiveSync\wcescomm.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\HijackThis\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - E:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - E:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [MessengerPlus3] "E:\Program Files\MessengerPlus! 3\MsgPlus1.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RealTray] E:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ToUcamVProperty] E:\Program Files\Philips ToUcam Camera\VProperty.exe
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [awxDTools] rundll32 E:\PROGRA~1\arniWORX\AWXDTO~1\awxDTools.dll,awxRegisterDll /r /s
O4 - HKLM\..\Run: [UpdateManager] "E:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [T3Mon] "E:\Program Files\FLIR Systems\QuickView\T3Mon.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "E:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] E:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Cobian Backup 8 interface] "E:\Program Files\Cobian Backup 8\cbInterface.exe" -service
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "E:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [NBJ] "E:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "E:\Program Files\MessengerPlus! 3\MsgPlus1.exe" /WinStart
O4 - HKCU\..\Run: [LDM] E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = E:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &eBay Search - res://E:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://E:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://E:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://E:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://E:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - E:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - E:\Program Files\Microsoft Money\System\mnyside.dll
O15 - Trusted Zone: www.ebay.fr
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avgwlntf - E:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - E:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Cobian Backup 8 service (CobBMService) - Luis Cobian - E:\Program Files\Cobian Backup 8\cbService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - E:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - E:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: Serv-U FTP Server (Serv-U) - Unknown owner - E:\PROGRA~1\Serv-U\ServUDaemon.exe (file missing)
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - E:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)

a b 8 Sécurité
28 Mai 2007 19:10:32

Quels sont les problèmes ?
28 Mai 2007 19:16:31

Mon antivirus AVG à litéralement disparus du pc, et j eretrouve la même chose que dans l'autre pc :
"hldrrr.exe"
Ce pc là est très sensible, les disques sont gros et bien remplis et je ne veux pas faire de bétises
a b 8 Sécurité
28 Mai 2007 19:18:56

Un scan EliBagla alors :) 
28 Mai 2007 20:03:22

Re,

Bon apparemment y'a eus du ménage de fait lors du scan mais, ça se complique .....................
Impossible de trouver le fichier log, j'ai pas de c: sur ce pc
comment faire grand chef ??
a b 8 Sécurité
28 Mai 2007 20:45:50

Fais un scan Blacklight alors.
28 Mai 2007 22:32:40

Re,

Voilà le log de backlight

05/28/07 21:04:58 [Info]: BlackLight Engine 1.0.61 initialized
05/28/07 21:04:58 [Info]: OS: 5.1 build 2600 (Service Pack 2)
05/28/07 21:04:58 [Note]: 7019 4
05/28/07 21:04:58 [Note]: 7005 0
05/28/07 21:05:01 [Note]: 7006 0
05/28/07 21:05:01 [Note]: 7011 504
05/28/07 21:05:01 [Note]: 7026 0
05/28/07 21:05:01 [Note]: 7026 0
05/28/07 21:05:01 [Note]: 7024 3
05/28/07 21:05:01 [Info]: Hidden process: E:\WINDOWS\system32\wintems.exe
05/28/07 21:05:01 [Note]: 7024 3
05/28/07 21:05:01 [Info]: Hidden process: E:\WINDOWS\system32\hldrrr.exe
05/28/07 21:05:04 [Note]: FSRAW library version 1.7.1021
05/28/07 21:06:24 [Info]: Hidden file: e:\Program Files\Movie Maker\shared\empty.txt
05/28/07 21:06:24 [Note]: 10002 3
05/28/07 21:06:24 [Info]: Hidden file: e:\Program Files\Movie Maker\shared\filters.xml
05/28/07 21:06:24 [Note]: 10002 3
05/28/07 21:06:24 [Info]: Hidden file: e:\Program Files\Movie Maker\shared\news.png
05/28/07 21:06:24 [Note]: 10002 3
05/28/07 21:06:24 [Info]: Hidden file: e:\Program Files\Movie Maker\shared\paint.png
05/28/07 21:06:24 [Note]: 10002 3
05/28/07 21:06:24 [Info]: Hidden file: e:\Program Files\Movie Maker\shared\profiles\blank.txt
05/28/07 21:06:24 [Note]: 10002 3
05/28/07 21:06:24 [Info]: Hidden file: e:\Program Files\Movie Maker\shared\sample1.jpg
05/28/07 21:06:24 [Note]: 10002 3
05/28/07 21:06:24 [Info]: Hidden file: e:\Program Files\Movie Maker\shared\sample2.jpg
05/28/07 21:06:24 [Note]: 10002 3
05/28/07 21:06:24 [Note]: 10002 2
05/28/07 21:06:24 [Note]: 10002 2
05/28/07 21:09:33 [Note]: 10002 2
05/28/07 21:09:33 [Note]: 10002 2
05/28/07 21:11:00 [Note]: 2000 1012
05/28/07 21:11:00 [Note]: 2000 1012
05/28/07 21:11:00 [Note]: 7002 0
05/28/07 21:11:00 [Note]: 7003 1
05/28/07 21:11:00 [Note]: 7002 0
05/28/07 21:11:00 [Note]: 7003 1
a b 8 Sécurité
29 Mai 2007 16:38:11

Le scan EliBagla ne fonctionne toujours pas ?
29 Mai 2007 19:08:10

Bonjour,

Le scan fonctionne mais ou trouver le fichier log ?
a b 8 Sécurité
29 Mai 2007 19:17:23

Dans E:
29 Mai 2007 23:19:17

Bonsoir,
Je ne suis pas trop bête quand même.
En branchant un vieux disque dur j'ai réussit à me faire un c:, du coup j'ai récupéré le fichier infoSat.txt qui est collé d'office dans le c: quelque soit le disque scanné.

Le voilà :


Tue May 29 23:01:47 2007
EliBagle v10.39 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
E:\WINDOWS\SYSTEM32\WINTEMS.EXE.VIR --> Eliminado
E:\WINDOWS\SYSTEM32\HLDRRR.EXE.VIR --> Eliminado
Eliminada Carpeta "%AppData%\Hidires"

Tue May 29 23:01:55 2007
EliBagle v10.39 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Tue May 29 23:02:01 2007
EliBagle v10.39 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad E:\
29 Mai 2007 23:42:53

Re,

Maintenant le log de HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 23:46:53, on 29/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
E:\WINDOWS\system32\sstray.exe
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\Program Files\MessengerPlus! 3\MsgPlus1.exe
E:\Program Files\Real\RealPlayer\RealPlay.exe
E:\Program Files\Philips ToUcam Camera\VProperty.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\D-Tools\daemon.exe
E:\Program Files\FLIR Systems\QuickView\T3Mon.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
E:\Program Files\Cobian Backup 8\cbInterface.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Microsoft Money\System\mnyexpr.exe
E:\Program Files\Microsoft ActiveSync\wcescomm.exe
E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
E:\PROGRA~1\MI3AA1~1\rapimgr.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\Program Files\Logitech\SetPoint\SetPoint.exe
E:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
E:\Program Files\Microsoft ActiveSync\WCESMgr.exe
E:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
E:\Program Files\MSN Messenger\usnsvc.exe
E:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\HijackThis\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - E:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - E:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [MessengerPlus3] "E:\Program Files\MessengerPlus! 3\MsgPlus1.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RealTray] E:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ToUcamVProperty] E:\Program Files\Philips ToUcam Camera\VProperty.exe
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [awxDTools] rundll32 E:\PROGRA~1\arniWORX\AWXDTO~1\awxDTools.dll,awxRegisterDll /r /s
O4 - HKLM\..\Run: [UpdateManager] "E:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [T3Mon] "E:\Program Files\FLIR Systems\QuickView\T3Mon.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "E:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] E:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Cobian Backup 8 interface] "E:\Program Files\Cobian Backup 8\cbInterface.exe" -service
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "E:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [NBJ] "E:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "E:\Program Files\MessengerPlus! 3\MsgPlus1.exe" /WinStart
O4 - HKCU\..\Run: [LDM] E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = E:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &eBay Search - res://E:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://E:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://E:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://E:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://E:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - E:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - E:\Program Files\Microsoft Money\System\mnyside.dll
O15 - Trusted Zone: www.ebay.fr
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avgwlntf - E:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - E:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Cobian Backup 8 service (CobBMService) - Luis Cobian - E:\Program Files\Cobian Backup 8\cbService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - E:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - E:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: Serv-U FTP Server (Serv-U) - Unknown owner - E:\PROGRA~1\Serv-U\ServUDaemon.exe (file missing)
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - E:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)

a b 8 Sécurité
30 Mai 2007 12:07:31

Re,

- Lance Hijackthis ->Do a system scan only
->Coche les lignes ci-dessous :

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

Clique sur Fix checked (en bas à gauche)
31 Mai 2007 01:07:31

Re,

C'est fait, voilà le nouveau scan Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 01:05:16, on 31/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
E:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\sstray.exe
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\Program Files\MessengerPlus! 3\MsgPlus1.exe
E:\Program Files\Real\RealPlayer\RealPlay.exe
E:\Program Files\Philips ToUcam Camera\VProperty.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\D-Tools\daemon.exe
E:\Program Files\FLIR Systems\QuickView\T3Mon.exe
E:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
E:\Program Files\Cobian Backup 8\cbInterface.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Microsoft Money\System\mnyexpr.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
E:\PROGRA~1\MI3AA1~1\rapimgr.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\Program Files\Logitech\SetPoint\SetPoint.exe
E:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE
E:\WINDOWS\System32\svchost.exe
E:\Program Files\MSN Messenger\usnsvc.exe
E:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
E:\WINDOWS\system32\wuauclt.exe
E:\HijackThis\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - E:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - E:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [MessengerPlus3] "E:\Program Files\MessengerPlus! 3\MsgPlus1.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RealTray] E:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ToUcamVProperty] E:\Program Files\Philips ToUcam Camera\VProperty.exe
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "E:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [awxDTools] rundll32 E:\PROGRA~1\arniWORX\AWXDTO~1\awxDTools.dll,awxRegisterDll /r /s
O4 - HKLM\..\Run: [UpdateManager] "E:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [T3Mon] "E:\Program Files\FLIR Systems\QuickView\T3Mon.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "E:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] E:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Cobian Backup 8 interface] "E:\Program Files\Cobian Backup 8\cbInterface.exe" -service
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "E:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [NBJ] "E:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "E:\Program Files\MessengerPlus! 3\MsgPlus1.exe" /WinStart
O4 - HKCU\..\Run: [LDM] E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = E:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &eBay Search - res://E:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://E:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://E:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://E:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://E:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - E:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - E:\Program Files\Microsoft Money\System\mnyside.dll
O15 - Trusted Zone: www.ebay.fr
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avgwlntf - E:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - E:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Cobian Backup 8 service (CobBMService) - Luis Cobian - E:\Program Files\Cobian Backup 8\cbService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - E:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - E:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: Serv-U FTP Server (Serv-U) - Unknown owner - E:\PROGRA~1\Serv-U\ServUDaemon.exe (file missing)
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - E:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)

a b 8 Sécurité
31 Mai 2007 11:38:16

Toujours des problèmes ?
3 Septembre 2007 23:47:59

Un petit boujour,
Pour m'excuser de vous avoir laissé en plan mais le disque dur de cette machine à planté net, impossible de booter.
J'ai racheté une machine qui marche du tonnere et je vais mettre les outils de protection gratuits conseillé sur ce forum.
Merci encore
A+
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS