Virus Radioactif BESOIN D'AIDE !!!! ( Probleme Fond écran rouge + virus ) [ RESOLU ]

C:\Program Files\wcyxcmzf moved successfully.
C:\Program Files\PokerStars.NET\update moved successfully.
C:\Program Files\PokerStars.NET\Themes\techno\label moved successfully.
C:\Program Files\PokerStars.NET\Themes\techno\ctrls moved successfully.
C:\Program Files\PokerStars.NET\Themes\techno moved successfully.
C:\Program Files\PokerStars.NET\Themes\simple\label moved successfully.
C:\Program Files\PokerStars.NET\Themes\simple moved successfully.
C:\Program Files\PokerStars.NET\Themes\preview moved successfully.
C:\Program Files\PokerStars.NET\Themes\azure\label moved successfully.
C:\Program Files\PokerStars.NET\Themes\azure\ctrls moved successfully.
C:\Program Files\PokerStars.NET\Themes\azure moved successfully.
C:\Program Files\PokerStars.NET\Themes\&default moved successfully.
C:\Program Files\PokerStars.NET\Themes moved successfully.
C:\Program Files\PokerStars.NET\Snd moved successfully.
C:\Program Files\PokerStars.NET\ImgCache moved successfully.
C:\Program Files\PokerStars.NET\Gx\usr moved successfully.
C:\Program Files\PokerStars.NET\Gx\templates moved successfully.
C:\Program Files\PokerStars.NET\Gx\lobby\en moved successfully.
C:\Program Files\PokerStars.NET\Gx\lobby moved successfully.
C:\Program Files\PokerStars.NET\Gx\label moved successfully.
C:\Program Files\PokerStars.NET\Gx\fonts moved successfully.
C:\Program Files\PokerStars.NET\Gx\ctrls moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\simple\6 moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\simple\5 moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\simple\4 moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\simple\3 moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\simple\2 moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\simple\1 moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\simple\0 moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\simple moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\large\6 moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\large\5 moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\large\4 moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\large\3 moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\large\2 moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\large\1 moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\large\0 moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\large moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\default\6 moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\default\5 moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\default\4 moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\default\3 moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\default\2 moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\default\1 moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\default\0 moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\default moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\chips\6 moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\chips\5 moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\chips\4 moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\chips\3 moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\chips\2 moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\chips\1 moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\chips\0 moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\chips moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck moved successfully.
C:\Program Files\PokerStars.NET\Gx moved successfully.
C:\Program Files\PokerStars.NET moved successfully.

Created on 10/21/2007 02:05:12


Accidentellement j'ai apuyer sur " Clean it " aussi :s et sa m'as donné sa apres :

File/Folder C:\Program Files\wcyxcmzf not found.
File/Folder C:\Program Files\PokerStars.NET not found.

Created on 10/21/2007 02:07:23

salut à toi
c'est bon pour OTmoveIt.

Refais un nouveau hijack.

Salut toi aussi Plus ;)




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:26:22, on 21/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Gamesurround Fortissimo 4 mixer\EnMixCPL.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MICROA~1\SCURIT~1\ANTI-V~1\ANTI-S~1\OESpamTest.ExE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Hacker\KAVPF.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\spider.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\voillon\Mes documents\Test.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {409AF909-76FA-9B47-8162-0A30D19978A1} - C:\Program Files\wcyxcmzf\kmwnzxcy.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\Gamesurround Fortissimo 4 mixer\EnMixCPL.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PKR Pal] "C:\Program Files\PKR\pkrpal.exe" -osboot
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Virus\kav.exe" /minimize
O4 - HKLM\..\Run: [OESpamTest] C:\PROGRA~1\MICROA~1\SCURIT~1\ANTI-V~1\ANTI-S~1\OESpamTest.ExE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Anti-Hacker.lnk = ?
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://88.191.51.249/fichiers/hardwaredetection/hardwaredetection_2_0_4_9.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{216F7648-5F5D-411A-9589-CA33E5B938B4}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{216F7648-5F5D-411A-9589-CA33E5B938B4}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{216F7648-5F5D-411A-9589-CA33E5B938B4}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: hstsys - {0A480620-197C-44B6-B994-914E5F773307} - C:\WINDOWS\hstsys.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\WINDOWS\system32\agrsmsvc.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Anti-Virus Service (kavsvc) - Kaspersky Labs Ltd. - C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Virus\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 10080 bytes

hey sonado alors cet album as du succès ?

lance hijack et coche

O21 - SSODL: hstsys - {0A480620-197C-44B6-B994-914E5F773307} - C:\WINDOWS\hstsys.dll (file missing)

fix checked

Dans hijack
= Open the misc tools section
= Delete a file on reboot
= coller dans la case ce texte en gras : C:\WINDOWS\hstsys.dll
= ok

relancer hijack
"Do A System Scan Only"

cocher ces lignes et clic ensuite sur FIX CHECKED


O2 - BHO: (no name) - {409AF909-76FA-9B47-8162-0A30D19978A1} - C:\Program Files\wcyxcmzf\kmwnzxcy.dll (file missing)

O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (file missing)


O21 - SSODL: hstsys - {0A480620-197C-44B6-B994-914E5F773307} - C:\WINDOWS\hstsys.dll (file missing)

O24 - Desktop Component 0: Privacy Protection - (no file)

as tu encore des soucis ?

Salut The Game :)

oui mon album c'est télécharger a + de 10 000 téléchargements alors sa va :) je me plaint pas !!! J'ai fais tout ce que tu m'as dis .

Jacko j'ai fais tout ce que tu m'as dis sauf pour le dernier le " O24 " il veut pas ce supprimer a chaque scan de Hijack il revient .

Puis a la place de mon fond d'écran j'ai comme un explorateur quand jve changer de fond " Clic droit propriété " il me dis que c'est pas le bureau mais " Internet explorer "


Ajout du 21-10-2007 à 18:30:

Télécharger sur le bureau
SdFix
= Double-clic SDFix.
= Clic Install
------
= Redémarrer en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
Attention, pas d’accès à internet dans ce mode. Enregistrer ou imprimer les consignes. Relancer le Pc et tapoter la touche F8 ( ou F5, 2 ou 4 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionner Mode sans échec ==> entrée ==>nom utilisateur habituel
--------
= Double-clic sur le nouveau dossier SDFix
= Double-clic RunThis
= Presser Y
= A l’invitation ==> appuyer sur une touche pour redémarrer
= Redémarrage ( qui sera plus long ,car nettoyage en cours )
Continuer si un message d’erreurs apparaît ,dans ce cas aller directement au rapport dans SDfix
= apparition de Finished
= Appuyer sur une touche
= Dans SDFix , un rapport Report.
= Copier/coller le rapport dans la réponse

SDFix: Version 1.110

Run by Administrateur on 21/10/2007 at 18:56

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\hostctrl.dll - Deleted
C:\WINDOWS\nmcuninstall.exe - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Mon 1 Oct 2007 303,104 A..H. --- "C:\Valve\Condition Zero\Hypnotick Hook.dll"
Sat 28 Jul 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 27 Jul 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished!



Ajout du 21-10-2007 à 19:14:

Ps : Quand j'allume pc au tout début mon bureau redevient normal pendant 5 a 10 secondes puis sa redevient comme sur la photo .

il faut être sur que l'infection smitfraud a été nettoyé

Télécharger sur le bureau
Smitfraudfix
=Double clic sur SmitfraudFix.zip
= Extraire tout
=Double clic sur SmitfraudFix
= Double Clic sur SmitfraudFix.cmd
=Choisir Option 1
= Sauver le rapport

SmitFraudFix v2.240

Rapport fait à 19:47:01,42, 21/10/2007
Executé à partir de C:\Documents and Settings\voillon\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Gamesurround Fortissimo 4 mixer\EnMixCPL.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\MICROA~1\SCURIT~1\ANTI-V~1\ANTI-S~1\OESpamTest.ExE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Micro Application\Sécurité Internet\Anti-Virus Perso & Pro\Anti-Hacker\KAVPF.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Everest Poker\Everest Poker.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\voillon


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\voillon\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\voillon\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"=""
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Carte Fast Ethernet PCI de base SiS 900 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{216F7648-5F5D-411A-9589-CA33E5B938B4}: NameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{216F7648-5F5D-411A-9589-CA33E5B938B4}: NameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{216F7648-5F5D-411A-9589-CA33E5B938B4}: NameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin