Aller au contenu

logilan

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    11

  • Inscription

  • Dernière visite

logilan's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. logilan
    Merci pour tout !! Ça a été laborieux mais on y est arrivé Une petite question: Si j'avais eu un module résident, aurais je pu bloquer le malware avant l'infection ? Car tant AVG que SpyBot (scan post infection) n'ont rien pu faire et ont servi à rien contre le malware que j'ai choppé.
  2. logilan
    Non, je ne détecte aucun symptôme d'infection de mon côté. J'ai executé GMER et après le scan il indique qu'il n'a trouvé aucune modification du système. Et quand je vais Copier/Coller, il n'a aucune donnée a coller.
  3. logilan
    Ok. Voila le rapport HijackThis 2.02: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:06:24, on 12/09/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Creative\Video Converter\CtConvU.exe C:\PROGRA~1\Creative\SHARED~1\OpaQManU.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: BJ Status Monitor Canon i865.lnk = ? O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe -- End of file - 8817 bytes
  4. logilan
    Voici le nouveau rapport HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 17:43:16, on 12/09/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Creative\Video Converter\CtConvU.exe C:\PROGRA~1\Creative\SHARED~1\OpaQManU.exe C:\Documents and Settings\Administrateur\Bureau\hijackthis_sfx\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: BJ Status Monitor Canon i865.lnk = ? O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
  5. logilan
    Ça y est !! Après 62 heures ! J'ai eu du mal a supprimer LVPrcSrv.exe, car ma mère a qui j'avais dit d'ouvrir le Gestionnaire des Taches en avait ouvert plus de 50 et il m'a fallu des heures pour tous les fermer Le ComboFix a produit son rapport, ensuite l'écran est resté bleu mais j'ai redémarré et tout fonctionne. Me conseillez vous d'ajouter le résident TeaTimer de Spybot et/ou le firewall Look n'Stop pour compléter mon antivirus AVG et empêcher ce type d'infection? Je colle le rapport ComboFix: ComboFix 08-09-05.12 - Administrateur 2008-09-09 22:58:26.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.497 [GMT 2:00] Endroit: C:\Documents and Settings\Administrateur\Bureau\combo-fix.exe * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . ADS - system32: deleted 118856 bytes in 2 streams. (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\AutoRun.inf C:\WINDOWS\system32\csrcs.exe C:\WINDOWS\system32\ekrn.exe . ((((((((((((((((((((((((((((( Fichiers créés 2008-08-09 to 2008-09-09 )))))))))))))))))))))))))))))))))))) . 2008-09-09 20:58 . 2008-09-09 20:58 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Creative 2008-09-08 21:34 . 2008-09-08 21:34 0 -rahs---- C:\khq 2008-09-08 21:30 . 2008-09-09 17:42 619,483 --a------ C:\Documents and Settings\Administrateur\LiveUpdate.exe 2008-09-08 19:49 . 2008-09-08 19:54 <REP> d-------- C:\Program Files\PokerStars 2008-09-03 18:26 . 2008-09-03 18:26 <REP> d-------- C:\Program Files\Fichiers communs\Creative 2008-09-03 18:26 . 2008-09-03 18:27 <REP> d--h----- C:\Program Files\Creative Installation Information 2008-09-03 18:26 . 2008-09-03 18:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Creative 2008-09-03 18:22 . 2008-09-03 18:22 <REP> d-------- C:\Program Files\Windows Media Connect 2 2008-09-03 17:40 . 2008-09-03 18:27 <REP> d-------- C:\Program Files\Creative 2008-09-03 00:33 . 2006-08-17 08:11 18,804,736 --a------ C:\WINDOWS\system32\alsndmgr.cpl 2008-09-03 00:33 . 2006-08-10 07:27 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe 2008-09-03 00:33 . 2006-08-18 13:52 4,017,536 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys 2008-09-03 00:33 . 2006-08-03 05:12 577,536 --a------ C:\WINDOWS\soundman.exe 2008-09-03 00:33 . 2006-08-01 14:58 143,360 --a------ C:\WINDOWS\system32\RtlCPAPI.dll 2008-09-03 00:33 . 2002-02-05 13:54 141,016 --a------ C:\WINDOWS\system32\alsndmgr.wav 2008-09-03 00:33 . 2006-08-01 15:02 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe 2008-09-03 00:31 . 2008-09-03 00:31 <REP> d-------- C:\Program Files\Realtek Sound Manager 2008-09-03 00:31 . 2008-09-03 00:31 <REP> d-------- C:\Program Files\Realtek AC97 2008-09-03 00:31 . 2008-09-03 00:31 <REP> d-------- C:\Program Files\AvRack 2008-09-03 00:31 . 2006-07-31 11:19 315,392 --a------ C:\WINDOWS\alcupd.exe 2008-09-03 00:31 . 2006-07-31 11:27 217,088 --a------ C:\WINDOWS\alcrmv.exe 2008-09-03 00:31 . 2001-07-06 00:19 164 --a------ C:\WINDOWS\avrack.ini 2008-09-03 00:18 . 2005-08-18 16:52 289,792 --a------ C:\WINDOWS\system32\idecoi.dll 2008-09-03 00:18 . 2005-08-18 16:52 93,568 --a------ C:\WINDOWS\system32\drivers\nvata.sys 2008-09-03 00:17 . 2008-09-03 00:17 <REP> d-------- C:\WINDOWS\NV11361720.TMP 2008-09-03 00:17 . 2008-03-25 11:47 200,704 --a------ C:\WINDOWS\system32\fdco1ins.dll 2008-09-03 00:17 . 2008-04-13 19:09 68,608 --a------ C:\WINDOWS\system32\drivers\pci.sys 2008-09-03 00:17 . 2008-03-25 11:46 9,216 --a------ C:\WINDOWS\system32\bdco1ins.dll 2008-09-03 00:05 . 2005-08-18 16:52 289,792 --a------ C:\WINDOWS\system32\idecoins.dll 2008-09-03 00:05 . 2006-01-23 11:48 176,128 --------- C:\WINDOWS\system32\nvuide.exe 2008-09-03 00:05 . 2005-08-03 13:52 33,280 --a------ C:\WINDOWS\system32\NVCOI.DLL 2008-09-03 00:05 . 2005-06-29 23:26 1,537 --------- C:\WINDOWS\system32\nvide.nvu 2008-09-02 11:19 . 2008-09-02 11:19 <REP> d-------- C:\WINDOWS\system32\LogFiles 2008-09-02 11:19 . 2008-09-03 18:30 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-09-02 11:17 . 2008-09-02 11:17 <REP> d-------- C:\Program Files\WMSDK 2008-09-02 01:30 . 2001-11-23 12:08 712,704 --a------ C:\WINDOWS\system\a3d.dll 2008-09-02 01:29 . 2008-03-03 18:25 1,405,632 --a------ C:\WINDOWS\system32\drivers\cmudax3.sys 2008-09-02 00:31 . 2008-09-02 00:31 <REP> d-------- C:\Program Files\C-Media 2008-09-02 00:31 . 2002-07-12 16:33 1,581,056 --a------ C:\WINDOWS\mixer.exe 2008-09-02 00:31 . 2000-10-20 18:28 765,952 --a------ C:\WINDOWS\system\crlds3d.dll 2008-09-02 00:31 . 2001-11-23 12:08 712,704 --a------ C:\WINDOWS\system32\Audio3D.dll 2008-09-02 00:31 . 2002-07-16 10:58 379,726 --a------ C:\WINDOWS\system32\drivers\cmaudio.sys 2008-09-02 00:31 . 2002-07-11 11:24 139,264 --a------ C:\WINDOWS\cmuninst.exe 2008-09-02 00:31 . 2008-09-02 00:33 36,932 --a------ C:\WINDOWS\cmijack.dat 2008-09-02 00:31 . 2002-03-29 14:52 32,768 --a------ C:\WINDOWS\system32\cmnprop.dll 2008-09-02 00:31 . 2002-07-16 20:33 20,333 --a------ C:\WINDOWS\cmaudio.dat 2008-09-01 23:17 . 2008-09-01 23:17 <REP> d-------- C:\Program Files\Lavalys 2008-09-01 22:55 . 2008-04-13 11:46 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys 2008-09-01 22:55 . 2008-04-13 11:46 11,136 --a--c--- C:\WINDOWS\system32\dllcache\slip.sys 2008-09-01 19:59 . 2008-04-13 11:46 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys 2008-09-01 19:59 . 2008-04-13 11:46 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys 2008-09-01 19:59 . 2008-04-13 11:39 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys 2008-09-01 19:59 . 2008-04-13 11:39 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys 2008-09-01 19:58 . 2008-04-13 11:46 85,248 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys 2008-09-01 19:58 . 2008-04-13 11:46 85,248 --a--c--- C:\WINDOWS\system32\dllcache\nabtsfec.sys 2008-09-01 19:58 . 2008-04-13 11:46 19,200 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS 2008-09-01 19:58 . 2008-04-13 11:46 19,200 --a--c--- C:\WINDOWS\system32\dllcache\wstcodec.sys 2008-09-01 19:58 . 2008-04-13 19:34 16,384 --a------ C:\WINDOWS\system32\ipsink.ax 2008-09-01 19:58 . 2008-04-13 19:34 16,384 --a--c--- C:\WINDOWS\system32\dllcache\ipsink.ax 2008-09-01 19:58 . 2008-04-13 11:46 15,232 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys 2008-09-01 19:58 . 2008-04-13 11:46 15,232 --a--c--- C:\WINDOWS\system32\dllcache\streamip.sys 2008-09-01 19:57 . 2008-04-13 11:46 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys 2008-09-01 19:57 . 2008-04-13 11:46 17,024 --a--c--- C:\WINDOWS\system32\dllcache\ccdecode.sys 2008-09-01 18:44 . 2007-02-26 20:30 36,864 --a------ C:\WINDOWS\system32\cmudax3.DLL 2008-09-01 18:26 . 2008-04-13 11:45 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys 2008-09-01 18:26 . 2008-04-13 11:45 10,624 --a--c--- C:\WINDOWS\system32\dllcache\gameenum.sys 2008-09-01 18:25 . 2008-09-02 00:41 25 --a------ C:\WINDOWS\mixerdef.ini 2008-09-01 11:07 . 2006-04-03 16:41 28,064 --a------ C:\WINDOWS\system32\ADPDF8.PPD 2008-08-31 22:24 . 2008-09-02 00:26 <REP> d-------- C:\Program Files\Acro Software 2008-08-31 22:04 . 2008-08-31 22:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-08-31 21:55 . 2008-08-31 21:55 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Media Player Classic 2008-08-31 21:54 . 2008-08-31 21:54 <REP> d-------- C:\Program Files\K-Lite Codec Pack 2008-08-31 21:52 . 2008-09-04 10:57 1,035,835 --a------ C:\WINDOWS\setupapi.log.3.old 2008-08-31 19:18 . 2008-09-01 00:10 <REP> d-------- C:\Program Files\SopCast 2008-08-31 15:41 . 2008-08-31 15:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision 2008-08-31 15:40 . 2008-08-31 15:40 <REP> d-------- C:\Program Files\Fichiers communs\Macromedia Shared 2008-08-31 15:24 . 2008-08-31 15:40 <REP> d-------- C:\Program Files\Macromedia 2008-08-31 15:24 . 2008-08-31 15:26 <REP> d-------- C:\Program Files\Fichiers communs\Macromedia 2008-08-31 12:19 . 2008-04-13 11:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-08-31 12:19 . 2008-04-13 11:47 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys 2008-08-30 17:52 . 2008-08-30 17:52 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\VoipStunt 2008-08-30 17:51 . 2008-08-30 17:51 <REP> d-------- C:\Program Files\VoipStunt.com 2008-08-29 18:21 . 2008-06-04 16:29 446,464 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2008-08-29 18:21 . 2006-01-23 11:48 176,128 --a------ C:\WINDOWS\system32\nvusmb.exe 2008-08-29 18:21 . 2005-02-08 14:26 1,231 --a------ C:\WINDOWS\system32\nvsmb.nvu 2008-08-29 16:55 . 2008-08-29 16:55 <REP> d-------- C:\Program Files\Spybot - Search & Destroy 2008-08-29 16:55 . 2008-09-09 17:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-29 16:47 . 2008-08-29 16:47 <REP> d-------- C:\Program Files\CCleaner 2008-08-29 16:35 . 2008-08-29 16:35 <REP> d-------- C:\Program Files\uTorrent 2008-08-29 16:09 . 2008-08-29 16:35 <REP> d-------- C:\WINDOWS\LastGood(3) 2008-08-29 16:09 . 2008-08-29 16:09 <REP> d-------- C:\Program Files\Fichiers communs\NVIDIA Shared 2008-08-29 16:09 . 2008-04-13 19:34 23,552 --a------ C:\WINDOWS\system32\wdmaud(9).drv 2008-08-29 16:09 . 2008-04-13 19:34 23,552 --a------ C:\WINDOWS\system32\wdmaud(.drv 2008-08-29 16:09 . 2008-04-13 19:34 23,552 --a------ C:\WINDOWS\system32\wdmaud(7).drv 2008-08-29 16:09 . 2008-04-13 19:34 23,552 --a------ C:\WINDOWS\system32\wdmaud(11).drv 2008-08-29 16:09 . 2008-04-13 19:34 23,552 --a------ C:\WINDOWS\system32\wdmaud(10).drv 2008-08-29 15:11 . 2008-08-29 16:37 <REP> d-------- C:\WINDOWS\system32\URTTemp 2008-08-29 15:09 . 2007-12-21 04:35 3,107,788 --a------ C:\WINDOWS\system32\ativvaxx.dat 2008-08-29 15:09 . 2007-12-21 04:35 3,107,788 --a------ C:\WINDOWS\system32\ativva5x.dat 2008-08-29 15:09 . 2007-12-21 04:35 887,724 --a------ C:\WINDOWS\system32\ativva6x.dat 2008-08-29 15:09 . 2007-11-20 10:23 11,874 --a------ C:\WINDOWS\atiogl.xml 2008-08-29 15:09 . 2007-08-31 16:20 7,167 --a------ C:\WINDOWS\system32\atifglpf.xml 2008-08-29 15:09 . 2008-08-29 15:01 0 --a------ C:\WINDOWS\system32\atiicdxx.dat 2008-08-29 12:46 . 2008-08-29 12:46 <REP> d-------- C:\WINDOWS\system32\Lang 2008-08-29 12:46 . 2008-08-29 12:46 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav 2008-08-29 12:46 . 2008-08-29 12:46 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav 2008-08-29 12:38 . 2008-09-09 23:40 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\uTorrent 2008-08-29 12:32 . 2008-08-29 18:16 <REP> d-------- C:\Program Files\NVIDIA 2008-08-29 12:22 . 2008-08-29 12:22 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InstallShield 2008-08-29 12:01 . 2008-04-13 12:17 83,072 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys 2008-08-29 12:01 . 2008-04-13 12:17 83,072 --a--c--- C:\WINDOWS\system32\dllcache\wdmaud.sys 2008-08-29 12:01 . 2008-04-13 11:39 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys 2008-08-29 12:01 . 2008-04-13 11:39 7,552 --a--c--- C:\WINDOWS\system32\dllcache\mskssrv.sys 2008-08-29 12:01 . 2008-04-13 11:39 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2008-08-29 12:01 . 2008-04-13 11:39 5,376 --a--c--- C:\WINDOWS\system32\dllcache\mspclock.sys 2008-08-29 12:01 . 2008-04-13 11:39 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys 2008-08-29 12:01 . 2008-04-13 11:39 4,992 --a--c--- C:\WINDOWS\system32\dllcache\mspqm.sys 2008-08-29 11:59 . 2008-04-13 11:45 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys 2008-08-29 11:59 . 2008-04-13 11:45 2,944 --a--c--- C:\WINDOWS\system32\dllcache\drmkaud.sys 2008-08-29 11:58 . 2008-04-13 09:39 142,592 --a------ C:\WINDOWS\system32\drivers\aec.sys 2008-08-29 11:58 . 2008-04-13 09:39 142,592 --a--c--- C:\WINDOWS\system32\dllcache\aec.sys 2008-08-29 11:58 . 2008-04-13 11:45 56,576 --a------ C:\WINDOWS\system32\drivers\swmidi.sys 2008-08-29 11:58 . 2008-04-13 11:45 56,576 --a--c--- C:\WINDOWS\system32\dllcache\swmidi.sys 2008-08-29 11:58 . 2008-04-13 11:45 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys 2008-08-29 11:58 . 2008-04-13 11:45 52,864 --a--c--- C:\WINDOWS\system32\dllcache\dmusic.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-10 11:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-09-10 06:33 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\AVG7 2008-09-03 16:27 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-02 09:24 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Canon 2008-09-01 22:14 --------- d-----w C:\Program Files\LogMeIn 2008-09-01 18:25 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Skype 2008-09-01 18:00 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\skypePM 2008-09-01 17:57 --------- d-----w C:\Program Files\Fichiers communs\logishrd 2008-09-01 17:50 --------- d-----w C:\Program Files\Logitech 2008-08-29 16:09 --------- d-----w C:\Program Files\Google 2008-08-29 10:17 --------- d-----w C:\Program Files\ma-config.com 2008-08-29 10:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\ma-config.com 2008-08-14 09:14 --------- d-----w C:\Program Files\eMule 2008-08-01 04:58 253,952 ----a-w C:\WINDOWS\system32\SET7E.tmp 2008-08-01 04:58 253,952 ----a-w C:\WINDOWS\system32\SET61.tmp 2008-08-01 04:32 311,296 ----a-w C:\WINDOWS\system32\SET6C.tmp 2008-08-01 04:32 311,296 ----a-w C:\WINDOWS\system32\SET2F.tmp 2008-08-01 04:23 184,320 ----a-w C:\WINDOWS\system32\SET78.tmp 2008-08-01 04:23 184,320 ----a-w C:\WINDOWS\system32\SET52.tmp 2008-08-01 04:22 43,520 ----a-w C:\WINDOWS\system32\SET7A.tmp 2008-08-01 04:22 43,520 ----a-w C:\WINDOWS\system32\SET58.tmp 2008-08-01 04:22 143,360 ----a-w C:\WINDOWS\system32\SET76.tmp 2008-08-01 04:22 143,360 ----a-w C:\WINDOWS\system32\SET4F.tmp 2008-08-01 04:21 573,440 ----a-w C:\WINDOWS\system32\SET74.tmp 2008-08-01 04:21 573,440 ----a-w C:\WINDOWS\system32\SET4C.tmp 2008-08-01 04:10 3,917,568 ----a-w C:\WINDOWS\system32\SET70.tmp 2008-08-01 04:10 3,917,568 ----a-w C:\WINDOWS\system32\SET38.tmp 2008-08-01 03:59 2,183,552 ----a-w C:\WINDOWS\system32\SET72.tmp 2008-08-01 03:59 2,183,552 ----a-w C:\WINDOWS\system32\SET3B.tmp 2008-08-01 03:42 376,832 ----a-w C:\WINDOWS\system32\SET7C.tmp 2008-08-01 03:42 376,832 ----a-w C:\WINDOWS\system32\SET5B.tmp 2008-08-01 03:34 561,152 ----a-w C:\WINDOWS\system32\SET6E.tmp 2008-08-01 03:34 561,152 ----a-w C:\WINDOWS\system32\SET32.tmp 2008-07-25 08:34 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-07-25 08:34 683,520 ----a-w C:\WINDOWS\system32\divx.dll 2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR 2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 15:10 670,208 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-12 18:36 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll 2008-01-13 19:35 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2003-06-13 05:00 12,800 ----a-w C:\Documents and Settings\Administrateur\cnmss Canon i865 (Local).exe 2007-08-09 12:08 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll 2007-08-09 12:10 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-18 579584] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-13 219136] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Docteur Club Internet.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Docteur Club Internet.lnk backup=C:\WINDOWS\pss\Docteur Club Internet.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^LUMIX Simple Viewer.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\LUMIX Simple Viewer.lnk backup=C:\WINDOWS\pss\LUMIX Simple Viewer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] --a------ 2008-01-11 19:54 623992 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-09-20 16:35 202024 C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD] --a------ 2003-01-27 18:16 376912 C:\Program Files\BroadJump\Client Foundation\CFD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneV] --a------ 2007-04-26 15:50 24576 C:\Program Files\Gigabyte\ET5\ETcall.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager] --a------ 2006-06-26 09:46 497200 C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] --a------ 2006-06-26 10:34 614960 C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI] --a------ 2007-08-03 16:09 63048 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX] --a------ 2006-06-26 11:33 243248 C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2007-09-20 10:51 1836328 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 16:57 153136 C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2] --a------ 2003-05-08 13:00 49152 C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-01-24 15:22 282624 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2008-01-15 21:18 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer] --a------ 2002-07-12 16:33 1581056 C:\WINDOWS\mixer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a------ 2006-08-03 05:12 577536 C:\WINDOWS\soundman.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "LogMeIn"=2 (0x2) "LMIMaint"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"= "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"= "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "C:\\Program Files\\SopCast\\SopCast.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "23308:TCP"= 23308:TCP:BitComet 23308 TCP "23308:UDP"= 23308:UDP:BitComet 23308 UDP "1766:TCP"= 1766:TCP:eMule TCP "1766:UDP"= 1766:UDP:eMule UDP [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 *Newly Created Service* - PROCEXP90 *Newly Created Service* - PSEXESVC [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3A5656F7-2047-E7E4-018D-FD278FC908BD}] C:\WINDOWS\system32:Explore.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{97EF828F-0B7F-0DA2-015F-9B0D73A4553E}] C:\WINDOWS\system32:dvds.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D8G7TJ0G-7D8B-1H3I-3R6J-8GJ48CMH9DF7}] C:\WINDOWS\system32\ekrn.exe . - - - - ORPHANS REMOVED - - - - HKCU-Run-NOD32 - C:\WINDOWS\system32\ekrn.exe HKLM-Run-DVD - C:\WINDOWS\system32:dvds.exe HKLM-Explorer_Run-csrcs - C:\WINDOWS\system32\csrcs.exe Notify-WgaLogon - (no file) MSConfigStartUp-NOD32 - C:\WINDOWS\system32\ekrn.exe MSConfigStartUp-CmPCIaudio - CMICNFG3.cpl . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\woow0n8y.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.yahoo.com/ FF -: plugin - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\woow0n8y.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1172.2021\npCIDetect11.dll FF -: plugin - C:\Program Files\ma-config.com\nphardwaredetection.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-11 02:20:57 Windows 5.1.2600 Service Pack 3 NTFS Balayage processus cachés ... Balayage caché autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run DVD = C:\WINDOWS\system32:dvds.exe?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-09-12 3:27:14 ComboFix-quarantined-files.txt 2008-09-12 00:08:45 Pre-Run: 20,998,856,704 octets libres Post-Run: 21,115,736,064 octets libres 332 --- E O F --- 2008-09-04 09:02:37
  6. logilan
    Bonjour, Le programme Combo Fix n'a toujours pas terminé de s'executer. Il affiche maintenant les 3 lignes suivantes: Compte-rendu en cours de préparation Ne lancez aucun programme tant que que ComboFix n'est pas fini temp07Le fichier spécifié est introuvable Quand les 2 premieres lignes sont apparus hier soir, je pensais en etre arrivé au bout. Mais la 3eme ligne est apparue il y a quelques heures et là je ne sais plus si le programme est bloqué ou pas. Dans le gestionnaire des taches, depuis le debut, il y a une tache qui prend 99% du CPU: LVPrcSrv.exe Est ce une tache de ComboFix, cela signifierait qu'il continue a travailler. Que me conseillez vous de faire maintenant ? Ca fait 41 heures que ComboFix s'execute maintenant...
  7. logilan
    J'ai telechargé a partir du lien et je l'ai bien renommé et mis sur le bureau. J'ai bien suivi les instructions. Sauf que j'avais oublié de fermer le utorrent et je l'ai fait bien plus tard.e Je sais pas si ca peut avoir poser probleme. Au moins ca avance, mais tres lentement. Je vous tiens au courant quand ca termine.
  8. logilan
    Bonjour, J'ai executé hier le combofix. Il mettait que ca durerait plus ou moins 10 minutes mais il n'a toujours pas fini apres 17h... Il en est a l'etape 37. A l'etape 10, il a supprimé le fichier en question: edrn.exe Combien d'etapes il y a t il en tout? Faut il que j'attende jusqu'au final ou est il possible de l'arreter maintenant car je ne peux pas utiliser l'ordinateur pendant ce temps. Merci pour votre reponse.
  9. logilan
    Bonsoir, Depuis ce matin, j'ai un message qui s'apparait au demarrage de Windows. C:\Windows\System32\ekrn.exe n'est pas une application Win32 valide J'ai lu que c'est un malware qui prend le nom de l'executable de l'antivirus ESET. En plus mon antivirus AVG a detecté un cheval de troie: bigfish. J'ai executé Spybot et il m'a detecté des malwares et les a corrigé. Mais le problème persiste. J'ai aussi essayé de supprimer ekrn de msconfig mais il reapparait. Voici mon log de hijack: Logfile of HijackThis v1.99.1 Scan saved at 17:53:18, on 09/09/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\csrcs.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Administrateur\Bureau\hijackthis_sfx\Hija ckThis.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\net.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll O2 - BHO: (no name) - {FBE58CC0-D14B-45FE-A717-57BB8247F652} - (no file) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [DVD] C:\WINDOWS\system32:dvds.exe O4 - HKLM\..\RunOnce: [*NOD32] C:\WINDOWS\system32\ekrn.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [NOD32] C:\WINDOWS\system32\ekrn.exe O4 - Startup: BJ Status Monitor Canon i865.lnk = ? O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe Merci beaucoup pour l'aide.
  10. logilan
    Bonjour à tous, Sur le PC de mes parents est apparu il y a une semaine un écran bleu au démarrage à cause d'un conflit matériel et leur demandant de mettre à jour le Bios entre autres. Ce problème a été résolu en déconnectant le routeur du PC. Et pour essayer de le résoudre je pense qu'il faudrait mettre à jour le pilote de celui-ci, cependant maintenant nous ne pouvons pas accéder au panneau de configuration, ni aux gestionnaires de périphériques à cause de restrictions administrateur, et évidemment non plus à Internet... Toutes les 5 minutes apparait le message suivant qui d'après ce que j'ai lu expliquerait le problème des restrictions: Warning ! Potential spyware operation ! Your computer is making unauthorized copy of your system and internet files Run full scan now to prevent any unauthorized access to your files ! Click yes to download spyware remove On a passé Adware et SmitFraudFix qui ont trouvé et supprimé des choses comme un Win32 Trojan. Mais le problème persiste. Voici le rapport HiJack: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:57:05, on 25/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\proper.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\system32\spoolc.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe C:\Program Files\Philips\VOIP321\VOIP321.exe C:\Program Files\Club-Internet\Lanceur\lanceur.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Documents and Settings\Administrateur\Local Settings\Temp\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.club-internet.fr/navig/lanceur/item9.phtml R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\proper.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {2c7a2abc-b719-4679-a55d-02522d1e771c} - C:\WINDOWS\system32\dbgn32.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {D27987B8-7244-4DE0-AE10-39B826B492F1} - C:\WINDOWS\system32\bronto.dll (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [adiras] adiras.exe O4 - HKLM\..\Run: [vmtalk] C:\Program Files\Fichiers communs\Talkway\vmtalk.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SymNetDrv\SNDMon.exe /Consumer O4 - HKLM\..\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [NetService] C:\DOCUME~1\Administrateur\Local Settings\Temp\tmp10.tmp.exe /run O4 - HKLM\..\Run: [winehq.org] rundll32.exe "C:\WINDOWS\efcdda.dll",realset O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [dumprep] C:\WINDOWS\system32\spoolc.exe O4 - HKLM\..\Run: [undefined] C:\WINDOWS\system32\winter.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [undefined] C:\WINDOWS\system32\winter.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user') O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe O4 - Startup: infos.exe O4 - Global Startup: autos.exe O4 - Global Startup: LUMIX Simple Viewer.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: VOIP321.lnk = C:\Program Files\Philips\VOIP321\VOIP321.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?e95e2ca8d5ea49df88c81280cde795f6 O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?e95e2ca8d5ea49df88c81280cde795f6 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O18 - Protocol: bw+0 - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {C5301999-DF44-4F7A-94BF-B0389BFE7A0C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll O20 - AppInit_DLLs: C:\WINDOWS\system32\sol629.txt O20 - Winlogon Notify: dbgn32 - dbgn32.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: DomainService - Unknown owner - C:\DOCUME~1\Administrateur\Local Settings\Temp\tmp1C.tmp.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_0.EXE O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\Symantec Shared\Script Blocking\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 23876 bytes Merci d'avance pour l'aide.
  11. logilan
    Bonjour, Je suis infecté par le virus hacktool.rootkit. Norton me le signale au demarrage mais ne peut pas le réparer. Le fichier infecté est windows/system32/orans.sys mais impossible de le trouver sur le disque, j'ai pourtant demandé d'afficher tous les fichiers cachés et systèmes. Merci de m'aider pour m'en débarasser. Voici mon rapport hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 12:00:23, on 07/09/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\WINDOWS\system32\slserv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\WINDOWS\System32\rmctrl.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe C:\WINDOWS\System32\wuamk032.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\cmd.exe C:\WINDOWS\System32\ms-dos.pif C:\Program Files\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [Microsoft Update] wuamk032.exe O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [MS-DOS Security Service] ms-dos.pif O4 - HKLM\..\RunServices: [Microsoft Update] wuamk032.exe O4 - HKLM\..\RunServices: [MS-DOS Security Service] ms-dos.pif O4 - HKCU\..\Run: [MS-DOS Security Service] ms-dos.pif O4 - HKCU\..\RunServices: [MS-DOS Security Service] ms-dos.pif O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: officejet 6100.lnk = ? O4 - Global Startup: Pinnacle Scheduler.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: netinfo - Unknown owner - C:\WINDOWS\netinfo.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
×
×
  • Créer...