barbeapoux
-
Compteur de contenus
5 -
Inscription
-
Dernière visite
barbeapoux's Achievements
Junior Member (3/12)
0
Réputation sur la communauté
-
Etude de Log Hijackthis svp
barbeapoux a répondu à un(e) sujet de barbeapoux dans Analyses et éradication malwares
Voilà j'ai enlever les 2 antivirus qu'il me restait je crois voici le nouveau log: Logfile of HijackThis v1.99.1 Scan saved at 14:14:05, on 09.11.2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AlienGUIse\wbload.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\00THotkey.exe C:\WINDOWS\Explorer.exe C:\Program Files\Creative\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Anti virus\hijackthis\hijackthis\HijackThis.exe C:\Program Files\FireFox\firefox.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ\ICQToolbar\toolbaru.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ\ICQToolbar\toolbaru.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [RaConfig2500.EXE] RaConfig2500.EXE O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Fichiers communs\Nokia\NCLTools\NclTray.exe O4 - HKLM\..\Run: [iCQ Lite] C:\Program Files\ICQ\ICQ\ICQLite.exe -minimize O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Anti virus\Symantec\Norton Ghost\GhostStartTrayApp.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - Startup: RegFreeze.lnk = C:\Program Files\Anti virus\RegSeeker\RegFreeze\regfreeze.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQ\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Creative\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra button: (no name) - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - (no file) (HKCU) O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Creative\Bluetooth Software\bin\btwdins.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RW1tYW51ZWwgUGlndWV0\command.exe (file missing) O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Anti virus\Symantec\Norton Ghost\GhostStartService.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing) O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing) O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe -
Etude de Log Hijackthis svp
barbeapoux a répondu à un(e) sujet de barbeapoux dans Analyses et éradication malwares
Merci pour votre aide ca va tout de suite mieu (j'aurais appris plein de trucs dans cette histoire au moins..) j'ai de nouveau acces au processus du system jai plus de pop up et je doit plus attendre 1/4 d'heure pour ouvrir un menu contextuel avec le clic droit ! voici le log hijackthis apres utilisation de LQfix Logfile of HijackThis v1.99.1 Scan saved at 20:47:24, on 08.11.2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\00THotkey.exe C:\WINDOWS\Explorer.exe C:\Program Files\FireFox\firefox.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Creative\Bluetooth Software\bin\btwdins.exe C:\Program Files\Anti virus\hijackthis\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ\ICQToolbar\toolbaru.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ\ICQToolbar\toolbaru.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [infoPenMSN] C:\Program Files\InfoKing\InfoPenMSN\Viewer\InfoPenIM.exe O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [RaConfig2500.EXE] RaConfig2500.EXE O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Fichiers communs\Nokia\NCLTools\NclTray.exe O4 - HKLM\..\Run: [iCQ Lite] C:\Program Files\ICQ\ICQ\ICQLite.exe -minimize O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Anti virus\Symantec\Norton Ghost\GhostStartTrayApp.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - Startup: RegFreeze.lnk = C:\Program Files\Anti virus\RegSeeker\RegFreeze\regfreeze.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQ\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Creative\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra button: (no name) - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (file missing) (HKCU) O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Creative\Bluetooth Software\bin\btwdins.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RW1tYW51ZWwgUGlndWV0\command.exe (file missing) O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Anti virus\Symantec\Norton Ghost\GhostStartService.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe Je vai desinstaller les anti virus de trop aussi de ce pas -
Etude de Log Hijackthis svp
barbeapoux a répondu à un(e) sujet de barbeapoux dans Analyses et éradication malwares
voilà le log effectué apres analyse d'anti vir en mode ss echec. (je l'avais deja fait mais pas conserver....) J'avais oublier de préciser que l'autre problème majeur est que je n'ai plus acces au processus "System" dans le gestionnaire des taches. (j'ai cru comprendre que c'était un ce virus colevo mais j'ai enlever son command.exe et je ne sais pas comment modifier les key qu'il a changer...) Merci ! Logfile of HijackThis v1.99.1 Scan saved at 20:00:31, on 08.11.2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Anti virus\hijackthis\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ\ICQToolbar\toolbaru.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ\ICQToolbar\toolbaru.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [infoPenMSN] C:\Program Files\InfoKing\InfoPenMSN\Viewer\InfoPenIM.exe O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [RaConfig2500.EXE] RaConfig2500.EXE O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Fichiers communs\Nokia\NCLTools\NclTray.exe O4 - HKLM\..\Run: [iCQ Lite] C:\Program Files\ICQ\ICQ\ICQLite.exe -minimize O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ANTIVI~1\Avast\ashDisp.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitepcl32.exe O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Anti virus\Symantec\Norton Ghost\GhostStartTrayApp.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\RunOnce: [iCQ Lite] C:\Program Files\ICQ\ICQ\ICQLite.exe -trayboot O4 - Startup: RegFreeze.lnk = C:\Program Files\Anti virus\RegSeeker\RegFreeze\regfreeze.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQ\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Creative\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra button: (no name) - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (file missing) (HKCU) O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll O20 - Winlogon Notify: Unimodem - C:\WINDOWS\system32\lvr6099se.dll O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\Anti virus\AntiVir\AVGUARD.EXE O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Anti virus\Avast\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Anti virus\Avast\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Anti virus\Avast\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Anti virus\Avast\ashWebSv.exe" /service (file missing) O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\Anti virus\AntiVir\AVWUPSRV.EXE O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Creative\Bluetooth Software\bin\btwdins.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RW1tYW51ZWwgUGlndWV0\command.exe (file missing) O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Anti virus\Symantec\Norton Ghost\GhostStartService.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe -
Etude de Log Hijackthis svp
barbeapoux a répondu à un(e) sujet de barbeapoux dans Analyses et éradication malwares
(je voulais juste ajouter que je connais un chouilla seulement dans Hijackthis et que je l'ai ai quand même toute traitée en regardant a quoi ça correspondait, mais le problème c'est surtout que j'ai beau supprimer les trucs ils reviennent immanquablement... [c'est le ver W32/colevo je crois le gros problème...] donc voilà...) -
Bonjour tlm =) merci pour votre site ca fais mnt quelque temps que je me ballade dessus pour résoudre mes problèmes mais il réside encore quelque trucs... J'ai supprimer tout ce que je pouvais, lancer des antivirus a n'en plus pouvoir en mode sans echec mais mon ordi est encore considérablement ralenti et de foutu pop-up débil déboulent encore... je vous met ci-dessous mes logs (je savais pas si fallais les mettres en mode ss echec ou pas, je vous les ai mises en mode normal mais si vous les voulez autrement dites moi...) Logfile of HijackThis v1.99.1 Scan saved at 16:47:14, on 08.11.2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Anti virus\AntiVir\AVGUARD.EXE C:\Program Files\Anti virus\Avast\aswUpdSv.exe C:\WINDOWS\System32\taskmgr.exe C:\Program Files\Anti virus\Avast\ashServ.exe C:\WINDOWS\System32\00THotkey.exe C:\Program Files\Anti virus\AntiVir\AVWUPSRV.EXE C:\Program Files\Creative\Bluetooth Software\bin\btwdins.exe C:\Program Files\Anti virus\Symantec\Norton Ghost\GhostStartService.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe c:\program files\mcafee.com\shared\mghtml.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\HPHipm11.exe C:\Program Files\Anti virus\Avast\ashMaiSv.exe C:\Program Files\Anti virus\Avast\ashWebSv.exe C:\Program Files\FireFox\firefox.exe C:\Program Files\Spy bot\SpybotSD.exe c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Anti virus\hijackthis\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ\ICQToolbar\toolbaru.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ\ICQToolbar\toolbaru.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [infoPenMSN] C:\Program Files\InfoKing\InfoPenMSN\Viewer\InfoPenIM.exe O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [RaConfig2500.EXE] RaConfig2500.EXE O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\Anti virus\AntiVir\AVGNT.EXE" /min O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Fichiers communs\Nokia\NCLTools\NclTray.exe O4 - HKLM\..\Run: [iCQ Lite] C:\Program Files\ICQ\ICQ\ICQLite.exe -minimize O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ANTIVI~1\Avast\ashDisp.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitepcl32.exe O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Anti virus\Symantec\Norton Ghost\GhostStartTrayApp.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\RunOnce: [iCQ Lite] C:\Program Files\ICQ\ICQ\ICQLite.exe -trayboot O4 - Startup: RegFreeze.lnk = C:\Program Files\Anti virus\RegSeeker\RegFreeze\regfreeze.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQ\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Creative\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra button: (no name) - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (file missing) (HKCU) O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll O20 - Winlogon Notify: OemStartMenuData - C:\WINDOWS\system32\q0rqla951d.dll O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\Anti virus\AntiVir\AVGUARD.EXE O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Anti virus\Avast\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Anti virus\Avast\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Anti virus\Avast\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Anti virus\Avast\ashWebSv.exe" /service (file missing) O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\Anti virus\AntiVir\AVWUPSRV.EXE O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Creative\Bluetooth Software\bin\btwdins.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RW1tYW51ZWwgUGlndWV0\command.exe (file missing) O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Anti virus\Symantec\Norton Ghost\GhostStartService.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe En esperant que vous y trouvier quelque chose qui pourrais m'être util je vous remercie d'avance de votre aide =) Merci à bientôt!