Moun
-
Compteur de contenus
9 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par Moun
-
No Probleme; j'y vais de ce pas Bonne soirée
-
Merci bcp Vous etes des pro. @ + Malekal_Morte
-
Les fichiers ont bien été supprimés comme indiqué dans le precedent message. Ainsi que !Killbox
-
Bonjour, Encore merci pour ton aide: Voici le rapport de PANDA: Incident Status Location Adware:Adware/SuperSpider Not disinfected C:\!KillBox\winogk32.dll Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\mbader\Cookies\mbader@ad.yieldmanager[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\mbader\Cookies\mbader@atdmt[2].txt Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\mbader\Cookies\mbader@burstnet[2].txt Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\mbader\Cookies\mbader@tradedoubler[1].txt Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\mbader\Cookies\mbader@weborama[2].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\mbader\Cookies\mbader@xiti[1].txt Adware:adware/securityerror Not disinfected C:\Documents and Settings\mbader\Favoris\Antivirus Test Online.url Potentially unwanted tool:Application/Pskill.K Not disinfected D:\Perso\Antispyware\clean.zip[clean/pskill.exe] Potentially unwanted tool:Application/Processor Not disinfected D:\Perso\Antispyware\SmitfraudFix.zip[smitfraudFix/Process.exe] ...................................................
-
VundoFix V5.1.7 Running as SYSTEM from c:\windows\system32\VundoFix.exe Checking Java version... Sun Java not detected Scan started at 17:16:01 08/08/2006 Listing files found while scanning.... No infected files were found. Beginning removal... Beginning removal... The process smss.exe was successfully stopped The process winlogon.exe was successfully stopped The process explorer.exe was successfully stopped The process iexplore.exe was successfully stopped The process rundll32.exe was successfully stopped Attempting to delete C:\WINDOWS\system32\cbaww.dll C:\WINDOWS\system32\cbaww.dll Has been deleted! Performing Repairs to the registry. Done! ............................................................. Logfile of HijackThis v1.99.1 Scan saved at 17:29:27, on 08/08/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\S24EvMon.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\System32\QCONSVC.EXE C:\WINDOWS\System32\RegSrvc.exe c:\program files\lenovo\system update\suservice.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe C:\Program Files\Fichiers communs\{4085C36C-063E-1036-1029-040410060021}\Update.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\DameWare Development\DameWare NT Utilities\DWRCC.exe C:\Program Files\Internet Explorer\iexplore.exe D:\Documents\Scanner.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.laposte.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Laposte R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2514D525-C4C5-4182-A405-EEC5530462C4} - C:\WINDOWS\system32\cbaww.dll (file missing) O2 - BHO: (no name) - {52E1D86E-390B-49CD-907E-6F853BAC0900} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe" O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe" O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe" O4 - HKLM\..\Run: [Client Access PC5250 Sound] "C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe" O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll O9 - Extra 'Tools' menuitem: Console Java (IBM) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [JAVA_IBM] Java (IBM) O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr O15 - Trusted Zone: http://*.laposte.com'>http://*.laposte.com O15 - Trusted Zone: http://*.laposte.com (HKLM) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1114783943815 O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gestrim.fr O17 - HKLM\Software\..\Telephony: DomainName = laposte.fr O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = laposte.fr O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = laposte.fr O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winogk32 - winogk32.dll (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: Fonction Commande à distance d'iSeries Access for Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -service (file missing) ......................................
-
Logfile of HijackThis v1.99.1 Scan saved at 16:55:59, on 08/08/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\S24EvMon.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\System32\QCONSVC.EXE C:\WINDOWS\System32\RegSrvc.exe c:\program files\lenovo\system update\suservice.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Fichiers communs\{4085C36C-063E-1036-1029-040410060021}\Update.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\iexplore.exe D:\Documents\Scanner.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.laposte.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par laposte R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2514D525-C4C5-4182-A405-EEC5530462C4} - C:\WINDOWS\system32\cbaww.dll O2 - BHO: (no name) - {52E1D86E-390B-49CD-907E-6F853BAC0900} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe" O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe" O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe" O4 - HKLM\..\Run: [Client Access PC5250 Sound] "C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe" O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll O9 - Extra 'Tools' menuitem: Console Java (IBM) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [JAVA_IBM] Java (IBM) O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr O15 - Trusted Zone: http://*.laposte.com'>http://*.laposte.com O15 - Trusted Zone: http://*.laposte.com (HKLM) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1114783943815 O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = laposte.fr O17 - HKLM\Software\..\Telephony: DomainName = laposte.fr O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = laposte.fr O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = laposte.fr O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: cbaww - C:\WINDOWS\system32\cbaww.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winogk32 - winogk32.dll (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: Fonction Commande à distance d'iSeries Access for Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -service (file missing)
-
Toutes les manipulations ont été faites et tout a bien fonctionné. Voici les rapports demandés: VundoFix V5.1.7 Running as SYSTEM from c:\windows\system32\VundoFix.exe Checking Java version... Sun Java not detected Scan started at 15:56:10 08/08/2006 Listing files found while scanning.... No infected files were found. Beginning removal... .................................. --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 15:28:38 08/08/2006 + Scan result: C:\Documents and Settings\Administrateur\Cookies\administrateur@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). C:\Documents and Settings\mbader\Cookies\mbader@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). C:\Documents and Settings\mbader\Cookies\mbader@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). C:\Documents and Settings\mbader\Cookies\mbader@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined). C:\Documents and Settings\mbader\Cookies\mbader@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined). C:\Documents and Settings\mbader\Cookies\mbader@iv2.bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined). C:\Documents and Settings\mbader\Cookies\mbader@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined). C:\Documents and Settings\mbader\Cookies\mbader@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined). C:\Documents and Settings\mbader\Cookies\mbader@weborama[2].txt -> TrackingCookie.Weborama : Cleaned with backup (quarantined). ::Report end ................................................................. Script clean par Malekal_morte - http://www.malekal.com *** SUPPRESSION DES FICHIERS *** Suppressions de trojans/vers sur... C:\WINDOWS\system32\cool.exe FOUND C:\WINDOWS\system32\SpoonUninstall.exe FOUND *** Suppressions des adware connus... ....................................................................... Logfile of HijackThis v1.99.1 Scan saved at 16:16:08, on 08/08/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\S24EvMon.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\System32\QCONSVC.EXE C:\WINDOWS\System32\RegSrvc.exe c:\program files\lenovo\system update\suservice.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Fichiers communs\{4085C36C-063E-1036-1029-040410060021}\Update.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE D:\Documents\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gestrim.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Laposte R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe" O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe" O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe" O4 - HKLM\..\Run: [Client Access PC5250 Sound] "C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe" O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll O9 - Extra 'Tools' menuitem: Console Java (IBM) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [JAVA_IBM] Java (IBM) O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr O15 - Trusted Zone: http://*.laposte.com'>http://*.laposte.com O15 - Trusted Zone: http://*.laposte.com (HKLM) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1114783943815 O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = laposte.fr O17 - HKLM\Software\..\Telephony: DomainName = laposte.fr O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = laposte.fr O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = laposte.fr O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: Fonction Commande à distance d'iSeries Access for Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -service (file missing) ............................................. Merci pour tout.
-
C:\WINDOWS\System32\wwabc.ini -->08/08/2006 12:00:05 C:\WINDOWS\System32\cool.exe -->08/08/2006 11:45:12 C:\WINDOWS\System32\wpa.dbl -->08/08/2006 11:00:18 C:\WINDOWS\System32\wwabc.bak1 -->08/08/2006 10:44:19 C:\WINDOWS\System32\Uninstall.ico -->08/08/2006 10:38:02 C:\WINDOWS\System32\pavas.ico -->08/08/2006 10:38:02 C:\WINDOWS\System32\Help.ico -->08/08/2006 10:38:02 C:\WINDOWS\System32\asfiles.txt -->08/08/2006 09:24:34 C:\WINDOWS\System32\cbaww.dll -->07/08/2006 17:22:49 C:\WINDOWS\System32\jkkiihg.dll -->07/08/2006 17:03:25 C:\WINDOWS\System32\winogk32.dll -->07/08/2006 17:03:16 C:\WINDOWS\System32\EGATHDRV.SYS -->07/08/2006 15:37:20 C:\WINDOWS\System32\SpoonUninstall.exe -->06/08/2006 12:27:52 C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Music Converter.dat -->06/08/2006 12:27:52 C:\WINDOWS\System32\xanalyze.dll -->06/08/2006 12:27:51 C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Music Converter.bmp -->06/08/2006 12:27:38 C:\WINDOWS\System32\PerfStringBackup.INI -->04/08/2006 14:44:02 C:\WINDOWS\System32\perfh00C.dat -->04/08/2006 14:44:02 C:\WINDOWS\System32\perfh009.dat -->04/08/2006 14:44:02 C:\WINDOWS\System32\perfc00C.dat -->04/08/2006 14:44:02 C:\WINDOWS\System32\perfc009.dat -->04/08/2006 14:44:02 C:\WINDOWS\System32\DWRCST.exe.manifest -->04/08/2006 09:18:35 C:\WINDOWS\System32\$winnt$.inf -->20/07/2006 12:47:19 C:\WINDOWS\System32\psasrv.exe -->11/07/2006 16:52:52 C:\WINDOWS\System32\MRT.exe -->06/07/2006 18:21:48 C:\WINDOWS\ModemLog_ThinkPad Integrated 56K Modem.txt -->08/08/2006 12:00:12 C:\WINDOWS\wiaservc.log -->08/08/2006 10:42:05 C:\WINDOWS\wiadebug.log -->08/08/2006 10:42:05 C:\WINDOWS\pavsig.txt -->08/08/2006 10:38:08 C:\WINDOWS\0.log -->08/08/2006 10:32:45 C:\WINDOWS\bootstat.dat -->08/08/2006 10:32:43 C:\WINDOWS\WindowsUpdate.log -->08/08/2006 10:31:42 C:\WINDOWS\setupact.log -->08/08/2006 10:30:39 C:\WINDOWS\ntbtlog.txt -->08/08/2006 10:28:30 C:\WINDOWS\SchedLgU.Txt -->08/08/2006 10:27:10 C:\WINDOWS\win.ini -->08/08/2006 09:17:53 C:\WINDOWS\setupapi.log -->08/08/2006 09:15:46 C:\WINDOWS\system.ini -->07/08/2006 19:48:14 C:\WINDOWS\IE4 Error Log.txt -->04/08/2006 14:30:22 C:\WINDOWS\tsoc.log -->04/08/2006 13:03:01 Le volume dans le lecteur C s'appelle Systeme Le numéro de série du volume est 4085-C36C Répertoire de C:\WINDOWS\system32 05/08/2004 14:00 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 3 091 972 096 octets libres Le volume dans le lecteur C s'appelle Systeme Le numéro de série du volume est 4085-C36C Répertoire de C:\Program Files 07/08/2006 17:27 <REP> . 07/08/2006 17:27 <REP> .. 08/02/2005 17:30 <REP> Adobe 13/07/2004 14:18 <REP> Borland 28/05/2004 04:00 <REP> Common Files 25/02/2003 18:10 <REP> ComPlus Applications 28/05/2004 04:09 <REP> CONEXANT 04/08/2006 09:15 <REP> DameWare Development 28/05/2004 04:09 <REP> Digital Line Detect 03/08/2006 22:36 <REP> DivX Total Pack 07/08/2006 17:03 <REP> Fichiers communs 29/04/2005 22:14 <REP> IBM 28/05/2004 04:19 <REP> IBM DLA 28/05/2004 04:19 <REP> IBM RecordNow! 06/08/2006 12:27 <REP> Illustrate 28/05/2004 04:09 <REP> Intel 08/08/2006 10:53 <REP> Internet Explorer 28/05/2004 04:20 <REP> InterVideo 07/08/2006 15:35 <REP> Lenovo 29/04/2005 22:13 <REP> Logon 29/04/2005 16:30 <REP> Messenger 25/02/2003 18:14 <REP> microsoft frontpage 23/03/2006 12:11 <REP> Microsoft Office 10/07/2004 06:32 <REP> Microsoft.NET 10/02/2005 11:52 <REP> Movie Maker 25/02/2003 18:10 <REP> MSN Gaming Zone 08/08/2006 10:55 <REP> MSN Messenger 10/02/2005 11:51 <REP> NetMeeting 28/05/2004 04:09 <REP> NetWaiting 12/07/2004 10:14 <REP> OfficeUpdate11 20/07/2006 12:23 <REP> Outlook Express 12/07/2004 09:26 <REP> RealVNC 12/07/2004 10:35 <REP> RegCleaner 28/05/2004 04:14 <REP> SBApps 19/07/2004 14:14 <REP> Services en ligne 28/05/2004 04:19 <REP> Sonic 07/08/2006 19:50 <REP> Spybot - Search & Destroy 28/05/2004 04:18 <REP> Support.com 29/04/2005 15:25 <REP> Symantec 08/08/2006 10:55 <REP> Symantec AntiVirus 08/02/2005 17:22 <REP> SymNetDrv 28/05/2004 03:26 <REP> Synaptics 28/05/2004 04:06 <REP> ThinkPad 09/06/2005 16:24 <REP> ToniArts 19/07/2004 12:28 <REP> Vodafone 19/07/2004 14:48 <REP> Windows Journal Viewer 23/03/2006 12:42 <REP> Windows Media Connect 23/03/2006 12:42 <REP> Windows Media Connect 2 23/03/2006 12:44 <REP> Windows Media Player 10/02/2005 11:49 <REP> Windows NT 08/08/2006 10:56 <REP> WinZip 25/02/2003 18:14 <REP> xerox 0 fichier(s) 0 octets 52 Rép(s) 3 091 968 000 octets libres Le volume dans le lecteur C s'appelle Systeme Le numéro de série du volume est 4085-C36C Répertoire de C:\Program Files\fichiers communs 07/08/2006 17:03 <REP> . 07/08/2006 17:03 <REP> .. 08/02/2005 17:34 <REP> Adobe 10/07/2004 06:35 <REP> DESIGNER 09/06/2005 16:24 <REP> InstallShield 07/08/2006 15:35 <REP> Lenovo 23/03/2006 12:14 <REP> Microsoft Shared 25/02/2003 18:11 <REP> MSSoap 25/02/2003 18:05 <REP> ODBC 25/02/2003 18:11 <REP> Services 28/05/2004 04:19 <REP> Sonic 25/02/2003 18:05 <REP> SpeechEngines 28/05/2004 04:19 <REP> SureThing Shared 08/08/2006 10:48 <REP> Symantec Shared 20/07/2006 12:23 <REP> System 04/08/2006 09:16 <REP> Wise Installation Wizard 08/08/2006 10:48 <REP> {4085C36C-063E-1036-1029-040410060021} 0 fichier(s) 0 octets 17 Rép(s) 3 091 968 000 octets libres Le volume dans le lecteur C s'appelle Systeme Le numéro de série du volume est 4085-C36C Répertoire de C:\Program Files\common files 28/05/2004 04:00 <REP> . 28/05/2004 04:00 <REP> .. 13/07/2004 14:56 <REP> System 0 fichier(s) 0 octets 3 Rép(s) 3 091 968 000 octets libres c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\ALUNotify.exe c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\AUpdate.exe c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\Lsetup.exe c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\LuAll.exe c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\LuComServer.exe c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\LUInit.exe c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\NDetect.exe c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\SHFOLDER.EXE c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\SymantecRootInstaller.exe c:\Documents and Settings\mbader\Bureau\ipscan.exe c:\Documents and Settings\mbader\Bureau\chercher\chercher\LFiles.exe c:\Documents and Settings\mbader\Local Settings\Temporary Internet Files\Content.IE5\OLLPKK2E\srvfae[1].exe c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\capicom.dll c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\LuComServerPs.dll c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\LUinsDll.dll c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\LUPreCon.dll c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\LUSESAIntegration.dll c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\NetDetectController.dll c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\pegclient.dll c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\pegcommon.dll c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\ProductRegCOM.dll c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\ProductRegCOMPs.dll c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\Psapi.Dll c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\S32Live1.dll c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\S32Luis1.dll c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\LuMMInst\S32LUWI1.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll c:\Documents and Settings\mbader\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll Vérifications de quelques clefs Recherche de clefs EGDACCESS HKLM\SOFTWARE\Microsoft\Windows\explorer\SharedTaskScheduler
-
Bonjour, Nouveau zebulonien ,je me tourne vers vous pour eradiquer spywarequake. Mon PC a été infesté par spywarequake, j'ai donc parcouru quelques articles du forum se rapportant à ce sujet et j'ai suivi les instructions de départ, à savoir, : 1/Télécharger http://siri.urz.free.fr/Fix/SmitfraudFix.zip 2/ Dézipper la totalité de l'archive sur ton bureau. Double cliquer sur smitfraudfix.cmd Sélectionner 1 dans le menu pour créer un rapport des fichiers responsables de l'infection. sauvegarde ce rapport et poste le 3/* Redemarrer l'ordinateur en mode sans echec * Double cliquer sur smitfraudfix.cmd * Sélectionner 2 dans le menu pour supprimer les fichiers responsables de l'infection. * A la question: Voulez-vous nettoyer le registre ? répondre O (oui) sauvegarde le rapport. redemarrer en mode normal et poster aussi le nouveau rapport ainsi qu'un nouveau log hijackthis .................................................................................................................... Voici donc le premier rapport : SmitFraudFix v2.81 Rapport fait à 10:25:20,51, 08/08/2006 Executé à partir de C:\Documents and Settings\mbader\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\ishost.exe PRESENT ! C:\WINDOWS\system32\ismon.exe PRESENT ! C:\WINDOWS\system32\issearch.exe PRESENT ! C:\WINDOWS\system32\ixt?.dll PRESENT ! C:\WINDOWS\system32\ixt??.dll PRESENT ! C:\WINDOWS\system32\ot.ico PRESENT ! C:\WINDOWS\system32\urroxtl.dll PRESENT ! C:\WINDOWS\system32\components\flx?.dll PRESENT ! C:\WINDOWS\system32\components\flx??.dll PRESENT ! C:\WINDOWS\system32\components\flx???.dll PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\mbader\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\mbader\Favoris C:\DOCUME~1\mbader\Favoris\Antivirus Test Online.url PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}" »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin ....................................................................................................... Et le deuxieme rapport: SmitFraudFix v2.81 Rapport fait à 10:30:07,73, 08/08/2006 Executé à partir de C:\Documents and Settings\mbader\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}" »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri C:\WINDOWS\system32\urroxtl.dll -> Hoax.Win32.Renos.gen.bHoax.Win32.Renos.gen.c C:\WINDOWS\system32\urroxtl.dll -> Deleted »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés C:\WINDOWS\system32\ishost.exe supprimé C:\WINDOWS\system32\ismon.exe supprimé C:\WINDOWS\system32\issearch.exe supprimé C:\WINDOWS\system32\ixt?.dll supprimé C:\WINDOWS\system32\ot.ico supprimé C:\WINDOWS\system32\components\flx?.dll supprimé »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin ET Voici le rapport HIJACK this ogfile of HijackThis v1.99.1 Scan saved at 11:20:18, on 08/08/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\S24EvMon.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\System32\QCONSVC.EXE C:\WINDOWS\System32\RegSrvc.exe c:\program files\lenovo\system update\suservice.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe C:\Program Files\Fichiers communs\{4085C36C-063E-1036-1029-040410060021}\Update.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE D:\Documents\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.laposte.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par laposte R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe" O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe" O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe" O4 - HKLM\..\Run: [Client Access PC5250 Sound] "C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe" O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll O9 - Extra 'Tools' menuitem: Console Java (IBM) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [JAVA_IBM] Java (IBM) O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr O15 - Trusted Zone: http://*.laposte.com'>http://*.laposte.com O15 - Trusted Zone: http://*.laposte.com (HKLM) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1114783943815 O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = laposte.fr O17 - HKLM\Software\..\Telephony: DomainName = laposte.fr O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = laposte.fr O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = laposte.fr O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: Fonction Commande à distance d'iSeries Access for Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -service (file missing) ...................................................... Je n'ai plus le petit message a coté de l'horloge mais des message en italien apparaissent et disparaissent tout seules. Ceci me porte a croire que je mon pc n'est pas totalement desinfecté. MERCI DE VOTRE AIDE .................................................