Aller au contenu

Cleme

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    3

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par Cleme

  1. Cleme
    merci bcp Bruce Lee je colle le rapport ci-dessous: "Cl‚mence" - 2007-06-08 10:09:05 Service Pack 2 NTFS ComboFix 07-06-3B - Running from: "C:\Documents and Settings\Cl‚mence\Bureau\" ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) -- Purity Folders: C:\DOCUME~1\CLMENC~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\26WQ6YR9\www.broadcaster.com C:\DOCUME~1\CLMENC~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com C:\DOCUME~1\CLMENC~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol C:\DOCUME~1\CLMENC~1\APPLIC~1\Dxccwrd.dll C:\DOCUME~1\CLMENC~1\APPLIC~1\Dxcknwrd.dll C:\DOCUME~1\CLMENC~1\APPLIC~1\Dxcuknwrd.dll C:\DOCUME~1\LOCALS~1\APPLIC~1\netmon C:\DOCUME~1\LOCALS~1\APPLIC~1\netmon\domains.txt C:\DOCUME~1\LOCALS~1\APPLIC~1\netmon\log.txt C:\install.log C:\Program Files\Fichiers communs\{34685~1 C:\Program Files\Fichiers communs\{E4685~1 C:\Program Files\Fichiers communs\{E4685~1\Update.exe C:\Program Files\Fichiers communs\{E4685~2 C:\Program Files\Fichiers communs\{E4685~2\Update.exe C:\Program Files\inetget2 C:\Program Files\ipwindows C:\Program Files\ipwindows\ipwins.dll C:\Program Files\ipwindows\ipwins.exe C:\Program Files\ipwindows\UnInstall.exe C:\Program Files\network monitor C:\WINDOWS\MBOLS~1 C:\WINDOWS\NDNuninstall6_38.exe C:\WINDOWS\NDNuninstall7_48.exe C:\WINDOWS\SKS~1 C:\WINDOWS\system32\bund1 C:\WINDOWS\system32\bund1\ClientBundle1.exe C:\WINDOWS\system32\bund1\temp.txt C:\WINDOWS\system32\drivers\core.sys C:\WINDOWS\system32\p2pnetworking.exe C:\WINDOWS\system32\unsvchosts.exe C:\WINDOWS\uninstall_nmon.vbs ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_CLIENT_IP-IPX -------\LEGACY_CMDSERVICE -------\LEGACY_CORE -------\LEGACY_NETWORK_MONITOR -------\core ((((((((((((((((((((((((( Files Created from 2007-05-08 to 2007-06-08 ))))))))))))))))))))))))))))))) 2007-06-07 14:54 <REP> d-------- C:\VundoFix Backups 2007-06-05 19:49 <REP> d-------- C:\DOCUME~1\CLMENC~1\APPLIC~1\dvdcss 2007-06-05 15:56 <REP> d-------- C:\Program Files\Lavasoft 2007-06-05 15:55 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-06-05 15:42 0 --a------ C:\WINDOWS\system32\iAlmcoin.dll 2007-05-08 19:55 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-05-08 19:55 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-05-08 19:55 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-05-08 19:55 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-05-08 19:55 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll 2007-05-08 19:55 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-05-08 19:55 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-05-08 19:55 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-05-08 19:55 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-05-08 19:55 <REP> d-------- C:\Program Files\Alwil Software 2007-05-08 19:06 <REP> d-------- C:\DOCUME~1\CLMENC~1\APPLIC~1\Lavasoft (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-05 20:33:28 -------- d-----w C:\DOCUME~1\CLMENC~1\APPLIC~1\Skype 2007-06-05 20:14:49 2 ----a-w C:\WINDOWS\system32\wintisv.exe 2007-06-05 20:13:47 -------- d-----w C:\Program Files\eMule 2007-06-03 08:02:15 -------- d-----w C:\Program Files\Windows Live Toolbar 2007-05-23 17:22:10 30,064 ----a-w C:\DOCUME~1\CLMENC~1\APPLIC~1\GDIPFONTCACHEV1.DAT 2007-05-07 17:52:44 -------- d-----r C:\DOCUME~1\CLMENC~1\APPLIC~1\Brother 2007-05-07 17:51:44 34 ----a-w C:\WINDOWS\system32\BD5240.DAT 2007-05-02 16:00:35 55,180 ----a-w C:\WINDOWS\system32\perfc00C.dat 2007-05-02 16:00:35 426,932 ----a-w C:\WINDOWS\system32\perfh00C.dat 2007-05-02 15:49:04 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys 2007-05-02 15:46:23 -------- d-----w C:\Program Files\Belkin 2007-05-02 15:46:07 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-04-28 12:55:22 -------- d-----w C:\Program Files\Skype 2007-04-28 12:55:21 -------- d-----w C:\Program Files\Fichiers communs\Skype 2007-04-23 02:28:16 -------- d-----w C:\Program Files\Pando Networks 2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-04-17 03:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll 2007-04-17 03:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll 2007-04-17 01:06:25 167 ----a-w C:\WINDOWS\system32\8778.bat 2007-04-17 01:05:31 8,464 ----a-w C:\WINDOWS\system32\sporder.dll 2007-04-17 01:05:17 93,509 ----a-w C:\WINDOWS\system32\install.exe 2007-04-17 01:04:51 41,792 ----a-w C:\WINDOWS\system32\app.exe 2007-04-17 01:04:02 32,768 ----a-w C:\WINDOWS\system32\setup9x.exe 2007-04-17 01:03:51 0 -c--a-w C:\WINDOWS\system32\taskkill.exe 2007-04-17 01:01:43 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll 2007-03-17 13:44:47 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-08 15:37:50 578,560 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:37:50 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:37:50 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 15:33:58 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys 2005-07-29 14:24:26 472 --sha-r C:\WINDOWS\Q2zpbWVuY2U\kZWDvqpRsZo.vbs ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-14 18:47] {18B7A234-36D4-4C5E-A53D-6FE33C93A99C}=C:\WINDOWS\system32\oixq.dll [] {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 06:29] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 15:56] {BDF3E430-B101-42AD-A544-FADC6B084872}=C:\Program Files\Norton AntiVirus\NavShExt.dll [2003-12-04 13:08] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CeEPOWER"="C:\Program Files\TOSHIBA\Power Management\CePMTray.exe" [2003-07-23 11:03] "helpr"="C:\Program Files\SETI\helper.exe" [] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-12 21:48] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 10:42] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 18:09] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] "FFTI"=C:\Documents and Settings\Clémence\Application Data\Mozilla\Firefox\Profiles\sk57xb4r.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Clémence\Application Data\Mozilla\Firefox\Profiles/sk57xb4r.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] C:\Program Files\Apoint2K\Apoint.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPLDBL10] C:\Program Files\EzButton\CPLDBL10.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe] NDSTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rmtt] "C:\WINDOWS\MANTEC~1\fast.exe" -vt ndrv [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rzvltk] "C:\Documents and Settings\Clémence\Mes documents\??crosoft\m?dtc.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trickler] "c:\documents and settings\clémence\local settings\temp\~vis0000\gain_3202.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Messenger"=2 (0x2) HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs* Contents of the 'Scheduled Tasks' folder 2007-06-08 15:15:23 C:\WINDOWS\tasks\Symantec NetDetect.job 2007-06-08 14:35:02 C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job ************************************************************************** catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-08 10:15:52 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-06-08 10:18:03 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-06-08 10:17 --- E O F --- cleme
  2. Cleme
    Merci Bruce Lee Je te mets le rapport de VundoFix: VundoFix V6.4.2 Checking Java version... Java version is 1.5.0.3 Old versions of java are exploitable and should be removed. Scan started at 14:54:24 07/06/2007 Listing files found while scanning.... No infected files were found. Beginning removal... et le rapport de Hijackthis: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 15:05:42, on 07/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\TOSHIBA\Power Management\CePMTray.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\WINDOWS\system32\wltray.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Fichiers communs\{E4685505-0A25-1036-1031-030512200021}\Update.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\Program Files\HijackThis\HiJackThis_v2.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache.pasteur.fr:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = pasteur.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {18B7A234-36D4-4C5E-A53D-6FE33C93A99C} - C:\WINDOWS\system32\oixq.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe O4 - HKLM\..\Run: [helpr] C:\Program Files\SETI\helper.exe -loader -nolog O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [bantool] C:\WINDOWS\system32\micro1\b9.exe O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [update] C:\Program Files\AntiVir PersonalEdition Classic\preupd.exe /CALLSCHEDULER /DM="0" /CALLSCHEDULER O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Clémence\Application Data\Mozilla\Firefox\Profiles\sk57xb4r.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Clémence\Application Data\Mozilla\Firefox\Profiles/sk57xb4r.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}" O4 - HKCU\..\Policies\Explorer\Run: [{E4685505-0A25-1036-1031-030512200021}] "C:\Program Files\Fichiers communs\{E4685505-0A25-1036-1031-030512200021}\Update.exe" mc-110-12-0000137 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{E4685505-0A25-1036-1031-030512200021}] "C:\Program Files\Fichiers communs\{E4685505-0A25-1036-1031-030512200021}\Update.exe" mc-110-12-0000137 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{E4685505-0A25-1036-1031-030512200021}] "C:\Program Files\Fichiers communs\{E4685505-0A25-1036-1031-030512200021}\Update.exe" mc-110-12-0000137 (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?ad5552d1823541febdbdedb796797810 O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?ad5552d1823541febdbdedb796797810 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe -- End of file - 9511 bytes Encore merci!!! cleme
  3. Cleme
    hola tout le monde Moi aussi je n'en peux plus de toutes ces fenêtres qui s'ouvrent sans arrêt!!!!!!!! J'ai suivie les procedures indiquées sur dans le forum. J'envoie donc mon rapport HijackThis: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 19:00:08, on 06/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\TOSHIBA\Power Management\CePMTray.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\WINDOWS\system32\wltray.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Fichiers communs\{E4685505-0A25-1036-1031-030512200021}\Update.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HijackThis\HiJackThis_v2.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache.pasteur.fr:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = pasteur.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {18B7A234-36D4-4C5E-A53D-6FE33C93A99C} - C:\WINDOWS\system32\oixq.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe O4 - HKLM\..\Run: [helpr] C:\Program Files\SETI\helper.exe -loader -nolog O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [bantool] C:\WINDOWS\system32\micro1\b9.exe O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [update] C:\Program Files\AntiVir PersonalEdition Classic\preupd.exe /CALLSCHEDULER /DM="0" /CALLSCHEDULER O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Clémence\Application Data\Mozilla\Firefox\Profiles\sk57xb4r.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Clémence\Application Data\Mozilla\Firefox\Profiles/sk57xb4r.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}" O4 - HKCU\..\Policies\Explorer\Run: [{E4685505-0A25-1036-1031-030512200021}] "C:\Program Files\Fichiers communs\{E4685505-0A25-1036-1031-030512200021}\Update.exe" mc-110-12-0000137 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{E4685505-0A25-1036-1031-030512200021}] "C:\Program Files\Fichiers communs\{E4685505-0A25-1036-1031-030512200021}\Update.exe" mc-110-12-0000137 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{E4685505-0A25-1036-1031-030512200021}] "C:\Program Files\Fichiers communs\{E4685505-0A25-1036-1031-030512200021}\Update.exe" mc-110-12-0000137 (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?ad5552d1823541febdbdedb796797810 O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?ad5552d1823541febdbdedb796797810 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe -- End of file - 9498 bytes voilà j'espère que c'est pas trop grave Merci beaucoup pour votre aide Clemence
×
×
  • Créer...