timvg

Membres

Afficher le profil Afficher son activité

Compteur de contenus
7
Inscription
le 10 juin 2007
Dernière visite
le 24 juin 2007

timvg's Achievements

Junior Member (3/12)

Réputation sur la communauté

infecté par rajump, vundo, infostealer... tout essayé!

timvg a répondu à un(e) sujet de timvg dans Analyses et éradication malwares

salut, voici le log combo suivi de celui d'hijackthis là j'ai mon par feu (xp) qui me demande si il doit bloquer ou pas des programme (messenger...) je commence à en avoir trop marre Et merci encore de l'aide... ComboFix 07-06-13.3 - C:\Documents and Settings\UTILISATEUR1\Bureau\ComboFix.exe "UTILISATEUR1" - 2007-06-16 9:50:37 - Service Pack 2 NTFS [sAFE MODE] ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\install.log C:\WINDOWS\icroso~1.net C:\WINDOWS\wr.txt ((((((((((((((((((((((((( Files Created from 2007-05-16 to 2007-06-16 ))))))))))))))))))))))))))))))) 2007-06-16 09:50 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-14 22:23 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft 2007-06-11 23:14 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-06-11 23:12 <REP> d-------- C:\Program Files\Navilog1 2007-06-10 23:32 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-06-10 23:26 <REP> d-------- C:\Program Files\avg antispy 2007-06-10 14:34 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys 2007-06-10 14:31 92,064 --a------ C:\DOCUME~1\UTILIS~1\mqdmmdm.sys 2007-06-10 14:31 9,232 --a------ C:\DOCUME~1\UTILIS~1\mqdmmdfl.sys 2007-06-10 14:31 79,328 --a------ C:\DOCUME~1\UTILIS~1\mqdmserd.sys 2007-06-10 14:31 66,656 --a------ C:\DOCUME~1\UTILIS~1\mqdmbus.sys 2007-06-10 14:31 6,208 --a------ C:\DOCUME~1\UTILIS~1\mqdmcmnt.sys 2007-06-10 14:31 5,936 --a------ C:\DOCUME~1\UTILIS~1\mqdmwhnt.sys 2007-06-10 14:31 4,048 --a------ C:\DOCUME~1\UTILIS~1\mqdmcr.sys 2007-06-10 14:31 25,600 --a------ C:\DOCUME~1\UTILIS~1\usbsermptxp.sys 2007-06-10 14:31 22,768 --a------ C:\DOCUME~1\UTILIS~1\usbsermpt.sys 2007-06-09 14:27 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic 2007-06-09 14:24 <REP> d-------- C:\Program Files\antivir 2007-06-09 11:18 <REP> d-------- C:\WINDOWS\BDOSCAN8 2007-06-06 18:15 <REP> d-------- C:\hijackthis 2007-06-04 15:18 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys 2007-06-04 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-06-04 15:14 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys 2007-05-29 15:15 <REP> d-------- C:\VundoFix Backups 2007-05-29 12:51 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-05-28 22:19 <REP> d-------- C:\Program Files\a-squared Free 2007-05-21 21:23 <REP> d-------- C:\Program Files\SJphone 1.65 2007-05-21 21:22 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-05-19 15:37 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2007-05-17 10:00 <REP> d-------- C:\DOCUME~1\UTILIS~1\.housecall6.6 2007-05-17 09:48 <REP> d-------- C:\WINDOWS\system32\ActiveScan 2007-05-16 08:19 645,866 --------- C:\WINDOWS\system32\uxadd.bak1 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-16 07:46:32 -------- d-----w C:\DOCUME~1\UTILIS~1\APPLIC~1\Wallpaper 2007-06-15 15:22:18 -------- d-----w C:\Program Files\Windows Live Safety Center 2007-06-15 06:56:05 -------- d-----w C:\Program Files\ad aware 2007-06-14 20:23:11 -------- d-----w C:\DOCUME~1\UTILIS~1\APPLIC~1\Lavasoft 2007-06-14 10:33:13 -------- d-----w C:\Program Files\Fichiers communs\Roxio Shared 2007-06-14 10:33:13 -------- d-----w C:\DOCUME~1\UTILIS~1\APPLIC~1\Roxio 2007-06-11 13:49:57 -------- d-----w C:\Program Files\Windows Journal 2007-06-11 13:48:13 -------- d-----w C:\Program Files\SSC 2007-06-11 13:47:55 -------- d-----w C:\Program Files\Savvy TV 2007-06-11 13:47:24 -------- d-----w C:\Program Files\Nokia Digital Pen 2007-06-11 13:47:19 -------- d-----w C:\Program Files\NavNT 2007-06-11 13:47:16 -------- d-----w C:\Program Files\MSN Messenger 2007-06-11 13:41:23 -------- d-----w C:\Program Files\Apoint2K 2007-06-10 13:35:56 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-05-30 19:52:07 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll 2007-05-21 19:22:31 -------- d-----w C:\Program Files\free 2007-05-17 16:08:38 -------- d-----w C:\Program Files\ulead 2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-15 17:16:31 -------- d-----w C:\Program Files\Fichiers communs\Ulead Systems 2007-05-13 19:16:07 -------- d-----w C:\DOCUME~1\UTILIS~1\APPLIC~1\Media Player Classic 2007-05-13 19:12:48 -------- d-----w C:\Program Files\codec 2007-05-13 19:12:48 -------- d-----w C:\DOCUME~1\UTILIS~1\APPLIC~1\Apple Computer 2007-05-13 19:11:38 -------- d-----w C:\Program Files\Fichiers communs\Real 2007-05-13 19:10:52 -------- d-----w C:\DOCUME~1\UTILIS~1\APPLIC~1\Real 2007-05-13 19:09:40 -------- d-----w C:\Program Files\quicktime 2007-05-13 19:03:00 -------- d-----w C:\Program Files\xvid 2007-05-13 18:49:49 -------- d-----w C:\Program Files\DivX 2007-05-13 09:44:08 -------- d-----w C:\Program Files\IrfanView 2007-05-11 17:54:15 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-05-11 04:37:15 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2007-05-11 04:37:15 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2007-05-11 04:37:15 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2007-05-11 04:37:15 740,442 ----a-w C:\WINDOWS\system32\DivX.dll 2007-04-25 14:22:35 144,896 ------w C:\WINDOWS\system32\schannel.dll 2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-04-23 00:02:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe 2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-13 13:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe 2007-03-25 08:22:44 468,728 ----a-w C:\WINDOWS\system32\perfh00C.dat 2007-03-25 08:22:43 75,704 ----a-w C:\WINDOWS\system32\perfc00C.dat 2007-03-17 13:44:47 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] {83B80A9C-D91A-4F22-8DCF-EA7204039F79}=C:\Program Files\net transport\NetXfer\NXIEHelper.dll [2006-09-25 06:22] {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-17 13:32] {AC2E8306-D24E-4082-8669-7781499F4E03}=C:\PROGRA~1\EVERYT~1.1\everycom.dll [] {B78D2BC2-76AA-4B1A-A207-BEA15773050D}=C:\WINDOWS\system32\urqppop.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TabletTip"="C:\Program Files\Fichiers communs\microsoft shared\ink\tabtip.exe" [2004-08-20 01:10] "AuditMode"="C:\sysprep\factory.exe" [] "GhostStartTrayApp"="C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2002-08-19 12:58] "AGRSMMSG"="AGRSMMSG.exe" [2002-11-21 16:17 C:\WINDOWS\AGRSMMSG.exe] "@"="" [] "FjEvents"="C:\Program Files\Fujitsu\Utils\fjevents.exe" [2003-07-28 11:22] "FjDspMon"="C:\Program Files\Fujitsu\Utils\FjDspMon.exe" [2003-07-28 11:20] "Fujitsu Menu"="C:\Program Files\Fujitsu\Utils\FjMnuIco.exe" [2003-07-28 11:24] "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-06-17 15:55] "SoundMan"="SOUNDMAN.EXE" [2003-03-27 11:34 C:\WINDOWS\SOUNDMAN.EXE] "Logitech Pen TrayIcon Server"="C:\Program Files\Logitech\ioSoftware\LPTrySvr.exe" [2002-10-03 11:28] "vptray"="C:\Program Files\NavNT\vptray.exe" [2001-09-26 18:06] "Savvy DTV Service"="C:\Program Files\Savvy TV\DTV Service.exe" [2006-05-29 23:35] "UVS10 Preload"="C:\Program Files\ulead\Ulead VideoStudio 10\uvPL.exe" [2006-03-07 00:52] "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35] "!AVG Anti-Spyware"="C:\Program Files\avg antispy\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-14 15:59] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55] "Wallpaper"="C:\Documents and Settings\UTILISATEUR1\Bureau\tim\ap\Wallpaper.exe" [2006-05-22 19:17] "Oemo"="C:\WINDOWS\ICROSO~1.NET\dexplore.exe" [] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "AllowLegacyWebView"=1 (0x1) "RevertWebViewSecurity"=1 (0x1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B78D2BC2-76AA-4B1A-A207-BEA15773050D}"="C:\WINDOWS\system32\urqppop.dll" [] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\avg antispy\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 14:29] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey] C:\Program Files\Fichiers communs\Microsoft Shared\Ink\loginkey.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL] TabBtnWL.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify] tpgwlnot.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Pen Docking Engine Server] C:\Program Files\Fichiers communs\Anoto\DockingEngine.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] AutoRun\command- F:\ReadMe.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{283cd3de-9853-11db-af75-000423812a97}] Auto\command- AdobeR.exe e AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b91d694-cbe4-11db-afe7-000423812a97}] AutoRun\command- F:\ReadMe.exe ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-16 09:55:35 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** Completion time: 2007-06-16 9:56:26 C:\ComboFix-quarantined-files.txt ... 2007-06-16 09:56 --- E O F --- Logfile of HijackThis v1.99.1 Scan saved at 18:07:13, on 17/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Microsoft Shared\Ink\KeyboardSurrogate.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\ad aware\aawservice.exe C:\Program Files\Fichiers communs\Anoto\2.0\caspar.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\avg antispy\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\NavNT\defwatch.exe C:\WINDOWS\System32\digtizer.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe C:\WINDOWS\system32\cba\pds.exe C:\Program Files\NavNT\rtvscan.exe C:\Program Files\SSC\NSCTOP.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\ams_ii\hndlrsvc.exe C:\WINDOWS\system32\MsgSys.EXE C:\WINDOWS\system32\cba\xfr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\WISPTIS.EXE C:\WINDOWS\System32\tabbtnu.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\Microsoft Shared\Ink\TCServer.exe C:\Program Files\Fichiers communs\Microsoft Shared\Ink\TabTip.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Fujitsu\Utils\fjevents.exe C:\Program Files\Fujitsu\Utils\FjDspMon.exe C:\WINDOWS\System32\igfxext.exe C:\Program Files\Fujitsu\Utils\FjMnuIco.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Logitech\ioSoftware\LPTrySvr.exe C:\Program Files\NavNT\vptray.exe C:\Program Files\Savvy TV\DTV Service.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\avg antispy\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Documents and Settings\UTILISATEUR1\Bureau\tim\ap\Wallpaper.exe C:\Program Files\Nokia Digital Pen\DockingDirector.exe C:\PROGRA~1\FICHIE~1\Anoto\2.0\DOCKIN~1.EXE C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\mozilla firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=cache.polytech.univ-nantes.prive:3128;http=cache.polytech.univ-nantes.prive:3128;https=cache.polytech.univ-nantes.prive:3128 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ireste.fr;home;local;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: {EA551C00-2AE5-11d3-8592-00A0C98E9EA4} - - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Reactivator - {AC2E8306-D24E-4082-8669-7781499F4E03} - C:\PROGRA~1\EVERYT~1.1\everycom.dll (file missing) O2 - BHO: (no name) - {B78D2BC2-76AA-4B1A-A207-BEA15773050D} - C:\WINDOWS\system32\urqppop.dll (file missing) O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Fichiers communs\microsoft shared\ink\tabtip.exe" /resume O4 - HKLM\..\Run: [AuditMode] C:\sysprep\factory.exe -logon O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [FjEvents] C:\Program Files\Fujitsu\Utils\fjevents.exe O4 - HKLM\..\Run: [FjDspMon] C:\Program Files\Fujitsu\Utils\FjDspMon.exe O4 - HKLM\..\Run: [Fujitsu Menu] C:\Program Files\Fujitsu\Utils\FjMnuIco.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Logitech Pen TrayIcon Server] C:\Program Files\Logitech\ioSoftware\LPTrySvr.exe O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [savvy DTV Service] C:\Program Files\Savvy TV\DTV Service.exe O4 - HKLM\..\Run: [uVS10 Preload] C:\Program Files\ulead\Ulead VideoStudio 10\uvPL.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\avg antispy\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Wallpaper] "C:\Documents and Settings\UTILISATEUR1\Bureau\tim\ap\Wallpaper.exe" Starter O4 - HKCU\..\Run: [Oemo] "C:\WINDOWS\ICROSO~1.NET\dexplore.exe" -vt yazb O4 - Global Startup: Docking Director.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Every Toolbar Search - res://C:\PROGRA~1\EVERYT~1.1\everycom.dll/GoRSDN.dll.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab30149.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab O16 - DPF: {594ECDD4-A991-4208-A7B7-00DDAD9BE328} (Photosynth Class) - http://media.labs.live.com/all/ps/_code_/Photosynth.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {6E2D6932-3885-4FA2-8DD4-DB63FFE33797} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkCnv.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = polytech.univ-nantes.prive O17 - HKLM\Software\..\Telephony: DomainName = polytech.univ-nantes.prive O17 - HKLM\System\CCS\Services\Tcpip\..\{9A2B0307-6E75-4533-A983-395704A4D04F}: NameServer = 212.27.54.252,212.27.53.252 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = polytech.univ-nantes.prive O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = polytech.univ-nantes.prive O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: loginkey - C:\Program Files\Fichiers communs\Microsoft Shared\Ink\loginkey.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O20 - Winlogon Notify: TabBtnWL - C:\WINDOWS\SYSTEM32\TabBtnWL.dll O20 - Winlogon Notify: tpgwlnotify - C:\WINDOWS\SYSTEM32\tpgwlnot.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\ad aware\aawservice.exe O23 - Service: AnotoCasparService - Anoto AB - C:\Program Files\Fichiers communs\Anoto\2.0\caspar.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\avg antispy\AVG Anti-Spyware 7.5\guard.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe O23 - Service: Digitizer Service (Digitizer) - WACOM - C:\WINDOWS\System32\digtizer.exe O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Intel Alert Handler - Intel Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe O23 - Service: Intel File Transfer - Intel Corporation - C:\WINDOWS\system32\cba\xfr.exe O23 - Service: Intel PDS - Intel Corporation - C:\WINDOWS\system32\cba\pds.exe O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe O23 - Service: Service de repérage Symantec System Center (NSCTOP) - Symantec Corporation - C:\Program Files\SSC\NSCTOP.EXE O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
- le 17 juin 2007
- 11 réponses
infecté par rajump, vundo, infostealer... tout essayé!

timvg a répondu à un(e) sujet de timvg dans Analyses et éradication malwares

et là en mettant ma clé usb sur un autre pc, on me dit qu'elle est vérolée adobeR.exe dessus, il l'a supprimé mais c'est bizar! pas d'idées pout virer le vundo détetecté? il serait en rapport avec adobeR.Exe? Merci et bonne soirée, tim
- le 13 juin 2007
- 11 réponses
infecté par rajump, vundo, infostealer... tout essayé!

timvg a répondu à un(e) sujet de timvg dans Analyses et éradication malwares

rien de plus après la màj... VundoFix V6.5.0 Checking Java version... Scan started at 09:00:51 12/06/2007 Listing files found while scanning.... No infected files were found.
- le 12 juin 2007
- 11 réponses
infecté par rajump, vundo, infostealer... tout essayé!

timvg a répondu à un(e) sujet de timvg dans Analyses et éradication malwares

Bonsoir, rien trouvé par vundofix, mais trouvé par navilog1 apparemment...c'est encouragent! Merci à toi, et à Angélique aussi VundoFix V6.5.0 Checking Java version... Java version is 1.4.2.2 Old versions of java are exploitable and should be removed. Scan started at 23:03:32 11/06/2007 Listing files found while scanning.... No infected files were found. Log Navilog1: Search Navipromo version 2.0.3 commencé le 11/06/2007 à 23:15:09,18 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Poster ce rapport sur le forum pour le faire analyser !!! !!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!! Fix lancé depuis C:\Program Files\navilog1 Mise a jour le 08.06.2007 a 17h00 by IL-MAFIOSO Executé en mode normal *** Recherche Programmes installes *** *** Recherche dossiers dans C:\WINDOWS *** *** Recherche dossiers dans C:\Program Files *** *** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data *** *** Recherche dossiers dans C:\Documents and Settings\UTILISATEUR1\Application Data *** *** Recherche avec BlackLight Engine/F-secure *** BlackLight Engine est un produit de F-secure, pour + d'infos : http://www.f-secure.com/blacklight/blacklight_help.html F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR ====================================== Copyright 2005-2006 F-Secure Corporation. All rights reserved. This is a beta version. It will expire on 1st of April, 2007. Version information: 2.2.1061. [+] Started on 06/11/07 at 23:15:14. [+] Initializing ... [+] Starting scan, press Ctrl-C to abort. [+] Scanning for hidden items ............................................................................................................................................................................................................ [+] Scan complete. [+] Summary: 0 hidden item(s) found, 0 scheduled for renaming. [+] Exited on 06/11/07 at 23:41:04 (return code = 0). *** Recherche fichiers *** *** Recherche cles registre *** Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs] Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage] Recherche Clé Magic Control *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche fichiers connus: C:\WINDOWS\system32\uxadd.bak1 trouvé ! infection Vundo possible non traité par cet outil ! 2)Recherche Heuristique : * ** *** **** ***** ****** ******* ******** *** Analyse Terminé le 11/06/2007 à 23:42:05,95 ***
- le 11 juin 2007
- 11 réponses
infecté par rajump, vundo, infostealer... tout essayé!

timvg a répondu à un(e) sujet de timvg dans Analyses et éradication malwares

Bonsoir scan panda n'a rien trouvé du tout! pas réussi a obtenir de log, peut-etre parcequ'il n'a rien trouvé... voici le log hijackthis : Logfile of HijackThis v1.99.1 Scan saved at 18:35:13, on 11/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Microsoft Shared\Ink\KeyboardSurrogate.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Anoto\2.0\caspar.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\avg antispy\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\NavNT\defwatch.exe C:\WINDOWS\System32\digtizer.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe C:\WINDOWS\system32\cba\pds.exe C:\Program Files\NavNT\rtvscan.exe C:\Program Files\SSC\NSCTOP.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\ams_ii\hndlrsvc.exe C:\WINDOWS\system32\MsgSys.EXE C:\WINDOWS\system32\cba\xfr.exe C:\WINDOWS\SYSTEM32\WISPTIS.EXE C:\WINDOWS\System32\tabbtnu.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\Microsoft Shared\Ink\TCServer.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Microsoft Shared\Ink\TabTip.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Fujitsu\Utils\fjevents.exe C:\Program Files\Fujitsu\Utils\FjDspMon.exe C:\Program Files\Fujitsu\Utils\FjMnuIco.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\igfxext.exe C:\Program Files\Logitech\ioSoftware\LPTrySvr.exe C:\Program Files\NavNT\vptray.exe C:\Program Files\Savvy TV\DTV Service.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\avg antispy\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Documents and Settings\UTILISATEUR1\Bureau\tim\ap\Wallpaper.exe C:\Program Files\Nokia Digital Pen\DockingDirector.exe C:\PROGRA~1\FICHIE~1\Anoto\2.0\DOCKIN~1.EXE C:\Program Files\SJphone 1.65\SJphone.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\mozilla firefox\firefox.exe C:\Program Files\Internet Explorer\iexplore.exe C:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=cache.polytech.univ-nantes.prive:3128;http=cache.polytech.univ-nantes.prive:3128;https=cache.polytech.univ-nantes.prive:3128 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ireste.fr;home;local;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: {EA551C00-2AE5-11d3-8592-00A0C98E9EA4} - - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\net transport\NetXfer\NXIEHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Reactivator - {AC2E8306-D24E-4082-8669-7781499F4E03} - C:\PROGRA~1\EVERYT~1.1\everycom.dll (file missing) O2 - BHO: (no name) - {B78D2BC2-76AA-4B1A-A207-BEA15773050D} - C:\WINDOWS\system32\urqppop.dll (file missing) O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Fichiers communs\microsoft shared\ink\tabtip.exe" /resume O4 - HKLM\..\Run: [AuditMode] C:\sysprep\factory.exe -logon O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [FjEvents] C:\Program Files\Fujitsu\Utils\fjevents.exe O4 - HKLM\..\Run: [FjDspMon] C:\Program Files\Fujitsu\Utils\FjDspMon.exe O4 - HKLM\..\Run: [Fujitsu Menu] C:\Program Files\Fujitsu\Utils\FjMnuIco.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe O4 - HKLM\..\Run: [Logitech Pen TrayIcon Server] C:\Program Files\Logitech\ioSoftware\LPTrySvr.exe O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe O4 - HKLM\..\Run: [JVM0.12] C:\WINDOWS\system32\ovsbygm.exe O4 - HKLM\..\Run: [savvy DTV Service] C:\Program Files\Savvy TV\DTV Service.exe O4 - HKLM\..\Run: [uVS10 Preload] C:\Program Files\ulead\Ulead VideoStudio 10\uvPL.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\avg antispy\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Wallpaper] "C:\Documents and Settings\UTILISATEUR1\Bureau\tim\ap\Wallpaper.exe" Starter O4 - HKCU\..\Run: [Oemo] "C:\WINDOWS\ICROSO~1.NET\dexplore.exe" -vt yazb O4 - Global Startup: Docking Director.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: SJphone 1.65.lnk = ? O8 - Extra context menu item: &Every Toolbar Search - res://C:\PROGRA~1\EVERYT~1.1\everycom.dll/GoRSDN.dll.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab30149.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab O16 - DPF: {594ECDD4-A991-4208-A7B7-00DDAD9BE328} (Photosynth Class) - http://media.labs.live.com/all/ps/_code_/Photosynth.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {6E2D6932-3885-4FA2-8DD4-DB63FFE33797} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkCnv.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = polytech.univ-nantes.prive O17 - HKLM\Software\..\Telephony: DomainName = polytech.univ-nantes.prive O17 - HKLM\System\CCS\Services\Tcpip\..\{9A2B0307-6E75-4533-A983-395704A4D04F}: NameServer = 212.27.54.252,212.27.53.252 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = polytech.univ-nantes.prive O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = polytech.univ-nantes.prive O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: loginkey - C:\Program Files\Fichiers communs\Microsoft Shared\Ink\loginkey.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O20 - Winlogon Notify: TabBtnWL - C:\WINDOWS\SYSTEM32\TabBtnWL.dll O20 - Winlogon Notify: tpgwlnotify - C:\WINDOWS\SYSTEM32\tpgwlnot.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AnotoCasparService - Anoto AB - C:\Program Files\Fichiers communs\Anoto\2.0\caspar.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\avg antispy\AVG Anti-Spyware 7.5\guard.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe O23 - Service: Digitizer Service (Digitizer) - WACOM - C:\WINDOWS\System32\digtizer.exe O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Intel Alert Handler - Intel Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe O23 - Service: Intel File Transfer - Intel Corporation - C:\WINDOWS\system32\cba\xfr.exe O23 - Service: Intel PDS - Intel Corporation - C:\WINDOWS\system32\cba\pds.exe O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe O23 - Service: Service de repérage Symantec System Center (NSCTOP) - Symantec Corporation - C:\Program Files\SSC\NSCTOP.EXE O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
- le 11 juin 2007
- 11 réponses
infecté par rajump, vundo, infostealer... tout essayé!

timvg a répondu à un(e) sujet de timvg dans Analyses et éradication malwares

J'ai fixé puis scan AVG, dont voici le log la pèche n'a l'air d'avoir été bonne... --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 11:39:59 11/06/2007 + Résultat de l'analyse: :mozilla.202:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé. :mozilla.203:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé. :mozilla.204:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé. :mozilla.101:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.142:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\UTILISATEUR1\Cookies\utilisateur1@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.116:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé. :mozilla.117:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé. :mozilla.174:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.175:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.176:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.177:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.178:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.224:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Adviva : Nettoyé. C:\Documents and Settings\UTILISATEUR1\Cookies\utilisateur1@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé. :mozilla.22:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé. :mozilla.336:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé. C:\Documents and Settings\UTILISATEUR1\Cookies\utilisateur1@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé. :mozilla.159:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Com : Nettoyé. :mozilla.86:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé. C:\Documents and Settings\UTILISATEUR1\Cookies\utilisateur1@doubleclick[2].txt -> TrackingCookie.Doubleclick : Nettoyé. :mozilla.110:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Estat : Nettoyé. C:\Documents and Settings\UTILISATEUR1\Cookies\utilisateur1@estat[1].txt -> TrackingCookie.Estat : Nettoyé. :mozilla.213:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé. :mozilla.291:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé. :mozilla.292:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé. :mozilla.351:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé. C:\Documents and Settings\UTILISATEUR1\Cookies\utilisateur1@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé. :mozilla.63:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Overture : Nettoyé. C:\Documents and Settings\UTILISATEUR1\Cookies\utilisateur1@overture[1].txt -> TrackingCookie.Overture : Nettoyé. :mozilla.205:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Planetactive : Nettoyé. :mozilla.118:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyé. :mozilla.119:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyé. :mozilla.150:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.151:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.152:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.153:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.154:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.155:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. C:\Documents and Settings\UTILISATEUR1\Cookies\utilisateur1@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé. C:\Documents and Settings\UTILISATEUR1\Cookies\utilisateur1@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.231:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé. :mozilla.232:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé. :mozilla.23:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.24:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.25:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.29:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. C:\Documents and Settings\UTILISATEUR1\Cookies\utilisateur1@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.320:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Specificclick : Nettoyé. :mozilla.321:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Specificclick : Nettoyé. :mozilla.322:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Specificclick : Nettoyé. :mozilla.323:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Specificclick : Nettoyé. :mozilla.324:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Specificclick : Nettoyé. :mozilla.325:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Specificclick : Nettoyé. :mozilla.326:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Specificclick : Nettoyé. :mozilla.327:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Specificclick : Nettoyé. :mozilla.87:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé. :mozilla.88:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé. :mozilla.89:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé. :mozilla.11:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé. :mozilla.15:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé. :mozilla.16:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé. :mozilla.17:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé. :mozilla.30:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.31:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.32:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.33:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. C:\Documents and Settings\UTILISATEUR1\Cookies\utilisateur1@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.227:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Webtrends : Nettoyé. :mozilla.146:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyé. :mozilla.316:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.317:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.311:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé. :mozilla.312:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé. :mozilla.313:C:\Documents and Settings\UTILISATEUR1\Application Data\Mozilla\Firefox\Profiles\dj0n9spb.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé. Fin du rapport
- le 11 juin 2007
- 11 réponses
infecté par rajump, vundo, infostealer... tout essayé!

timvg a posté un sujet dans Analyses et éradication malwares

Bonsoir j'ai biensur fait des scans avec adaware, spybot, antivir... utilisé les outils de suppression des virus/trojan concernés donc là suis à bout! voici un log Hijackthis, si quelqu'un peut m'aider... merci d'avance, tim Logfile of HijackThis v1.99.1 Scan saved at 21:12:27, on 10/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Microsoft Shared\Ink\KeyboardSurrogate.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Anoto\2.0\caspar.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\NavNT\defwatch.exe C:\WINDOWS\System32\digtizer.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe C:\WINDOWS\system32\cba\pds.exe C:\Program Files\NavNT\rtvscan.exe C:\Program Files\SSC\NSCTOP.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\ams_ii\hndlrsvc.exe C:\WINDOWS\system32\MsgSys.EXE C:\WINDOWS\system32\cba\xfr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\WISPTIS.EXE C:\WINDOWS\System32\tabbtnu.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\Microsoft Shared\Ink\TabTip.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\NavNT\vptray.exe C:\Program Files\Savvy TV\DTV Service.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Documents and Settings\UTILISATEUR1\Bureau\tim\ap\Wallpaper.exe C:\Program Files\Nokia Digital Pen\DockingDirector.exe C:\Program Files\SJphone 1.65\SJphone.exe C:\PROGRA~1\FICHIE~1\Anoto\2.0\DOCKIN~1.EXE C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\mozilla firefox\firefox.exe C:\Program Files\Fichiers communs\Microsoft Shared\Ink\TCServer.exe C:\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=cache.polytech.univ-nantes.prive:3128;http=cache.polytech.univ-nantes.prive:3128;https=cache.polytech.univ-nantes.prive:3128 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ireste.fr;home;local;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: {EA551C00-2AE5-11d3-8592-00A0C98E9EA4} - - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - C:\WINDOWS\system32\ssuibgce.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7852295F-5258-4A4C-9F5E-6501E054176E} - C:\WINDOWS\system32\awtut.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {8092D287-771B-4A03-B243-A4A6FF966F5f} - C:\WINDOWS\system32\yjwudmyg.dll (file missing) O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\net transport\NetXfer\NXIEHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Reactivator - {AC2E8306-D24E-4082-8669-7781499F4E03} - C:\PROGRA~1\EVERYT~1.1\everycom.dll (file missing) O2 - BHO: (no name) - {B78D2BC2-76AA-4B1A-A207-BEA15773050D} - C:\WINDOWS\system32\urqppop.dll (file missing) O3 - Toolbar: Every Toolbar - {A20A76AD-7A29-4756-87FE-70C334CB40C0} - C:\PROGRA~1\EVERYT~1.1\everycom.dll (file missing) O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Fichiers communs\microsoft shared\ink\tabtip.exe" /resume O4 - HKLM\..\Run: [AuditMode] C:\sysprep\factory.exe -logon O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [FjEvents] C:\Program Files\Fujitsu\Utils\fjevents.exe O4 - HKLM\..\Run: [FjDspMon] C:\Program Files\Fujitsu\Utils\FjDspMon.exe O4 - HKLM\..\Run: [Fujitsu Menu] C:\Program Files\Fujitsu\Utils\FjMnuIco.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_02\bin\jusched.exe O4 - HKLM\..\Run: [Logitech Pen TrayIcon Server] C:\Program Files\Logitech\ioSoftware\LPTrySvr.exe O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe O4 - HKLM\..\Run: [JVM0.12] C:\WINDOWS\system32\ovsbygm.exe O4 - HKLM\..\Run: [savvy DTV Service] C:\Program Files\Savvy TV\DTV Service.exe O4 - HKLM\..\Run: [uVS10 Preload] C:\Program Files\ulead\Ulead VideoStudio 10\uvPL.exe O4 - HKLM\..\Run: [sManager] smanager.7.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Wallpaper] "C:\Documents and Settings\UTILISATEUR1\Bureau\tim\ap\Wallpaper.exe" Starter O4 - HKCU\..\Run: [Oemo] "C:\WINDOWS\ICROSO~1.NET\dexplore.exe" -vt yazb O4 - Global Startup: Docking Director.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: SJphone 1.65.lnk = ? O8 - Extra context menu item: &Every Toolbar Search - res://C:\PROGRA~1\EVERYT~1.1\everycom.dll/GoRSDN.dll.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab30149.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab O16 - DPF: {594ECDD4-A991-4208-A7B7-00DDAD9BE328} (Photosynth Class) - http://media.labs.live.com/all/ps/_code_/Photosynth.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {6E2D6932-3885-4FA2-8DD4-DB63FFE33797} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkCnv.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = polytech.univ-nantes.prive O17 - HKLM\Software\..\Telephony: DomainName = polytech.univ-nantes.prive O17 - HKLM\System\CCS\Services\Tcpip\..\{9A2B0307-6E75-4533-A983-395704A4D04F}: NameServer = 212.27.54.252,212.27.53.252 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = polytech.univ-nantes.prive O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = polytech.univ-nantes.prive O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: loginkey - C:\Program Files\Fichiers communs\Microsoft Shared\Ink\loginkey.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O20 - Winlogon Notify: TabBtnWL - C:\WINDOWS\SYSTEM32\TabBtnWL.dll O20 - Winlogon Notify: tpgwlnotify - C:\WINDOWS\SYSTEM32\tpgwlnot.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winvfw32 - winvfw32.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AnotoCasparService - Anoto AB - C:\Program Files\Fichiers communs\Anoto\2.0\caspar.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe O23 - Service: Digitizer Service (Digitizer) - WACOM - C:\WINDOWS\System32\digtizer.exe O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Intel Alert Handler - Intel Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe O23 - Service: Intel File Transfer - Intel Corporation - C:\WINDOWS\system32\cba\xfr.exe O23 - Service: Intel PDS - Intel Corporation - C:\WINDOWS\system32\cba\pds.exe O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe O23 - Service: Service de repérage Symantec System Center (NSCTOP) - Symantec Corporation - C:\Program Files\SSC\NSCTOP.EXE O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
- le 10 juin 2007
- 11 réponses

Connexion

timvg

Compteur de contenus

Inscription

Dernière visite

timvg's Achievements

Junior Member (3/12)

Réputation sur la communauté

infecté par rajump, vundo, infostealer... tout essayé!

infecté par rajump, vundo, infostealer... tout essayé!

infecté par rajump, vundo, infostealer... tout essayé!

infecté par rajump, vundo, infostealer... tout essayé!

infecté par rajump, vundo, infostealer... tout essayé!

infecté par rajump, vundo, infostealer... tout essayé!

infecté par rajump, vundo, infostealer... tout essayé!

Zebulon

Outils en ligne

Naviguer