Aller au contenu

kleio

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    4

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par kleio

  1. kleio
    Salut Charles Tu trouveras les rapports demandés. Sur le Hijack, je ne sais pas si j'ai tout compris... Fallait il t'envoyer le rapport Hijack apres le scan? Car lorsque je suis ta procedure , la fenetre Hijack disparait, et je ne sais pa ou trouver le fichier. Je t'ai donc mis le resultat du scan. Un grand merci pour le debug .... Vincent - 07-01-06 19:02:13,39 Service Pack 2 ComboFix 06.11.27 - Running from: "D:\Vincent\Telechargement" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\Fichiers communs\{78C46CD4-0AE8-1036-0629-041117200021} ((((((((((((((((((((((((((((((( Files Created from 2006-12-06 to 2007-01-06 )))))))))))))))))))))))))))))))))) 2007-01-06 15:11 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll 2007-01-04 10:25 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-01-04 10:25 <REP> d-------- C:\Program Files\AVG Anti-Spyware 7.5 2007-01-04 10:14 81,684 --a------ C:\WINDOWS\system32\btjepslv.dll 2007-01-04 01:27 853 --a------ C:\reboot.cmd 2007-01-04 01:27 68,096 --a------ C:\diff.exe 2007-01-04 01:27 103,424 --a------ C:\grep.exe 2007-01-04 00:24 44,060 --a------ C:\WINDOWS\system32\yrfyvybk.dll 2007-01-04 00:24 118,804 --a------ C:\WINDOWS\system32\pixiqfxx.dll 2007-01-03 23:11 <REP> d-------- C:\Program Files\hijackthis 2006-12-17 13:28 <REP> d-------- C:\Converted Music 2006-12-17 13:19 131,072 --a------ C:\WINDOWS\system32\SpoonUninstall.exe 2006-12-17 13:19 <REP> d-------- C:\Program Files\Illustrate 2006-12-08 19:51 <REP> d-------- C:\Program Files\AvantGo Connect 2006-12-08 19:50 65,613 --a------ C:\WINDOWS\system32\PPVEXP.DLL 2006-12-08 19:50 24,652 --a------ C:\WINDOWS\system32\UICOM.DLL 2006-12-08 19:50 114,688 --a------ C:\WINDOWS\system32\MALSLIB.DLL 2006-12-08 19:50 <REP> d-------- C:\Program Files\Microsoft ActiveSync 2006-12-08 18:38 104,576 --a------ C:\WINDOWS\system32\drivers\wceusbsh.sys (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-01-06 19:03 -------- d-------- C:\Program Files\Fichiers communs 2007-01-04 10:33 -------- d-------- C:\Program Files\ewido anti-spyware 4.0 2006-12-08 20:16 2508 --a------ C:\Documents and Settings\Vincent\Application Data\$_hpcst$.hpc 2006-12-08 20:07 -------- d-------- C:\Program Files\Fichiers communs\Microsoft Shared 2006-12-08 19:51 -------- d---s---- C:\Documents and Settings\Vincent\Application Data\Microsoft 2006-12-08 19:50 -------- d-------- C:\Program Files\Common Files 2006-12-03 12:58 -------- d-------- C:\Documents and Settings\Vincent\Application Data\MSN6 2006-11-26 19:29 -------- d-------- C:\Documents and Settings\Vincent\Application Data\Ice Age 2 2006-11-26 19:26 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2006-11-23 22:34 -------- d-------- C:\Program Files\Internet Explorer 2006-11-10 19:28 -------- d-------- C:\Program Files\Google 2006-11-06 18:11 110612 --a------ C:\WINDOWS\system32\ujlneclf.exe 2006-11-04 17:55 110612 --a------ C:\WINDOWS\system32\hpefxsnq.exe 2006-10-13 13:36 145920 --a------ C:\WINDOWS\system32\nwprovau.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe" "H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\"" "UserFaultCheck"="%systemroot%\\system32\\dumprep 0 -u" "TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot" "SoundMan"="SOUNDMAN.EXE" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "Lexmark X1100 Series"="\"C:\\Program Files\\Lexmark X1100 Series\\lxbkbmgr.exe\"" "HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe" "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe" "AGRSMMSG"="AGRSMMSG.exe" "DllRunning"="rundll32.exe \"C:\\WINDOWS\\system32\\pixiqfxx.dll\",setvm" "!AVG Anti-Spyware"="\"C:\\Program Files\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000004 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ahrdafx HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winetn32 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" Completion time: 07-01-06 19:04:50.50 C:\ComboFix.txt ... 07-01-06 19:04 rapport hijack Logfile of HijackThis v1.99.1 Scan saved at 19:28:25, on 06/01/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\WINDOWS\System32\hkcmd.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\Microsoft Office\Office\FINDFAST.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\pixiqfxx.dll",setvm O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com O15 - Trusted Zone: http://www.boursorama.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1156002643703 O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...anner371180.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - https://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  2. kleio
    Bonjour Charles , Je te joins les differents rapports. Bonne recherche KLEIO Rapport Hijack.txt Logfile of HijackThis v1.99.1 Scan saved at 08:07:36, on 05/01/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Microsoft Office\Office\OSA.EXE C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\Microsoft Office\Office\FINDFAST.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe C:\Program Files\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\pixiqfxx.dll",setvm O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com O15 - Trusted Zone: http://www.boursorama.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1156002643703 O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...anner371180.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - https://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Rapport ewido --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 14:41:59 04/01/2007 + Résultat de l'analyse: C:\System Volume Information\_restore{ECA1DE26-F56E-4199-8152-EA7BEA5C9AF6}\RP67\A0027131.dll -> Adware.Searchcolor : Aucune action entreprise. C:\System Volume Information\_restore{ECA1DE26-F56E-4199-8152-EA7BEA5C9AF6}\RP67\A0027135.exe -> Adware.Searchcolor : Aucune action entreprise. C:\System Volume Information\_restore{ECA1DE26-F56E-4199-8152-EA7BEA5C9AF6}\RP67\A0027136.dll -> Adware.SysProtect : Aucune action entreprise. C:\System Volume Information\_restore{ECA1DE26-F56E-4199-8152-EA7BEA5C9AF6}\RP67\A0026981.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Aucune action entreprise. C:\System Volume Information\_restore{ECA1DE26-F56E-4199-8152-EA7BEA5C9AF6}\RP67\A0026986.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Aucune action entreprise. C:\System Volume Information\_restore{ECA1DE26-F56E-4199-8152-EA7BEA5C9AF6}\RP67\A0026961.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Aucune action entreprise. C:\System Volume Information\_restore{ECA1DE26-F56E-4199-8152-EA7BEA5C9AF6}\RP67\A0026962.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Aucune action entreprise. C:\System Volume Information\_restore{ECA1DE26-F56E-4199-8152-EA7BEA5C9AF6}\RP67\A0026966.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Aucune action entreprise. C:\System Volume Information\_restore{ECA1DE26-F56E-4199-8152-EA7BEA5C9AF6}\RP67\A0026968.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Aucune action entreprise. C:\System Volume Information\_restore{ECA1DE26-F56E-4199-8152-EA7BEA5C9AF6}\RP67\A0026970.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Aucune action entreprise. C:\System Volume Information\_restore{ECA1DE26-F56E-4199-8152-EA7BEA5C9AF6}\RP67\A0026971.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Aucune action entreprise. C:\System Volume Information\_restore{ECA1DE26-F56E-4199-8152-EA7BEA5C9AF6}\RP67\A0026972.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Aucune action entreprise. C:\System Volume Information\_restore{ECA1DE26-F56E-4199-8152-EA7BEA5C9AF6}\RP67\A0026974.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Aucune action entreprise. C:\System Volume Information\_restore{ECA1DE26-F56E-4199-8152-EA7BEA5C9AF6}\RP67\A0026976.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Aucune action entreprise. C:\System Volume Information\_restore{ECA1DE26-F56E-4199-8152-EA7BEA5C9AF6}\RP67\A0026977.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Aucune action entreprise. C:\System Volume Information\_restore{ECA1DE26-F56E-4199-8152-EA7BEA5C9AF6}\RP67\A0026979.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Aucune action entreprise. C:\System Volume Information\_restore{ECA1DE26-F56E-4199-8152-EA7BEA5C9AF6}\RP67\A0026980.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Aucune action entreprise. C:\System Volume Information\_restore{ECA1DE26-F56E-4199-8152-EA7BEA5C9AF6}\RP67\A0026982.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Aucune action entreprise. C:\System Volume Information\_restore{ECA1DE26-F56E-4199-8152-EA7BEA5C9AF6}\RP67\A0026984.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Aucune action entreprise. C:\System Volume Information\_restore{ECA1DE26-F56E-4199-8152-EA7BEA5C9AF6}\RP67\A0026985.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Aucune action entreprise. C:\Documents and Settings\Vincent\Cookies\vincent@247realmedia[1].txt -> TrackingCookie.247realmedia : Aucune action entreprise. C:\Documents and Settings\Vincent\Cookies\vincent@atdmt[1].txt -> TrackingCookie.Atdmt : Aucune action entreprise. C:\System Volume Information\_restore{ECA1DE26-F56E-4199-8152-EA7BEA5C9AF6}\RP67\A0026959.dll -> Trojan.Agent.acl : Aucune action entreprise. Fin du rapport Rapport Diaghelp Service Pack 212 2 2006 14:06:09.500 Loaded driver \WINDOWS\system32\ntoskrnl.exe Loaded driver \WINDOWS\system32\hal.dll Loaded driver \WINDOWS\system32\KDCOM.DLL Loaded driver \WINDOWS\system32\BOOTVID.dll Loaded driver ACPI.sys Loaded driver \WINDOWS\system32\DRIVERS\WMILIB.SYS Loaded driver pci.sys Loaded driver isapnp.sys Loaded driver compbatt.sys Loaded driver \WINDOWS\system32\DRIVERS\BATTC.SYS Loaded driver intelide.sys Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS Loaded driver MountMgr.sys Loaded driver ftdisk.sys Loaded driver dmload.sys Loaded driver dmio.sys Loaded driver PartMgr.sys Loaded driver VolSnap.sys Loaded driver atapi.sys Loaded driver vmscsi.sys Loaded driver \WINDOWS\system32\DRIVERS\SCSIPORT.SYS Loaded driver disk.sys Loaded driver \WINDOWS\system32\DRIVERS\CLASSPNP.SYS Loaded driver fltMgr.sys Loaded driver sr.sys Loaded driver KSecDD.sys Loaded driver Ntfs.sys Loaded driver NDIS.sys Loaded driver Mup.sys Loaded driver agp440.sys Loaded driver \SystemRoot\system32\DRIVERS\amdk7.sys Loaded driver \SystemRoot\system32\DRIVERS\i8042prt.sys Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys Loaded driver \SystemRoot\system32\DRIVERS\vmmouse.sys Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys Loaded driver \SystemRoot\system32\DRIVERS\parport.sys Loaded driver \SystemRoot\system32\DRIVERS\serial.sys Loaded driver \SystemRoot\system32\DRIVERS\serenum.sys Loaded driver \SystemRoot\system32\DRIVERS\fdc.sys Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys Loaded driver \SystemRoot\system32\DRIVERS\redbook.sys Loaded driver \SystemRoot\system32\DRIVERS\vmx_svga.sys Loaded driver \SystemRoot\system32\DRIVERS\vmxnet.sys Loaded driver \SystemRoot\system32\DRIVERS\CmBatt.sys Loaded driver \SystemRoot\system32\DRIVERS\audstub.sys Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys Loaded driver \SystemRoot\system32\DRIVERS\msgpc.sys Loaded driver \SystemRoot\system32\DRIVERS\psched.sys Loaded driver \SystemRoot\system32\DRIVERS\ptilink.sys Loaded driver \SystemRoot\system32\DRIVERS\raspti.sys Loaded driver \SystemRoot\system32\DRIVERS\rdpdr.sys Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys Loaded driver \SystemRoot\system32\DRIVERS\update.sys Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS Loaded driver \SystemRoot\system32\DRIVERS\flpydisk.sys Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS Did not load driver \SystemRoot\System32\Drivers\Changer.SYS Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS Loaded driver \SystemRoot\System32\Drivers\Null.SYS Loaded driver \SystemRoot\System32\Drivers\Beep.SYS Loaded driver \SystemRoot\System32\drivers\vga.sys Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS Loaded driver \SystemRoot\system32\DRIVERS\rasacd.sys Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys Loaded driver \SystemRoot\system32\DRIVERS\tcpip.sys Loaded driver \SystemRoot\system32\DRIVERS\netbt.sys Loaded driver \SystemRoot\System32\drivers\afd.sys Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys Did not load driver \SystemRoot\system32\DRIVERS\imapi.sys Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys Loaded driver \SystemRoot\System32\Drivers\Fips.SYS Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS Loaded driver \SystemRoot\system32\DRIVERS\ndisuio.sys Did not load driver \SystemRoot\system32\DRIVERS\rdbss.sys Did not load driver \SystemRoot\system32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\System32\Drivers\Fastfat.SYS Loaded driver \SystemRoot\system32\DRIVERS\mrxdav.sys Loaded driver \SystemRoot\System32\Drivers\ParVdm.SYS Loaded driver \SystemRoot\system32\DRIVERS\srv.sys Loaded driver \SystemRoot\System32\Drivers\HTTP.sys
  3. kleio
    MErci a toi Charles Kleio
  4. kleio
    Bonjour a tous . Voila ce que j'ai recupé après un coup de Hijackthis. Un coup de main me serait fort utile. Merci d'avance KLEIO Logfile of HijackThis v1.99.1 Scan saved at 23:14:52, on 03/01/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Microsoft Office\Office\OSA.EXE C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\Microsoft Office\Office\FINDFAST.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing) O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in_1.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKCU\..\Run: [updater] C:\Program Files\Carpe Diem\murespourjeunes[1]\CDUpdater.exe CD_UPDATER O4 - HKCU\..\Run: [sysProtect Free] "C:\Program Files\SysProtect Free\USYP.exe" /min O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com O15 - Trusted Zone: http://www.boursorama.com O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1156002643703 O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...anner371180.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - https://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
×
×
  • Créer...