Votre question

holename.exe et 32 regs.exe = virus???

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
25 Juin 2007 13:42:06

Bonjours pourriez vous m'éclairez sur ce que sont ces deux programme holename.exe et 32 regs.exe ils demande à zone alarm de se lancer à chaque démarrage d'internet explorer ou firefox et ce depuis quelques temps....
J'ai fait uin rapport Hijack qui donne ceci:
Mercii



Logfile of HijackThis v1.99.1
Scan saved at 13:41:36, on 25/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sagem Photo Easy\AzAgent.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\moi\LOCALS~1\Temp\Rar$EX00.422\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: XBTB06829 - {1D09A743-00ED-4713-BCC4-32D590D1087A} - C:\Program Files\Toolbar\like_googlenew1.1a.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Procesor Driver - {25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} - C:\Program Files\Toolbar\like_googlenew1.1a.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AzAgent] "C:\Program Files\Sagem Photo Easy\AzAgent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WellPhone DirectSync - ScheduleSync] C:\PROGRA~1\WELLPH~1\SCHEDU~1.EXE
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [morecurbdrawbike] C:\Documents and Settings\All Users\Application Data\for obj more curb\holename.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\system32\mstask.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [01 amen] C:\DOCUME~1\moi\APPLIC~1\PROXYA~1\32 regs.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F831FA7-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Program Files\AutoCAD 2002 Fra\InstFred.ocx
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jeremusicool.spaces.live.com//PhotoUpload/MsnPUp...
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Contrôle d'AcDcToday) - file://C:\Program Files\AutoCAD 2002 Fra\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {AE563727-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002 Fra\InstBanr.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Gestion d'AcPreview) - file://C:\Program Files\AutoCAD 2002 Fra\AcPreview.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E5CD956-A04D-4458-AD3B-2A28EE1B0CB7}: NameServer = 212.27.32.176,212.27.32.177
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Autres pages sur : holename exe regs exe virus

a b 8 Sécurité
25 Juin 2007 13:42:51

Bonjour,

Télécharge Clean.zip (de Malekal),
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.
25 Juin 2007 13:48:30

25/06/2007 a 13:47:58,03

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\spool\drivers\setup.exe FOUND
"C:\WINDOWS\Downloaded Program Files\CONFLICT.1" FOUND

*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\PartyGaming\" FOUND
"C:\Program Files\PokerStars\" FOUND
*** Fin du rapport !
Contenus similaires
a b 8 Sécurité
25 Juin 2007 13:52:31

Re,

Télécharge LopResearch.zip
Dézippe-le sur ton Bureau uniquement.
Ouvre le dossier LopResearch puis double-clique sur le Scan.bat.
Un rapport sera généré, poste son contenu ici.
25 Juin 2007 13:54:17

alors voila:

Rapport fait à 13:53:34,25 le 25/06/2007

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 886C-D19C

R‚pertoire de C:\Documents and Settings\Administrateur\Application Data

10/08/2006 12:47 62 desktop.ini
10/08/2006 12:47 <REP> ..
10/08/2006 12:47 <REP> Microsoft
10/08/2006 12:47 <REP> .
1 fichier(s) 62 octets
3 R‚p(s) 32112332800 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 886C-D19C

R‚pertoire de C:\Documents and Settings\administrator

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 886C-D19C

R‚pertoire de C:\Documents and Settings\All Users\Application Data

16/06/2007 18:43 <REP> for obj more curb
02/06/2007 16:36 <REP> {25F97EB4-1C02-45BA-BA0C-E67AACE64D4A}
30/05/2007 19:33 <REP> Bluetooth
02/10/2006 20:47 <REP> SmartCom
18/09/2006 17:46 <REP> Google
11/06/2006 16:02 <REP> Windows Genuine Advantage
05/04/2006 12:35 <REP> ScanSoft
20/02/2006 16:40 <REP> Skype
01/02/2006 14:33 <REP> GoldWaveCDDB
29/01/2006 15:22 1755 QTSBandwidthCache
29/01/2006 15:18 <REP> Apple Computer
27/09/2005 13:25 <REP> DVD Shrink
26/09/2005 15:12 <REP> nView_Profiles
25/09/2005 19:44 <REP> SSScanWizard
25/09/2005 19:44 <REP> SSScanAppDataDir
09/09/2005 20:00 <REP> Messenger Plus!
08/09/2005 14:36 <REP> Spybot - Search & Destroy
06/09/2005 16:08 62 desktop.ini
06/09/2005 16:07 <REP> Microsoft
06/09/2005 16:07 <REP> ..
06/09/2005 16:07 <REP> .
06/09/2005 15:10 <REP> Ahead
2 fichier(s) 1817 octets
20 R‚p(s) 32112328704 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 886C-D19C

R‚pertoire de C:\Documents and Settings\Default User\Application Data

06/09/2005 16:08 62 desktop.ini
06/09/2005 16:07 <REP> ..
06/09/2005 16:07 <REP> Microsoft
06/09/2005 16:07 <REP> .
1 fichier(s) 62 octets
3 R‚p(s) 32112332800 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 886C-D19C

R‚pertoire de C:\Documents and Settings\j‚r‚my

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 886C-D19C

R‚pertoire de C:\Documents and Settings\moi\Application Data

16/06/2007 18:43 <REP> Proxyanteping
11/04/2007 11:21 <REP> Autodesk
17/03/2007 14:38 <REP> Screenshot Sender
20/12/2006 20:51 <REP> Talkback
06/12/2006 19:29 <REP> Atari
23/11/2006 20:24 <REP> Mozilla
02/11/2006 21:03 <REP> Media Player Classic
30/09/2006 16:13 <REP> utorrent
05/09/2006 16:19 <REP> Azureus
24/07/2006 12:29 <REP> Shareaza
24/02/2006 06:00 <REP> Sun
24/02/2006 00:15 <REP> vlc
23/02/2006 23:32 <REP> dvdcss
20/02/2006 16:40 <REP> Skype
29/01/2006 15:19 <REP> Apple Computer
07/01/2006 20:43 <REP> Real
28/09/2005 13:39 <REP> Musicmatch
27/09/2005 19:44 <REP> Ahead
25/09/2005 19:54 <REP> Canon
25/09/2005 19:54 <REP> ArcSoft
25/09/2005 19:44 <REP> ScanSoft
18/09/2005 17:00 <REP> Microsoft Web Folders
18/09/2005 15:46 <REP> Help
15/09/2005 20:56 <REP> .clamwin
09/09/2005 20:21 <REP> Google
08/09/2005 18:15 <REP> Macromedia
06/09/2005 15:08 <REP> Adobe
06/09/2005 15:07 <REP> InterTrust
06/09/2005 14:33 <REP> Identities
06/09/2005 14:33 62 desktop.ini
06/09/2005 14:33 <REP> ..
06/09/2005 14:33 <REP> .
06/09/2005 14:33 <REP> Microsoft
1 fichier(s) 62 octets
32 R‚p(s) 32112328704 octets libres
******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 886C-D19C

R‚pertoire de C:\WINDOWS\Tasks

19/06/2007 12:02 330 MP Scheduled Scan.job
16/06/2007 19:05 254 A6540DBF915380BB.job
09/12/2006 21:29 356 muse.job
15/09/2005 20:55 236 Spybot - Search & Destroy - Scheduled Task.job
06/09/2005 14:33 6 SA.DAT
06/09/2005 14:26 65 desktop.ini
06/09/2005 14:26 <REP> ..
06/09/2005 14:26 <REP> .
6 fichier(s) 1ÿ247 octets
2 R‚p(s) 32ÿ112ÿ328ÿ704 octets libres

******************************************
Listing des dossiers dans C:\Program Files

Adobe
Ahead
Alwil Software
ArcSoft
ASUS
Atari
audiograbber
AutoCAD 2002 Fra
AutoCAD R14
AVIcodec
AviSynth 2.5
AvRack
Canon
CCleaner
ClamWin
ComPlus Applications
Core Design
Croteam
Data
DIFX
DVD Shrink
EA GAMES
eMule
ewido anti-spyware 4.0
FairUse Wizard 2
Fichiers communs
FileZilla
Free iPod Video Converter
GoldWave
Google
Google Video
Guitar Pro 5
Intel
Internet Explorer
IVT Corporation
Java
JS World
Lame
landgen.log
Magicbit
Marvell
Messenger
Messenger Plus! Live
Microids
Microsoft AntiSpyware
microsoft frontpage
Microsoft Games
Microsoft Money
Microsoft Office
Microsoft Visual Studio
Microsoft Works
Microsoft.NET
Movie Maker
Mozilla Firefox
MSN Gaming Zone
MSN Messenger
Musicmatch
NetMeeting
OfficeUpdate11
Online Services
OSM
Outlook Express
PartyGaming
PhotoFiltre
Picasa2
PokerStars
Proxyanteping
QuickTime
Real
Realtek Sound Manager
rew2.log
Ripp-it_AM
SAGEM
Sagem Photo Easy
ScanSoft
Services en ligne
Shareaza
SmartCom
Spybot - Search & Destroy
StuffPlug3
VideoLAN
Volo View Express
WellPhone DirectSync
WexTech
Windows Defender
Windows Live
Windows Media Connect 2
Windows Media Player
Windows NT
WinRAR
WinTV
xerox
XviD
Zone Labs
******************************************
Recherche des dossiers/fichiers LOP

C:\WINDOWS\tasks\A6540DBF915380BB.job Présent !
******************************************
Recherche d'infections connues

Pas d'infection reconnue
******************************************
Vérification du fichier HOSTS

Fichier Hosts : MODIFIE
*************** Fin du Rapport - Version 0.9 ****************
25 Juin 2007 13:54:59

a si une precision peut etre importante j'ai bloqué à l'aide de zone alarm ces deux programmes...
a b 8 Sécurité
25 Juin 2007 13:55:40

Lesquels ?
25 Juin 2007 13:56:37

holename . exe et regs 32.exe
a b 8 Sécurité
25 Juin 2007 14:00:47

Ok.

Fix les lignes en italique ci-dessous avec Hijackthis : AIDE EN IMAGES

O2 - BHO: XBTB06829 - {1D09A743-00ED-4713-BCC4-32D590D1087A} - C:\Program Files\Toolbar\like_googlenew1.1a.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Procesor Driver - {25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} - C:\Program Files\Toolbar\like_googlenew1.1a.dll
O4 - HKLM\..\Run: [morecurbdrawbike] C:\Documents and Settings\All Users\Application Data\for obj more curb\holename.exe
O4 - HKCU\..\Run: [01 amen] C:\DOCUME~1\moi\APPLIC~1\PROXYA~1\32 regs.exe
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)


&

Télécharge R-Hosts.exe (de S!ri)
Lance R-Hosts puis clique sur "Restaurer".
Valide la modification en appuyant sur OK.

&

Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
Sélectionne TOUS les emplacements en gras ci-dessous :

C:\Documents and Settings\All Users\Application Data\for obj more curb
C:\Documents and Settings\moi\Application Data\Proxyanteping
C:\Program Files\Proxyanteping
C:\WINDOWS\tasks\A6540DBF915380BB.job
C:\WINDOWS\system32\spool\drivers\setup.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.1
C:\Program Files\PartyGaming
C:\Program Files\PokerStars
C:\Program Files\Toolbar


---> Clique-droit puis Copier (ou Ctrl+C)

Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
Clique maintenant sur [#ff0000]MoveIt![/#f]

[#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.[/#f]

Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

->Informations sur le logiciel<-
25 Juin 2007 14:06:32

voila je crois que c'est, bon R-host ne confirme rien après c'est normal??
a b 8 Sécurité
25 Juin 2007 14:08:45

OtmoveIt ?
25 Juin 2007 14:09:54

avast me dis qu'il y a un cheval de troie au moçment je clique sur Moveit je fais quoi?
a b 8 Sécurité
25 Juin 2007 14:11:00

Ignore :) 
25 Juin 2007 14:20:21

Folder cleanup failed. C:\Documents and Settings\All Users\Application Data\for obj more curb scheduled to be deleted on reboot.
C:\Documents and Settings\moi\Application Data\Proxyanteping moved successfully.
C:\Program Files\Proxyanteping moved successfully.
C:\WINDOWS\tasks\A6540DBF915380BB.job moved successfully.
C:\WINDOWS\system32\spool\drivers\setup.exe moved successfully.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1 moved successfully.
C:\Program Files\PartyGaming\PartyPoker\Language\fr_FR\images moved successfully.
C:\Program Files\PartyGaming\PartyPoker\Language\fr_FR\Articles moved successfully.
C:\Program Files\PartyGaming\PartyPoker\Language\fr_FR moved successfully.
C:\Program Files\PartyGaming\PartyPoker\Language\en_US\images moved successfully.
C:\Program Files\PartyGaming\PartyPoker\Language\en_US\articles moved successfully.
C:\Program Files\PartyGaming\PartyPoker\Language\en_US moved successfully.
C:\Program Files\PartyGaming\PartyPoker\Language moved successfully.
C:\Program Files\PartyGaming\PartyPoker\Images moved successfully.
C:\Program Files\PartyGaming\PartyPoker moved successfully.
C:\Program Files\PartyGaming\PartyCasino\Language\en_US\Images\lobby moved successfully.
C:\Program Files\PartyGaming\PartyCasino\Language\en_US\Images\games\cardgames\multiplayerbj\multiplayerblackjack moved successfully.
C:\Program Files\PartyGaming\PartyCasino\Language\en_US\Images\games\cardgames\multiplayerbj moved successfully.
C:\Program Files\PartyGaming\PartyCasino\Language\en_US\Images\games\cardgames\blackjack\blackjack moved successfully.
C:\Program Files\PartyGaming\PartyCasino\Language\en_US\Images\games\cardgames\blackjack moved successfully.
C:\Program Files\PartyGaming\PartyCasino\Language\en_US\Images\games\cardgames moved successfully.
C:\Program Files\PartyGaming\PartyCasino\Language\en_US\Images\games moved successfully.
C:\Program Files\PartyGaming\PartyCasino\Language\en_US\Images moved successfully.
C:\Program Files\PartyGaming\PartyCasino\Language\en_US moved successfully.
C:\Program Files\PartyGaming\PartyCasino\Language\de_DE\images moved successfully.
C:\Program Files\PartyGaming\PartyCasino\Language\de_DE moved successfully.
C:\Program Files\PartyGaming\PartyCasino\Language moved successfully.
C:\Program Files\PartyGaming\PartyCasino\Images moved successfully.
C:\Program Files\PartyGaming\PartyCasino moved successfully.
C:\Program Files\PartyGaming\Language\fr_FR moved successfully.
C:\Program Files\PartyGaming\Language\en_US moved successfully.
C:\Program Files\PartyGaming\Language moved successfully.
C:\Program Files\PartyGaming\images moved successfully.
C:\Program Files\PartyGaming moved successfully.
C:\Program Files\PokerStars\update moved successfully.
C:\Program Files\PokerStars\ImgCache moved successfully.
C:\Program Files\PokerStars\Gx\usr moved successfully.
C:\Program Files\PokerStars\Gx\templates moved successfully.
C:\Program Files\PokerStars\Gx\ctrls moved successfully.
C:\Program Files\PokerStars\Gx moved successfully.
C:\Program Files\PokerStars\backup\Themes\default moved successfully.
C:\Program Files\PokerStars\backup\Themes moved successfully.
C:\Program Files\PokerStars\backup\Gx\templates moved successfully.
C:\Program Files\PokerStars\backup\Gx moved successfully.
C:\Program Files\PokerStars\backup moved successfully.
C:\Program Files\PokerStars moved successfully.
File/Folder C:\Program Files\Toolbar not found.

Created on 06/25/2007 14:09:47
a b 8 Sécurité
25 Juin 2007 14:26:11

Reposte un rapport Hijackthis.
25 Juin 2007 14:27:21

voila:

Logfile of HijackThis v1.99.1
Scan saved at 14:27:10, on 25/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sagem Photo Easy\AzAgent.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\moi\LOCALS~1\Temp\Rar$EX00.860\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AzAgent] "C:\Program Files\Sagem Photo Easy\AzAgent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WellPhone DirectSync - ScheduleSync] C:\PROGRA~1\WELLPH~1\SCHEDU~1.EXE
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\system32\mstask.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F831FA7-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Program Files\AutoCAD 2002 Fra\InstFred.ocx
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://jeremusicool.spaces.live.com//PhotoUpload/MsnPUp...
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Contrôle d'AcDcToday) - file://C:\Program Files\AutoCAD 2002 Fra\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {AE563727-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002 Fra\InstBanr.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Gestion d'AcPreview) - file://C:\Program Files\AutoCAD 2002 Fra\AcPreview.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E5CD956-A04D-4458-AD3B-2A28EE1B0CB7}: NameServer = 212.27.32.176,212.27.32.177
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

a b 8 Sécurité
25 Juin 2007 14:29:28

Ton pc se comporte mieux ?

  • Fais un scan en ligne Kaspersky avec Internet Explorer :
  • Clique sur
  • Clique maintenant sur J'accepte.
  • Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
  • Patiente pendant l'installation des Mises à jour.
  • Choisis par la suite l'analyse du Poste de travail
  • Sauvegarde puis colle le rapport généré en fin d'analyse.

    AIDE : Tuto sur le scan en ligne

    NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
    25 Juin 2007 14:30:23

    ok merci beaucoup
    Mais c'été bien des virus alors ces deux programmes?
    a b 8 Sécurité
    25 Juin 2007 15:00:24

    Apparemment :) 
    25 Juin 2007 15:02:49

    ok ben merci beaucoup alors^^
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS