jaimito074

Membres

Afficher le profil Afficher son activité

Compteur de contenus
8
Inscription
le 28 janvier 2007
Dernière visite
le 18 février 2007

Autres informations

Mes langues
espagnol

jaimito074's Achievements

Junior Member (3/12)

Réputation sur la communauté

Besoin d'aide VIRUS SERWAB

jaimito074 a répondu à un(e) sujet de jaimito074 dans Analyses et éradication malwares

Bonsoir, voici le rapport AVG: AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 21:51:34 01/02/2007 + Résultat de l'analyse: C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP275\A0042557.exe -> Adware.Gator : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc10\Update.exe -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc10\system.dll -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc11\Update.exe -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc11\system.dll -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc12\Update.exe -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc12\system.dll -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc13\Update.exe -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc13\system.dll -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc14\Update.exe -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc14\system.dll -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc15\Update.exe -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc15\system.dll -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc16\Update.exe -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc16\system.dll -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc17\Update.exe -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc17\system.dll -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc18\Update.exe -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc18\system.dll -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc19\Update.exe -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc19\system.dll -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc1\Update.exe -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc1\system.dll -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc20\Update.exe -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc20\system.dll -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc21\Update.exe -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc21\system.dll -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc22\Update.exe -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc22\system.dll -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc23\Update.exe -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc23\system.dll -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc24\Update.exe -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc24\system.dll -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc25\Update.exe -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc25\system.dll -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc26\Update.exe -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc26\system.dll -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc27\Update.exe -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc27\system.dll -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc28\Update.exe -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc28\system.dll -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc29\Update.exe -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc29\system.dll -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc2\Update.exe -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc2\system.dll -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc3\Update.exe -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc3\system.dll -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc4\Update.exe -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc4\system.dll -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc5\Update.exe -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc5\system.dll -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc6\Update.exe -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc6\system.dll -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc7\Update.exe -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc7\system.dll -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc8\Update.exe -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc8\system.dll -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc9\Update.exe -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\RECYCLER\S-1-5-18\Dc9\system.dll -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP277\A0052731.dll -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP277\A0052732.exe -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP278\A0052737.dll -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP278\A0052738.exe -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP279\A0052857.dll -> Adware.Softomate : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP279\A0052833.dll -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine). C:\VundoFix Backups\opnnlmn.dll.bad -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine). HKLM\SOFTWARE\WinAntiVirus Pro 2006 -> Adware.WinAntiVirus : Nettoyé et sauvegardé (mise en quarantaine). HKLM\SOFTWARE\Classes\SysWebTelecom.SysWebTelecom -> Dialer.Generic : Nettoyé et sauvegardé (mise en quarantaine). HKLM\SOFTWARE\Classes\SysWebTelecom.SysWebTelecom\CurVer -> Dialer.Generic : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP276\A0048727.exe -> Downloader.PurityScan.dc : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP276\A0048726.exe -> Downloader.PurityScan.dt : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP284\A0053128.exe -> Downloader.Tiny.fk : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP275\A0041535.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP279\A0052846.dll -> Not-A-Virus.Hoax.Win32.Renos.gi : Nettoyé et sauvegardé (mise en quarantaine). C:\VundoFix Backups\drvvas.dll.bad -> Not-A-Virus.Hoax.Win32.Renos.gi : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\Gabino\Cookies\gabino@adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé. C:\Documents and Settings\Gabino\Cookies\gabino@adrevolver[3].txt -> TrackingCookie.Adrevolver : Nettoyé. C:\Documents and Settings\Gabino\Cookies\gabino@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé. C:\Documents and Settings\Gabino\Cookies\gabino@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé. C:\Documents and Settings\Gabino\Cookies\gabino@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé. C:\Documents and Settings\Gabino\Cookies\gabino@fastclick[1].txt -> TrackingCookie.Fastclick : Nettoyé. C:\Documents and Settings\Gabino\Cookies\gabino@media.fastclick[1].txt -> TrackingCookie.Fastclick : Nettoyé. C:\Documents and Settings\Gabino\Cookies\gabino@findwhat[1].txt -> TrackingCookie.Findwhat : Nettoyé. C:\Documents and Settings\Gabino\Cookies\gabino@goclick[2].txt -> TrackingCookie.Goclick : Nettoyé. C:\Documents and Settings\Gabino\Cookies\gabino@ehg.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\Gabino\Cookies\gabino@hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\Gabino\Cookies\gabino@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé. C:\Documents and Settings\Gabino\Cookies\gabino@perf.overture[1].txt -> TrackingCookie.Overture : Nettoyé. C:\Documents and Settings\Gabino\Cookies\gabino@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé. C:\Documents and Settings\Gabino\Cookies\gabino@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé. C:\Documents and Settings\Gabino\Cookies\gabino@zedo[1].txt -> TrackingCookie.Zedo : Nettoyé. C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP279\A0052829.dll -> Trojan.Agent.vg : Nettoyé et sauvegardé (mise en quarantaine). C:\VundoFix Backups\winfzx32.dll.bad -> Trojan.Agent.vg : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP275\A0043664.exe -> Trojan.Dialer.rt : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP275\A0043680.exe -> Trojan.Dialer.rt : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP275\A0043697.exe -> Trojan.Dialer.rt : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP275\A0045701.exe -> Trojan.Dialer.rt : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP276\A0048725.exe -> Trojan.Dialer.rt : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{688B846D-54D8-4A0B-BDB5-70B8E736C8E2}\RP276\A0050725.exe -> Trojan.Dialer.rt : Nettoyé et sauvegardé (mise en quarantaine). Fin du rapport et le rapport Hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 21:55:48, on 01/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\WINDOWS\System32\hphmon05.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe C:\Program Files\RF Wireless Mouse\cm20.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\eMule\2\emule.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\PROGRA~1\Wanadoo\Watch.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\Gabino\LOCALS~1\Temp\Rar$EX00.250\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [start RF Wireless Mouse] C:\Program Files\RF Wireless Mouse\cm20.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\2\emule.exe -AutoStart O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q304&bd=presario&pf=laptop O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe a plus!
- le 1 février 2007
- 13 réponses
Besoin d'aide VIRUS SERWAB

jaimito074 a répondu à un(e) sujet de jaimito074 dans Analyses et éradication malwares

Bonsoir, Voici le rapport Jotti du dossier x2.64.exe : Service load: 0% 100% File: x2.64.exe Status: OK(Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) MD5 ce6975d1530ef9239b33d05d4ace1448 Packers detected: PE_PATCH, UPX Scan taken on 30 Jan 2007 18:58:57 (GMT) AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing VirusBuster Found nothing VBA32 Found nothing Pour le dossier cef7a065984e027d61d7f8864ae848, j'ai un fichier voici le rapport Jotti: Service load: 0% 100% File: msxml4-KB927978-enu.log Status: OK MD5 33b878dc69dd1bc9c34979f5e0066b57 Packers detected: - Scan taken on 30 Jan 2007 19:05:30 (GMT) AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing VirusBuster Found nothing VBA32 Found nothing A plus!
- le 30 janvier 2007
- 13 réponses
Besoin d'aide VIRUS SERWAB

jaimito074 a répondu à un(e) sujet de jaimito074 dans Analyses et éradication malwares

bonjour, je ne pourrais pas continuer cette semaine car j'attends une connexion ADSL pour Samedi ou lundi 05/02. J'ai constaté une amélioration depuis vos premiers conseils mais pour la suite je vous renverrai le rapport samedi ou lundi. En attendant la suite, je vous remercie de votre aide et a tres bientôt ! jaimito074
- le 29 janvier 2007
- 13 réponses
Besoin d'aide VIRUS SERWAB

jaimito074 a répondu à un(e) sujet de jaimito074 dans Analyses et éradication malwares

Bonjour, Voici le rapport VundoFix: VundoFix V6.3.4 Checking Java version... Java version is 1.4.2.3 Scan started at 18:38:05 28/01/2007 Listing files found while scanning.... C:\WINDOWS\system32\npqss.bak1 C:\WINDOWS\system32\npqss.ini C:\WINDOWS\system32\npqss.ini2 C:\WINDOWS\system32\npqss.tmp C:\WINDOWS\system32\opnnlmn.dll C:\WINDOWS\system32\ssqpn.dll C:\WINDOWS\system32\winfzx32.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\npqss.bak1 C:\WINDOWS\system32\npqss.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\npqss.ini C:\WINDOWS\system32\npqss.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\npqss.ini2 C:\WINDOWS\system32\npqss.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\npqss.tmp C:\WINDOWS\system32\npqss.tmp Has been deleted! Attempting to delete C:\WINDOWS\system32\opnnlmn.dll C:\WINDOWS\system32\opnnlmn.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\ssqpn.dll C:\WINDOWS\system32\ssqpn.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\winfzx32.dll C:\WINDOWS\system32\winfzx32.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.3.4 Checking Java version... Java version is 1.4.2.3 Scan started at 18:53:36 28/01/2007 Listing files found while scanning.... C:\WINDOWS\system32\opnnlmn.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\opnnlmn.dll C:\WINDOWS\system32\opnnlmn.dll Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Beginning removal... Attempting to delete C:\WINDOWS\system32\drvvas.dll C:\WINDOWS\system32\drvvas.dll Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Performing Repairs to the registry. Done! Beginning removal... Performing Repairs to the registry. Done! Le rapport ADD more files : C:\Documents and Settings\Gabino\Local Settings\Application Data\zvnsajn.dll C:\Documents and Settings\Gabino\Local Settings\Application Data\zvnsajn.dll Le rapport combofix: "Gabino" - 07-01-28 21:39:43 Service Pack 2 ComboFix 07-01-25 - Running from: "C:\Documents and Settings\Gabino\Mes documents\VIRUS" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Folders Quarantined: C:\qoobox\purity\WINDOWS\PPPATC~1 C:\qoobox\purity\WINDOWS\PPPATC~1\?ppPatch C:\qoobox\purity\WINDOWS\PPPATC~1\?ppPatch\ctxad-539.0000 ((((((((((((((((((((((((((((((( Files Created from 2006-12-28 to 2007-01-28 )))))))))))))))))))))))))))))))))) 2007-01-28 20:26 <REP> d-------- C:\WINDOWS\erdnt 2007-01-28 18:38 <REP> d-------- C:\VundoFix Backups 2007-01-28 09:21 <REP> d-------- C:\!KillBox 2007-01-27 09:08 95,232 --a------ C:\WINDOWS\system32\zvnsajn.dll 2007-01-27 09:06 8,704 --a------ C:\WINDOWS\system32\v6.exe 2007-01-25 18:10 <REP> d-------- C:\DOCUME~1\Gabino\Application Data\Media Player Classic 2007-01-25 18:09 73,728 --a------ C:\WINDOWS\system32\dpl100.dll 2007-01-25 18:09 635,486 --a------ C:\WINDOWS\system32\divx.dll 2007-01-25 18:09 5,120 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-01-25 18:09 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2007-01-25 18:09 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2007-01-25 18:09 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-01-25 18:09 217,088 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-01-25 18:09 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-01-25 18:09 196,608 --a------ C:\WINDOWS\system32\dtu100.dll 2007-01-25 18:09 1,415,680 --a------ C:\WINDOWS\system32\WMV9VCM.dll 2007-01-25 18:09 1,138,688 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-01-25 18:09 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-01-25 18:09 <REP> d-------- C:\Program Files\K-Lite Codec Pack 2007-01-23 21:29 <REP> d-------- C:\Program Files\Free iPod Video Converter 2007-01-22 19:22 845,312 --a------ C:\WINDOWS\system32\Smab.dll 2007-01-22 19:22 719,872 --a------ C:\WINDOWS\system32\devil.dll 2007-01-22 19:22 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll 2007-01-22 19:22 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll 2007-01-22 19:22 66,560 --a------ C:\WINDOWS\MOTA113.exe 2007-01-22 19:22 502,784 --a------ C:\WINDOWS\x2.64.exe 2007-01-22 19:22 306,688 --a------ C:\WINDOWS\system32\avisynth.dll 2007-01-22 19:22 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll 2007-01-22 19:22 240,128 --a------ C:\WINDOWS\system32\x.264.exe 2007-01-22 19:22 217,073 --a------ C:\WINDOWS\meta4.exe 2007-01-22 19:22 <REP> d-------- C:\WINDOWS\system32\ShellDHCP 2007-01-22 19:22 <REP> d-------- C:\Program Files\AviSynth 2.5 2007-01-22 19:14 <REP> d-------- C:\Program Files\SUPER 2007-01-21 21:27 1,127,307 --a------ C:\wrar362fr.exe 2007-01-21 12:19 356,352 --a------ C:\WINDOWS\eSellerateEngine.dll 2007-01-21 11:37 <REP> d-------- C:\Program Files\MegaPEG Demo 2007-01-16 21:42 <REP> d-------- C:\DOCUME~1\Gabino\Application Data\MPEG Streamclip 2007-01-16 18:21 <REP> d-------- C:\Program Files\BitDownload 2007-01-16 18:21 <REP> d-------- C:\My Downloads 2007-01-16 18:21 <REP> d-------- C:\DOCUME~1\Gabino\Application Data\BitDownload 2007-01-16 18:18 434,252 --a------ C:\WINDOWS\system32\Msvcrtd.dll 2007-01-10 22:39 <REP> d-------- C:\Program Files\MSXML 4.0 2007-01-10 22:38 <REP> d-------- C:\cef7a065984e027d61d7f8864ae848 2007-01-10 22:18 <REP> d-------- C:\Program Files\vso 2007-01-10 22:09 2,496,707 --a------ C:\vsoDivxToDVD_free_setup.exe (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-01-28 11:01 -------- d-------- C:\Program Files\wanadoo 2007-01-27 15:34 -------- d-------- C:\Program Files\norton antivirus 2007-01-25 18:08 -------- d-------- C:\Program Files\morgan 2007-01-25 18:08 -------- d-------- C:\Program Files\divx 2006-12-28 23:15 -------- d-------- C:\DOCUME~1\Gabino\Application Data\apple computer 2006-12-27 19:21 -------- d-------- C:\Program Files\itunes 2006-12-27 19:21 -------- d-------- C:\Program Files\ipod 2006-12-27 19:19 -------- d-------- C:\Program Files\quicktime 2006-12-27 19:17 -------- d-------- C:\Program Files\apple software update 2006-12-27 19:14 36808256 --a------ C:\iTunesSetup.exe 2006-12-16 09:44 -------- d-------- C:\DOCUME~1\Gabino\Application Data\google 2006-12-15 21:46 -------- d-------- C:\Program Files\google 2006-12-15 21:38 -------- d-------- C:\DOCUME~1\Gabino\Application Data\macromedia 2006-12-07 07:40 2362184 --a------ C:\WINDOWS\system32\wmvcore.dll 2006-12-03 16:35 66849 --a------ C:\Program Files\klcodec280f.exe 2006-11-08 06:07 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "RecordNow!"="" "Csrt"="\"C:\\WINDOWS\\PPPATC~1\\msconfig.exe\" -vt yazb" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "Apoint"="C:\\Program Files\\Apoint2K\\Apoint.exe" "AGRSMMSG"="AGRSMMSG.exe" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start" "UpdateManager"="\"C:\\Program Files\\Fichiers communs\\Sonic\\Update Manager\\sgtray.exe\" /r" "HPHUPD05"="c:\\Program Files\\Hewlett-Packard\\{45B6180B-DCAB-4093-8EE8-6164457517F0}\\hphupd05.exe" "HP Software Update"="\"c:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd.exe\"" "HPHmon05"="C:\\WINDOWS\\System32\\hphmon05.exe" "ccApp"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe\"" "Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe" "HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb08.exe" "Start RF Wireless Mouse"="C:\\Program Files\\RF Wireless Mouse\\cm20.exe" "WOOWATCH"="C:\\PROGRA~1\\Wanadoo\\Watch.exe" "WOOTASKBARICON"="C:\\PROGRA~1\\Wanadoo\\TaskbarIcon.exe" "TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "syswin"="C:\\WINDOWS\\system32\\v6.exe" "zvnsajn.dll"="C:\\WINDOWS\\system32\\rundll32.exe \"C:\\Documents and Settings\\Gabino\\Local Settings\\Application Data\\zvnsajn.dll\",uubbrte" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{79FA17CE-E3F8-4986-B64B-5D08DCFF49F4}"="" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\ NetworkService REG_MULTI_SZ DnsCache\ rpcss REG_MULTI_SZ RpcSs\ imgsvc REG_MULTI_SZ StiSvc\ termsvcs REG_MULTI_SZ TermService\ HTTPFilter REG_MULTI_SZ HTTPFilter\ DcomLaunch REG_MULTI_SZ DcomLaunchTermService\ Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\At1.job C:\WINDOWS\tasks\Norton AntiVirus - Analyser mon ordinateur - Gabino.job C:\WINDOWS\tasks\Symantec NetDetect.job Completion time: 07-01-28 21:42:57 C:\ComboFix2.txt ... 07-01-28 20:29 Le nouveau rapport Hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 21:49:02, on 28/01/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\WINDOWS\System32\hphmon05.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe C:\Program Files\RF Wireless Mouse\cm20.exe C:\PROGRA~1\Wanadoo\TaskbarIcon.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\v6.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\Gabino\LOCALS~1\Temp\Rar$EX00.063\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2B6D0BDB-8A87-42C4-9833-4F95C8511BEC} - C:\WINDOWS\system32\ssqpn.dll (file missing) O2 - BHO: (no name) - {653A9B7E-B308-9B0F-0DB5-07812347E54A} - C:\WINDOWS\system32\rcvvcei.dll (file missing) O2 - BHO: (no name) - {79FA17CE-E3F8-4986-B64B-5D08DCFF49F4} - C:\WINDOWS\system32\opnnlmn.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [start RF Wireless Mouse] C:\Program Files\RF Wireless Mouse\cm20.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [syswin] C:\WINDOWS\system32\v6.exe O4 - HKLM\..\Run: [zvnsajn.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Gabino\Local Settings\Application Data\zvnsajn.dll",uubbrte O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Csrt] "C:\WINDOWS\PPPATC~1\msconfig.exe" -vt yazb O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q304&bd=presario&pf=laptop O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
- le 29 janvier 2007
- 13 réponses
Besoin d'aide VIRUS SERWAB

jaimito074 a répondu à un(e) sujet de jaimito074 dans Analyses et éradication malwares

Pour le rapport Vundofix, j'ai toujours le précendent, il y un fichier texte appelé add more fiiles qui est apparu: C:\Documents and Settings\Gabino\Local Settings\Application Data\zvnsajn.dll C:\Documents and Settings\Gabino\Local Settings\Application Data\zvnsajn.dll Le rapport Combofix: "Gabino" - 07-01-28 20:23:33 Service Pack 2 ComboFix 07-01-25 - Running from: "C:\Documents and Settings\Gabino\Mes documents" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\Fichiers communs\Yazzle1162OinUninstaller.exe C:\WINDOWS\system32\unsvchosts.lzma C:\WINDOWS\Downloaded Program Files\rave C:\Program Files\Fichiers communs\{30192~1 C:\WINDOWS\system32\svchosts.exe C:\Program Files\Fichiers communs\{10192~1 ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Folders Quarantined: C:\qoobox\purity\WINDOWS\PPPATC~1 C:\qoobox\purity\WINDOWS\PPPATC~1\?ppPatch C:\qoobox\purity\WINDOWS\PPPATC~1\?ppPatch\ctxad-539.0000 ((((((((((((((((((((((((((((((( Files Created from 2006-12-28 to 2007-01-28 )))))))))))))))))))))))))))))))))) 2007-01-28 20:26 <REP> d-------- C:\WINDOWS\erdnt 2007-01-28 18:38 <REP> d-------- C:\VundoFix Backups 2007-01-28 09:21 <REP> d-------- C:\!KillBox 2007-01-27 09:08 95,232 --a------ C:\WINDOWS\system32\zvnsajn.dll 2007-01-27 09:06 8,704 --a------ C:\WINDOWS\system32\v6.exe 2007-01-25 18:10 <REP> d-------- C:\DOCUME~1\Gabino\Application Data\Media Player Classic 2007-01-25 18:09 73,728 --a------ C:\WINDOWS\system32\dpl100.dll 2007-01-25 18:09 635,486 --a------ C:\WINDOWS\system32\divx.dll 2007-01-25 18:09 5,120 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-01-25 18:09 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2007-01-25 18:09 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2007-01-25 18:09 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-01-25 18:09 217,088 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-01-25 18:09 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-01-25 18:09 196,608 --a------ C:\WINDOWS\system32\dtu100.dll 2007-01-25 18:09 1,415,680 --a------ C:\WINDOWS\system32\WMV9VCM.dll 2007-01-25 18:09 1,138,688 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-01-25 18:09 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-01-25 18:09 <REP> d-------- C:\Program Files\K-Lite Codec Pack 2007-01-23 21:29 <REP> d-------- C:\Program Files\Free iPod Video Converter 2007-01-22 19:22 845,312 --a------ C:\WINDOWS\system32\Smab.dll 2007-01-22 19:22 719,872 --a------ C:\WINDOWS\system32\devil.dll 2007-01-22 19:22 70,656 --a------ C:\WINDOWS\system32\yv12vfw.dll 2007-01-22 19:22 70,656 --a------ C:\WINDOWS\system32\i420vfw.dll 2007-01-22 19:22 66,560 --a------ C:\WINDOWS\MOTA113.exe 2007-01-22 19:22 502,784 --a------ C:\WINDOWS\x2.64.exe 2007-01-22 19:22 306,688 --a------ C:\WINDOWS\system32\avisynth.dll 2007-01-22 19:22 27,648 --a------ C:\WINDOWS\system32\AVSredirect.dll 2007-01-22 19:22 240,128 --a------ C:\WINDOWS\system32\x.264.exe 2007-01-22 19:22 217,073 --a------ C:\WINDOWS\meta4.exe 2007-01-22 19:22 <REP> d-------- C:\WINDOWS\system32\ShellDHCP 2007-01-22 19:22 <REP> d-------- C:\Program Files\AviSynth 2.5 2007-01-22 19:14 <REP> d-------- C:\Program Files\SUPER 2007-01-21 21:27 1,127,307 --a------ C:\wrar362fr.exe 2007-01-21 12:19 356,352 --a------ C:\WINDOWS\eSellerateEngine.dll 2007-01-21 11:37 <REP> d-------- C:\Program Files\MegaPEG Demo 2007-01-16 21:42 <REP> d-------- C:\DOCUME~1\Gabino\Application Data\MPEG Streamclip 2007-01-16 18:21 <REP> d-------- C:\Program Files\BitDownload 2007-01-16 18:21 <REP> d-------- C:\My Downloads 2007-01-16 18:21 <REP> d-------- C:\DOCUME~1\Gabino\Application Data\BitDownload 2007-01-16 18:18 434,252 --a------ C:\WINDOWS\system32\Msvcrtd.dll 2007-01-10 22:39 <REP> d-------- C:\Program Files\MSXML 4.0 2007-01-10 22:38 <REP> d-------- C:\cef7a065984e027d61d7f8864ae848 2007-01-10 22:18 <REP> d-------- C:\Program Files\vso 2007-01-10 22:09 2,496,707 --a------ C:\vsoDivxToDVD_free_setup.exe (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) Le Rapport Hijackthis: Logfile of HijackThis v1.99.1 Scan saved at 20:31:36, on 28/01/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\WINDOWS\System32\hphmon05.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe C:\Program Files\RF Wireless Mouse\cm20.exe C:\PROGRA~1\Wanadoo\TaskbarIcon.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\v6.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\Gabino\LOCALS~1\Temp\Rar$EX00.359\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2B6D0BDB-8A87-42C4-9833-4F95C8511BEC} - C:\WINDOWS\system32\ssqpn.dll (file missing) O2 - BHO: (no name) - {653A9B7E-B308-9B0F-0DB5-07812347E54A} - C:\WINDOWS\system32\rcvvcei.dll (file missing) O2 - BHO: (no name) - {79FA17CE-E3F8-4986-B64B-5D08DCFF49F4} - C:\WINDOWS\system32\opnnlmn.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [start RF Wireless Mouse] C:\Program Files\RF Wireless Mouse\cm20.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [syswin] C:\WINDOWS\system32\v6.exe O4 - HKLM\..\Run: [zvnsajn.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Gabino\Local Settings\Application Data\zvnsajn.dll",uubbrte O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Csrt] "C:\WINDOWS\PPPATC~1\msconfig.exe" -vt yazb O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q304&bd=presario&pf=laptop O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
- le 28 janvier 2007
- 13 réponses
Besoin d'aide VIRUS SERWAB

jaimito074 a répondu à un(e) sujet de jaimito074 dans Analyses et éradication malwares

Voici le rapport Blacklight: 01/28/07 18:10:28 [info]: BlackLight Engine 1.0.55 initialized 01/28/07 18:10:28 [info]: OS: 5.1 build 2600 (Service Pack 2) 01/28/07 18:10:28 [Note]: 7019 4 01/28/07 18:10:28 [Note]: 7005 0 01/28/07 18:10:38 [Note]: 7006 0 01/28/07 18:10:38 [Note]: 7011 3684 01/28/07 18:10:38 [Note]: 7026 0 01/28/07 18:10:38 [Note]: 7026 0 01/28/07 18:10:50 [Note]: FSRAW library version 1.7.1021 01/28/07 18:21:12 [Note]: 4013 29343 01/28/07 18:21:12 [Note]: 4020 3796 131072 01/28/07 18:21:12 [Note]: 4018 3796 131072 01/28/07 18:21:12 [Note]: 4013 31528 01/28/07 18:21:12 [Note]: 4020 3796 131072 01/28/07 18:21:12 [Note]: 4018 3796 131072 01/28/07 18:21:12 [Note]: 4013 29343 01/28/07 18:21:12 [Note]: 4020 3796 131072 01/28/07 18:21:12 [Note]: 4018 3796 131072 01/28/07 18:21:12 [Note]: 4013 31528 01/28/07 18:21:12 [Note]: 4020 3796 131072 01/28/07 18:21:12 [Note]: 4018 3796 131072 01/28/07 18:21:39 [Note]: 4013 31528 01/28/07 18:21:39 [Note]: 4020 3796 131072 01/28/07 18:21:39 [Note]: 4018 3796 131072 01/28/07 18:21:39 [Note]: 4013 31528 01/28/07 18:21:39 [Note]: 4020 3796 131072 01/28/07 18:21:39 [Note]: 4018 3796 131072 01/28/07 18:22:14 [Note]: 2000 1012 01/28/07 18:34:43 [Note]: 7007 0 Voici le rapport VundoFix: VundoFix V6.3.4 Checking Java version... Java version is 1.4.2.3 Scan started at 18:38:05 28/01/2007 Listing files found while scanning.... C:\WINDOWS\system32\npqss.bak1 C:\WINDOWS\system32\npqss.ini C:\WINDOWS\system32\npqss.ini2 C:\WINDOWS\system32\npqss.tmp C:\WINDOWS\system32\opnnlmn.dll C:\WINDOWS\system32\ssqpn.dll C:\WINDOWS\system32\winfzx32.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\npqss.bak1 C:\WINDOWS\system32\npqss.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\npqss.ini C:\WINDOWS\system32\npqss.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\npqss.ini2 C:\WINDOWS\system32\npqss.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\npqss.tmp C:\WINDOWS\system32\npqss.tmp Has been deleted! Attempting to delete C:\WINDOWS\system32\opnnlmn.dll C:\WINDOWS\system32\opnnlmn.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\ssqpn.dll C:\WINDOWS\system32\ssqpn.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\winfzx32.dll C:\WINDOWS\system32\winfzx32.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.3.4 Checking Java version... Java version is 1.4.2.3 Scan started at 18:53:36 28/01/2007 Listing files found while scanning.... C:\WINDOWS\system32\opnnlmn.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\opnnlmn.dll C:\WINDOWS\system32\opnnlmn.dll Has been deleted! Performing Repairs to the registry. Done! Voici le nouveau rapport HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 19:10:59, on 28/01/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\svchosts.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\WINDOWS\System32\hphmon05.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe C:\Program Files\RF Wireless Mouse\cm20.exe C:\PROGRA~1\Wanadoo\TaskbarIcon.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\v6.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\Gabino\LOCALS~1\Temp\Rar$EX00.578\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2B6D0BDB-8A87-42C4-9833-4F95C8511BEC} - C:\WINDOWS\system32\ssqpn.dll (file missing) O2 - BHO: (no name) - {653A9B7E-B308-9B0F-0DB5-07812347E54A} - C:\WINDOWS\system32\rcvvcei.dll (file missing) O2 - BHO: (no name) - {79FA17CE-E3F8-4986-B64B-5D08DCFF49F4} - C:\WINDOWS\system32\opnnlmn.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{30192~1\Bar888.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{30192~1\Bar888.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [start RF Wireless Mouse] C:\Program Files\RF Wireless Mouse\cm20.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvvas.dll,startup O4 - HKLM\..\Run: [syswin] C:\WINDOWS\system32\v6.exe O4 - HKLM\..\Run: [zvnsajn.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Gabino\Local Settings\Application Data\zvnsajn.dll",uubbrte O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Csrt] "C:\WINDOWS\PPPATC~1\msconfig.exe" -vt yazb O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q304&bd=presario&pf=laptop O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing) O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe Merci pour ton aide!!
- le 28 janvier 2007
- 13 réponses
Besoin d'aide VIRUS SERWAB

jaimito074 a répondu à un(e) sujet de jaimito074 dans Analyses et éradication malwares

J'ai utilisé antivir voici le nouveau rapport HijacThis: Logfile of HijackThis v1.99.1 Scan saved at 16:43:16, on 28/01/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\svchosts.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\WINDOWS\System32\hphmon05.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe C:\Program Files\RF Wireless Mouse\cm20.exe C:\PROGRA~1\Wanadoo\TaskbarIcon.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\v6.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\Gabino\LOCALS~1\Temp\Rar$EX00.532\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{30192~1\Bar888.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [start RF Wireless Mouse] C:\Program Files\RF Wireless Mouse\cm20.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvvas.dll,startup O4 - HKLM\..\Run: [syswin] C:\WINDOWS\system32\v6.exe O4 - HKLM\..\Run: [zvnsajn.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Gabino\Local Settings\Application Data\zvnsajn.dll",uubbrte O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [uDial] C:\WINDOWS\system32/udial.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Csrt] "C:\WINDOWS\PPPATC~1\msconfig.exe" -vt yazb O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q304&bd=presario&pf=laptop O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing) O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe Je vous en prie aidez moi, mon pc marche de moins en moins
- le 28 janvier 2007
- 13 réponses
Besoin d'aide VIRUS SERWAB

jaimito074 a posté un sujet dans Analyses et éradication malwares

Bonjour, Mon PC est très lent et lorsque je le démarre s'affiche 1 message security warning: your computer may be infected with harmful or unwanted software. puis s'ouvre une fenêtre Spyware Detection Alert puis j'atteris sur une page www.amaena.com qui me suggère de télécharger Win Anti Virus Pro ( ce que j'ai fait). Vous trouverez ci joint le rapport HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 10:57:07, on 28/01/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\svchosts.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\WINDOWS\System32\hphmon05.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe C:\Program Files\RF Wireless Mouse\cm20.exe C:\PROGRA~1\Wanadoo\TaskbarIcon.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\v6.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\PPPATC~1\msconfig.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC08.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\Gabino\LOCALS~1\Temp\Rar$EX01.250\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{30192~1\Bar888.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [start RF Wireless Mouse] C:\Program Files\RF Wireless Mouse\cm20.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvvas.dll,startup O4 - HKLM\..\Run: [syswin] C:\WINDOWS\system32\v6.exe O4 - HKLM\..\Run: [zvnsajn.dll] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\Gabino\Local Settings\Application Data\zvnsajn.dll",uubbrte O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Csrt] "C:\WINDOWS\PPPATC~1\msconfig.exe" -vt yazb O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q304&bd=presario&pf=laptop O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing) O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe Merci de m'aider rapidement.
- le 28 janvier 2007
- 13 réponses

Connexion

jaimito074

Compteur de contenus

Inscription

Dernière visite

Autres informations

jaimito074's Achievements

Junior Member (3/12)

Réputation sur la communauté

Besoin d'aide VIRUS SERWAB

Besoin d'aide VIRUS SERWAB

Besoin d'aide VIRUS SERWAB

Besoin d'aide VIRUS SERWAB

Besoin d'aide VIRUS SERWAB

Besoin d'aide VIRUS SERWAB

Besoin d'aide VIRUS SERWAB

Besoin d'aide VIRUS SERWAB

Zebulon

Outils en ligne

Naviguer