Forum Clubic

Msn et IE se ferme automatiquement

Bonjour
Depuis quelque jours, j ai un gros souci avec Internet Explorer et Msn live messenger.Quand je les lance ils se ferment automatiquement. J’ai lancé un scan de mon antivirus avast, un scan online (celui de norton), lancer spybot, rien d’anormal n’a été trouvé.
Je vous donne mes logs cré par Hijack. Merci de bien vouloir m’aider

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:16, on 29/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\VMware\VMware Workstation\hqtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM…\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM…\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM…\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM…\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM…\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe”
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM…\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM…\Run: [VMware hqtray] “C:\Program Files\VMware\VMware Workstation\hqtray.exe”
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background
O4 - HKCU…\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033
O4 - HKCU…\Run: [VoipStunt] “C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe” -nosplash -minimized
O4 - HKCU…\Run: [Voipwise] “C:\Program Files\Voipwise.com\Voipwise\Voipwise.exe” -nosplash -minimized
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE…
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - security.symantec.com…
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - www.slide.com…
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - download.bitdefender.com…
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - security.symantec.com…
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - update.videoegg.com…
O17 - HKLM\System\CCS\Services\Tcpip…{A959F196-266B-4E23-A4C7-ED9FE92630EC}: NameServer = 192.168.0.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe


End of file - 8836 bytes

Logs avec Combofix

ComboFix 07-11-19.4C - yang 2007-11-29 11:39:21.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.144 [GMT 1:00]
Running from: C:\Documents and Settings\yang\Bureau\ComboFix.exe

  • Created a new restore point
    .

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\myglobalsearch

.
((((((((((((((((((((((((((((( Fichiers créés 2007-10-28 to 2007-11-29 ))))))))))))))))))))))))))))))))))))
.

2007-11-29 11:05 d-------- C:\f09cfff8d0bb4ffb2f
2007-11-28 21:09 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-11-28 19:05 d-------- C:\Program Files\Panda Security
2007-11-28 18:57 d-------- C:\Program Files\Trend Micro
2007-11-27 19:32 d-------- C:\Program Files\Voipwise.com
2007-11-14 16:53 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-11-14 16:53 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-11-14 16:53 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-11-10 17:40 d-------- C:\bouulot

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-29 10:29 --------- d-----w C:\Documents and Settings\yang\Application Data\VMware
2007-11-29 10:28 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
2007-11-29 10:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware
2007-11-28 15:24 --------- d-----w C:\Program Files\FlashGet
2007-11-27 19:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-27 18:35 --------- d–h--w C:\Program Files\InstallShield Installation Information
2007-11-27 18:34 --------- d-----w C:\Documents and Settings\yang\Application Data\Voipwise
2007-11-06 17:30 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-10-16 08:12 --------- d-----w C:\Documents and Settings\yang\Application Data\U3
2007-10-15 11:16 --------- d-----w C:\Program Files\WinSCP
2007-10-12 21:46 --------- d-----w C:\Program Files\BitComet
2007-10-05 18:02 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll
2007-10-05 18:01 --------- d-----w C:\Program Files\Auralog
2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-27 07:01 268 —ha-w C:\Program Files\sqmdata00.sqm
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-19 15:09]
“MsnMsgr”=“C:\Program Files\MSN Messenger\MsnMsgr.exe” [2007-01-19 12:55]
“SuperCopier2.exe”=“C:\Program Files\SuperCopier2\SuperCopier2.exe” [2006-07-07 17:45]
“DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2007-04-03 23:29]
“VoipStunt”=“C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe” []
“Voipwise”=“C:\Program Files\Voipwise.com\Voipwise\Voipwise.exe” [2007-09-06 11:24]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“SoundMan”=“SOUNDMAN.EXE” [2003-05-14 06:20 C:\WINDOWS\SOUNDMAN.EXE]
“ATIModeChange”=“Ati2mdxx.exe” [2001-09-04 09:24 C:\WINDOWS\system32\Ati2mdxx.exe]
“ATIPTA”=“C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2003-07-24 16:45]
“SynTPLpr”=“C:\Program Files\Synaptics\SynTP\SynTPLpr.exe” [2002-11-15 10:40]
“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2002-11-18 02:34]
“LManager”=“C:\PROGRA~1\LAUNCH~1\QtZpAcer.EXE” [2004-07-14 15:48]
“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2006-09-01 14:57]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” [2007-03-14 02:43]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-09-06 11:06]
“PWRISOVM.EXE”=“C:\Program Files\PowerISO\PWRISOVM.EXE” [2007-08-07 01:05]
“vmware-tray”=“C:\Program Files\VMware\VMware Workstation\vmware-tray.exe” [2007-05-01 21:52]
“VMware hqtray”=“C:\Program Files\VMware\VMware Workstation\hqtray.exe” [2007-05-01 21:52]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2004-08-19 15:09]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\12Voip]
C:\Program Files\12Voip.com\12Voip\12Voip.exe -nosplash -minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
C:\Program Files\BearShare\BearShare.exe /pause

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipStunt]
C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe -nosplash -minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Voipwise]
C:\Program Files\Voipwise.com\Voipwise\Voipwise.exe -nosplash -minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2006-11-21 18:38 35328 --a------ C:\Program Files\Winamp\winampa.exe

R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver;??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
R3 DKbFltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\system32\Drivers\DKbFltr.sys
R3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS
R3 vmkbd;VMware kbd;??\C:\WINDOWS\system32\drivers\VMkbd.sys
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;??\C:\WINDOWS\system32\NSNDIS5.SYS
S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys
S3 SjyPkt;SjyPkt;??\C:\WINDOWS\System32\Drivers\SjyPkt.sys
S3 ufad-ws60;VMware Agent Service;“C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe” -d “C:\Program Files\VMware\VMware Workstation\” -s ufad-p2v.xml

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

Newly Created Service - CATCHME
.


catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2007-11-29 11:41:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0


.
Completion time: 2007-11-29 11:43:14
.
— E O F —

Bonsoir
J’ai regardé vite fait votre log HiJackThis, rien m’a l’air de suspect.
Le moyen le plus simple ça serait de changer vortre Anti-Virus. Si vous avez un autre PC avec internet, téléchargez AntiVir PE Classic, mettez-le sur un disque amovible (ex.:clé USB), désinstallez Avast! sur le PC infecté et installez AntiVir qui est gratuit et beaucoup plus efficace qu’Avast!. Faites un scan complet du disque dur, et supprimez ce qu’AntiVir trouve (ou mettez les fichiers infectés en quarantaine si vous n’êtes pas sûr).
Edité le 29/11/2007 à 18:52

regardre dans panneau de configuration - outils d’administration - journal des evenements .

et donne les messages d’erreurs correspondantes à ton prob.
a+

Merci je vais tester vos recommendations et je vous tiens au courant =P

Bonjour
Votre problème est-il réparé ???
MERCI DE REPONDRE CE QUI EST LA MOINDRE DES CHOSES !!!