Aller au contenu

jocecal

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    4

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par jocecal

  1. jocecal
    RE voici le rapport Fixwareout Username "Carlos" - 07/07/2007 11:30:18 [Fixwareout edited 2007/07/05] »»»»»Prerun check HKLM\SOFTWARE\~\Winlogon\ "System"="kdxnj.exe" Cache de résolution DNS vidé. System was rebooted successfully. »»»»» Postrun check HKLM\SOFTWARE\~\Winlogon\ "system"="" .... .... »»»»» Misc files. .... »»»»» Checking for older varients. .... »»»»» Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\"" "nwiz"="nwiz.exe /install" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k" "HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe" "hiijoiwj"="c:\\windows\\system32\\hiijoiwj.exe hiijoiwj" "C-Media Mixer"="Mixer.exe /startup" "BigDogPath"="C:\\WINDOWS\\VM_STI.EXE Philips SPC 200NC PC Camera" "Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\"" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccleaner"="\"C:\\Program Files\\CCleaner\\ccleaner.exe\" /AUTO" "TVAgent WiFi"="C:\\Program Files\\Alice_Triway_WiFi\\Wizard\\Agent_WiFi.exe" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background" "HijackThis startup scan"="C:\\DOCUME~1\\Carlos\\LOCALS~1\\Temp\\Rar$EX00.416\\HijackThis.exe /startupscan" .... Hosts file was reset, If you use a custom hosts file please replace it »»»»» End report »»»»» ici le rapport de Navilog1 Search Navipromo version 2.0.5 commencé le 07/07/2007 à 12:11:36,10 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Poster ce rapport sur le forum pour le faire analyser !!! !!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!! Fix lancé depuis C:\Program Files\navilog1 Mise a jour le 01.07.2007 a 12h00 by IL-MAFIOSO Executé en mode normal *** Recherche Programmes installes *** *** Recherche dossiers dans C:\WINDOWS *** *** Recherche dossiers dans C:\Program Files *** *** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data *** *** Recherche dossiers dans C:\Documents and Settings\Carlos\Application Data *** *** Recherche avec BlackLight Engine/F-secure *** BlackLight Engine est un produit de F-secure, pour + d'infos : http://www.f-secure.com/blacklight/blacklight_help.html Fichier(s) caché(s) dans C:\WINDOWS\system32 : c:\WINDOWS\system32\hiijoiwj.dat C:\windows\system32\hiijoiwj.exe c:\WINDOWS\system32\hiijoiwj_nav.dat c:\WINDOWS\system32\hiijoiwj_navps.dat Processus caché(s) dans C:\WINDOWS\system32 : C:\windows\system32\hiijoiwj.exe *** Recherche fichiers *** C:\WINDOWS\pack.epk trouvé ! C:\WINDOWS\system32\nvs2.inf trouvé ! *** Recherche cles registre *** Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs] Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage] Recherche Clé Magic Control HKEY_CURRENT_USER\Software\Lanconfig trouvé ! HKEY_USERS\S-1-5-21-1085031214-1343024091-854245398-1004\Software\Lanconfig trouvé ! *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche fichiers connus: 2)Recherche Heuristique : * C:\WINDOWS\system32\hiijoiwj.dat trouvé ! ** C:\WINDOWS\system32\hiijoiwj.dat trouvé ! *** **** C:\WINDOWS\system32\hiijoiwj_navps.dat trouvé ! ***** ****** ******* ******** 3)Recherche Certificats : Certificat Egroup trouvé ! *** Analyse Terminé le 07/07/2007 à 12:18:05,79 *** le rapport HijackThis Logfile of HijackThis v1.99.1 Scan saved at 12:37:44, on 07/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\Mixer.exe C:\WINDOWS\VM_STI.EXE C:\Program Files\Alice_Triway_WiFi\Wizard\Agent_WiFi.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\Carlos\LOCALS~1\Temp\Rar$EX00.906\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.ircfast.com/index.php?rvs=hompag R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO O4 - HKCU\..\Run: [TVAgent WiFi] C:\Program Files\Alice_Triway_WiFi\Wizard\Agent_WiFi.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [HijackThis startup scan] C:\DOCUME~1\Carlos\LOCALS~1\Temp\Rar$EX00.416\HijackThis.exe /startupscan O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: TrayMin300.exe.lnk = ? O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1175691409178 O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr/configurate...countHelper.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{67177F8A-F238-4B65-A054-EEF6E4300D99}: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{767214CE-9639-43D5-83F0-2D6F3E10B505}: NameServer = 208.67.220.220 208.67.222.222 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe bonne lecture mes remerciements
  2. jocecal
    Bonsoir GOF je te prie de m'excuser pour ma réponse tardive je n'arrivé pas a lancé ce Diaghelp voici le rapport DiagHelp catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-06 23:04:48 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwQueryDirectoryFile scanning hidden files ... C:\WINDOWS\system32\kdxnj.exe scan completed successfully hidden files: 1 version v1.1.2 - http://www.malekal.com excute le 06/07/2007 à 23:03:26,67 Liste des derniers fichies modifies/crees dans windir\system32 C:\WINDOWS\System32/drivers\secdrv.sys -->01/06/2007 23:36:21 C:\WINDOWS\System32/drivers\avipbb.sys -->20/03/2007 09:55:45 C:\WINDOWS\System32/drivers\ssmdrv.sys -->01/03/2007 10:34:36 C:\WINDOWS\System32/drivers\avgntdd.sys -->27/02/2007 15:18:30 C:\WINDOWS\System32/drivers\ntfs.sys -->09/02/2007 13:10:35 C:\WINDOWS\System32/drivers\avgntmgr.sys -->22/11/2006 14:30:31 C:\WINDOWS\System32/drivers\wpdusb.sys -->18/10/2006 20:00:00 C:\WINDOWS\System32\hiijoiwj_navps.dat -->06/07/2007 23:03:26 C:\WINDOWS\System32\hiijoiwj.dat -->06/07/2007 23:03:04 C:\WINDOWS\System32\wpa.dbl -->06/07/2007 21:25:09 C:\WINDOWS\System32\nvapps.xml -->06/07/2007 21:24:30 C:\WINDOWS\System32\hiijoiwj_nav.dat -->06/07/2007 12:32:55 C:\WINDOWS\System32\KMVIDC32.DLL -->04/07/2007 10:32:26 C:\WINDOWS\System32\CONFIG.NT -->30/06/2007 23:31:55 C:\WINDOWS\System32\PerfStringBackup.INI -->30/06/2007 23:27:52 C:\WINDOWS\System32\perfh00C.dat -->30/06/2007 23:27:52 C:\WINDOWS\System32\perfh009.dat -->30/06/2007 23:27:52 C:\WINDOWS\System32\perfc00C.dat -->30/06/2007 23:27:52 C:\WINDOWS\System32\perfc009.dat -->30/06/2007 23:27:52 C:\WINDOWS\System32\FNTCACHE.DAT -->27/06/2007 20:49:10 C:\WINDOWS\System32\hiijoiwj.exe -->26/06/2007 20:34:38 C:\WINDOWS\System32\nvs2.inf -->10/06/2007 15:17:11 C:\WINDOWS\System32\l2host.ini -->08/06/2007 17:37:57 C:\WINDOWS\System32\MRT.exe -->06/06/2007 08:38:41 C:\WINDOWS\System32\jupdate-1.6.0_01-b06.log -->22/05/2007 08:21:38 C:\WINDOWS\System32\inetcomm.dll -->16/05/2007 17:13:53 C:\WINDOWS\System32\iklog.log -->11/05/2007 18:16:44 C:\WINDOWS\System32\nscompat.tlb -->11/05/2007 13:02:44 C:\WINDOWS\System32\amcompat.tlb -->11/05/2007 13:02:44 C:\WINDOWS\System32\mshtml.dll -->08/05/2007 10:59:01 C:\WINDOWS\System32\lhacm.acm -->03/05/2007 04:32:51 C:\WINDOWS\System32\CmdLineExt03.dll -->01/05/2007 16:36:05 C:\WINDOWS\wiadebug.log -->06/07/2007 21:13:19 C:\WINDOWS\wiaservc.log -->06/07/2007 21:13:15 C:\WINDOWS\bootstat.dat -->06/07/2007 21:12:32 C:\WINDOWS\WindowsUpdate.log -->06/07/2007 08:25:06 C:\WINDOWS\SchedLgU.Txt -->06/07/2007 00:53:02 C:\WINDOWS\NeroDigital.ini -->01/07/2007 17:38:32 C:\WINDOWS\Sti_Trace.log -->01/07/2007 08:44:47 C:\WINDOWS\win.ini -->29/06/2007 13:52:31 C:\WINDOWS\system.ini -->29/06/2007 13:52:31 C:\WINDOWS\NCLogConfig.ini -->28/06/2007 16:52:59 C:\WINDOWS\hpoins11.dat -->27/06/2007 18:25:59 C:\WINDOWS\pack.epk -->19/06/2007 09:17:11 C:\WINDOWS\yesmessenger.ini -->19/06/2007 09:07:10 C:\WINDOWS\CMMIXER.INI -->08/06/2007 21:42:57 C:\WINDOWS\eReg.dat -->01/06/2007 23:16:42 Le volume dans le lecteur C s'appelle carlos Le numéro de série du volume est 541A-46F7 Répertoire de C:\WINDOWS\system32 04/08/2004 00:54 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 23 649 099 776 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C s'appelle carlos Le numéro de série du volume est 541A-46F7 Répertoire de C:\WINDOWS\Downloaded Program Files 26/06/2007 20:56 <REP> . 26/06/2007 20:56 <REP> .. 17/11/2006 23:00 73 216 Account.dll 17/11/2006 11:08 216 Account.inf 07/12/2004 16:07 32 bdcore.dll 01/03/2005 14:08 118 784 bdupd.dll 04/04/2007 14:38 65 desktop.ini 13/04/2007 02:14 382 344 GAME_UNO1.dll 17/01/2007 15:44 316 GAME_UNO1.INF 01/03/2005 14:08 53 248 ipsupd.dll 09/03/2005 15:42 6 742 lang.ini 07/12/2004 16:07 32 libfn.dll 18/02/2005 16:22 126 live.ini 22/02/2007 23:41 304 544 MessengerStatsPAClient.dll 28/02/2007 14:21 131 472 msgrchkr.dll 20/06/2006 15:44 379 704 MsnPUpld.dll 19/06/2006 14:40 393 MsnPUpld.inf 01/06/2006 02:57 1 331 oscan8.inf 01/06/2006 02:54 471 040 oscan8.ocx 31/05/2006 04:15 10 oscan81.ocx_x 20/06/2006 15:44 117 560 PURen-us.dll 09/01/2007 08:30 110 592 PURfr-fr.dll 15/10/2004 07:59 110 592 PURfr-xx.dll 09/03/2005 15:43 6 828 scanoptions.tsi 26/03/2007 16:46 5 085 swflash.inf 26/05/2005 04:19 291 wuweb.inf 24 fichier(s) 2 274 563 octets Total des fichiers listés : 24 fichier(s) 2 274 563 octets 2 Rép(s) 23 649 095 680 octets libres Recherche de rootkit! (Merci S!Ri) infection possible Magic.Control : un scan F-Secure BlackLight est recommandé Recherche d'infections connues Export des clefs sensibles.. "kdxnj.exe" présent dans la clef HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon - Possible infection Trojan.DNS/Wareout Liste des fichiers en exception sur le pare-feu XP SP2 "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "D:\\Program Files\\Team17\\Worms2\\frontend.exe"="D:\\Program Files\\Team17\\Worms2\\frontend.exe:*:Enabled:Worms 2 Frontend" "C:\\Program Files\\Alice_Triway_WiFi\\Wizard\\CTD_FirmwareUpgrader.exe"="C:\\Program Files\\Alice_Triway_WiFi\\Wizard\\CTD_FirmwareUpgrader.exe:*:Enabled:CTD_FirmwareUpgrader" "D:\\Program Files\\Teamspeak2_RC2\\TeamSpeak.exe"="D:\\Program Files\\Teamspeak2_RC2\\TeamSpeak.exe:*:Enabled:Teamspeak RC2" "D:\\Program Files\\Akuma\\AkumaRO Patch.exe"="D:\\Program Files\\Akuma\\AkumaRO Patch.exe:*:Enabled:AkumaRO" "D:\\Program Files\\FlashGet\\flashget.exe"="D:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget" "D:\\Program Files\\Counter Strike\\cstrike.exe"="D:\\Program Files\\Counter Strike\\cstrike.exe:*:Enabled:CounterStrike Launcher" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "D:\\Mes Téléchargement\\CabalTemp\\ESTdnheadless.exe"="D:\\Mes Téléchargement\\CabalTemp\\ESTdnheadless.exe:*:Enabled:EST! download engine" "D:\\Program Files\\Games-Masters.com\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe"="D:\\Program Files\\Games-Masters.com\\CABAL Online (Europe)\\launcher\\update\\ESTdnheadless.exe:*:Enabled:EST! download engine" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe" "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe" "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe" "C:\\Team17\\Worms2\\frontend.exe"="C:\\Team17\\Worms2\\frontend.exe:*:Disabled:Worms 2 Frontend" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-06 23:04:48 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwQueryDirectoryFile scanning hidden files ... C:\WINDOWS\system32\kdxnj.exe scan completed successfully hidden files: 1 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 232 - explorer.exe 416 - alg.exe 580 - avgnt.exe 616 - hpqste08.exe 644 - csrss.exe 676 - winlogon.exe 720 - services.exe 732 - lsass.exe 936 - svchost.exe 988 - svchost.exe 1080 - svchost.exe 1208 - svchost.exe 1500 - avguard.exe 1740 - sched.exe 1768 - GoogleUpdaterSe 1796 - nvsvc32.exe 2100 - hiijoiwj.exe 2128 - mixer.exe 2140 - VM_STI.EXE 2252 - firefox.exe 2264 - ctfmon.exe 2324 - msnmsgr.exe 2772 - hpqtra08.exe 2852 - GoogleUpdater.e 2860 - TrayMin200.exe 3244 - KProcCheck.exe 3564 - hpqimzone.exe 3664 - cmd.exe Total number of processes = 29 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntoskrnl.exe 806EC000 - \WINDOWS\system32\hal.dll F896B000 - \WINDOWS\system32\KDCOM.DLL F887B000 - \WINDOWS\system32\BOOTVID.dll F8439000 - pci.sys F846B000 - isapnp.sys F847B000 - ohci1394.sys F896D000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS F848B000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS F896F000 - viaide.sys F86EB000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS F849B000 - MountMgr.sys F841A000 - ftdisk.sys F8971000 - dmload.sys F83F4000 - dmio.sys F86F3000 - PartMgr.sys F84AB000 - VolSnap.sys F83DC000 - atapi.sys F84BB000 - disk.sys F84CB000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS F83BC000 - fltMgr.sys F83AA000 - sr.sys F84DB000 - PxHelp20.sys F8393000 - KSecDD.sys F8306000 - Ntfs.sys F82D9000 - NDIS.sys F84EB000 - viaagp.sys F82BE000 - Mup.sys F8AD1000 - \SystemRoot\system32\DRIVERS\audstub.sys F863B000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys F8917000 - \SystemRoot\system32\DRIVERS\ndistapi.sys F7B44000 - \SystemRoot\system32\DRIVERS\ndiswan.sys F864B000 - \SystemRoot\system32\DRIVERS\raspppoe.sys F865B000 - \SystemRoot\system32\DRIVERS\raspptp.sys F8763000 - \SystemRoot\system32\DRIVERS\TDI.SYS F7B33000 - \SystemRoot\system32\DRIVERS\psched.sys F866B000 - \SystemRoot\system32\DRIVERS\msgpc.sys F876B000 - \SystemRoot\system32\DRIVERS\ptilink.sys F8773000 - \SystemRoot\system32\DRIVERS\raspti.sys F76F1000 - \SystemRoot\system32\DRIVERS\nv4_mini.sys F76DD000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS F869B000 - \SystemRoot\system32\DRIVERS\imapi.sys F86AB000 - \SystemRoot\system32\DRIVERS\cdrom.sys F86BB000 - \SystemRoot\system32\DRIVERS\redbook.sys F76BA000 - \SystemRoot\system32\DRIVERS\ks.sys F877B000 - \SystemRoot\System32\Drivers\incdrm.SYS F8783000 - \SystemRoot\system32\DRIVERS\usbuhci.sys F7697000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS F878B000 - \SystemRoot\system32\DRIVERS\fetnd5.sys F86CB000 - \SystemRoot\system32\DRIVERS\nic1394.sys F763A000 - \SystemRoot\system32\drivers\cmaudio.sys F7616000 - \SystemRoot\system32\drivers\portcls.sys F86DB000 - \SystemRoot\system32\drivers\drmk.sys F7545000 - \SystemRoot\system32\DRIVERS\rdpdr.sys F851B000 - \SystemRoot\system32\DRIVERS\termdd.sys F8793000 - \SystemRoot\system32\DRIVERS\kbdclass.sys F879B000 - \SystemRoot\system32\DRIVERS\mouclass.sys F898B000 - \SystemRoot\system32\DRIVERS\swenum.sys F74E9000 - \SystemRoot\system32\DRIVERS\update.sys F894B000 - \SystemRoot\system32\DRIVERS\mssmbios.sys F852B000 - \SystemRoot\system32\DRIVERS\i8042prt.sys F74D5000 - \SystemRoot\system32\DRIVERS\parport.sys F74C4000 - \SystemRoot\system32\DRIVERS\serial.sys F894F000 - \SystemRoot\system32\DRIVERS\serenum.sys F87A3000 - \SystemRoot\system32\DRIVERS\fdc.sys F853B000 - \SystemRoot\System32\Drivers\NDProxy.SYS F854B000 - \SystemRoot\system32\DRIVERS\usbhub.sys F898D000 - \SystemRoot\system32\DRIVERS\USBD.SYS F7B6B000 - \SystemRoot\system32\DRIVERS\gameenum.sys F8995000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F8BB9000 - \SystemRoot\System32\Drivers\Null.SYS F8997000 - \SystemRoot\System32\Drivers\Beep.SYS F87C3000 - \SystemRoot\System32\drivers\vga.sys F8999000 - \SystemRoot\System32\Drivers\mnmdd.SYS F899B000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F87CB000 - \SystemRoot\System32\Drivers\Msfs.SYS F87D3000 - \SystemRoot\System32\Drivers\Npfs.SYS F7B63000 - \SystemRoot\system32\DRIVERS\rasacd.sys F60A9000 - \SystemRoot\system32\DRIVERS\ipsec.sys F6051000 - \SystemRoot\system32\DRIVERS\tcpip.sys F6029000 - \SystemRoot\system32\DRIVERS\netbt.sys F6007000 - \SystemRoot\System32\drivers\afd.sys F856B000 - \SystemRoot\system32\DRIVERS\netbios.sys F87DB000 - \SystemRoot\system32\DRIVERS\ssmdrv.sys F5FDC000 - \SystemRoot\system32\DRIVERS\rdbss.sys F5F6D000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys F857B000 - \SystemRoot\System32\Drivers\Fips.SYS F5F4C000 - \SystemRoot\system32\DRIVERS\ipnat.sys F858B000 - \SystemRoot\system32\DRIVERS\arp1394.sys F859B000 - \SystemRoot\system32\DRIVERS\wanarp.sys F85AB000 - \SystemRoot\system32\DRIVERS\avipbb.sys F899F000 - \??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys F5E6D000 - \SystemRoot\System32\Drivers\usbVM31b.sys F85CB000 - \SystemRoot\System32\Drivers\STREAM.SYS F862B000 - \SystemRoot\System32\Drivers\Cdfs.SYS F5E55000 - \SystemRoot\System32\Drivers\dump_atapi.sys F89A5000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys F7521000 - \SystemRoot\System32\drivers\Dxapi.sys F87EB000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys F8AF2000 - \SystemRoot\System32\drivers\dxgthk.sys BF9D5000 - \SystemRoot\System32\nv4_disp.dll BFFA0000 - \SystemRoot\System32\ATMFD.DLL BACF0000 - \SystemRoot\system32\DRIVERS\ndisuio.sys BA27D000 - \??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys BA200000 - \SystemRoot\system32\DRIVERS\mrxdav.sys F89D3000 - \SystemRoot\System32\Drivers\ParVdm.SYS BA271000 - \SystemRoot\system32\DRIVERS\secdrv.sys BA096000 - \SystemRoot\system32\DRIVERS\srv.sys B9E51000 - \SystemRoot\system32\drivers\wdmaud.sys B9F3E000 - \SystemRoot\system32\drivers\sysaudio.sys B9C52000 - \SystemRoot\System32\Drivers\HTTP.sys F8B69000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys B6264000 - \SystemRoot\system32\drivers\kmixer.sys Total number of drivers = 115 Liste des programmes installes Adobe Flash Player 9 ActiveX Adobe Reader 8.1.0 - Français AiO_Scan_CDA AiOSoftwareNPI AkumaRO AkumaRO Alice ADSL - Assistant de connexion sans fil Alice ADSL - Installation principale Apocalyptica Apocalyptica Archiveur WinRAR Avira AntiVir PersonalEdition Classic Avira AntiVir PersonalEdition Classic Barre d'outils Outlook de Windows Live (Windows Live Toolbar) Bloqueur de fenêtres pop-up (Windows Live Toolbar) BufferChm C4100 c4100_Help CABAL Online v3.3 CABAL Online v3.3 CCleaner (remove only) CCleaner (remove only) Counter Strike 1.5 Counter Strike 1.5 CP_CalendarTemplates1 cp_OnlineProjectsConfig CP_Package_Basic1 CP_Panorama1Config cp_PosterPrintConfig CueTour CustomerResearchQFolder CVitae 2.1.1 CVitae 2.1.1 Destinations DeviceManagementQFolder DivX Codec DivX Codec DivX Player DivX Player DocProc DocProcQFolder DocumentViewer DocumentViewerQFolder Détecteur de flux Windows Live Toolbar (Windows Live Toolbar) eSupportQFolder Extension de Windows Live Toolbar (Windows Live Toolbar) Fax_CDA Frontline Attack - War over Europe Frontline Attack - War over Europe FullDPAppQFolder HijackThis 1.99.1 HijackThis 1.99.1 HP Customer Participation Program 7.0 HP Customer Participation Program 7.0 HP Document Viewer 7.0 HP Document Viewer 7.0 HP Imaging Device Functions 7.0 HP Imaging Device Functions 7.0 HP Photosmart Premier Software 6.5 HP Photosmart Premier Software 6.5 HP Photosmart, Officejet and Deskjet 7.0.A HP Software Update HP Solution Center 7.0 HP Solution Center 7.0 HPPhotoSmartExpress HPProductAssistant InCD EasyWrite Reader InstantShareDevices InstantShareDevicesMFC Java SE Runtime Environment 6 Update 1 Le Maître de l'Olympe - Zeus. Lecteur Windows Media 11 MarketResearch Menus intelligents (Windows Live Toolbar) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 French Language Pack Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft .NET Framework 2.0 Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.0 Microsoft .NET Framework 3.0 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft User-Mode Driver Framework Feature Pack 1.0 Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566) Mise à jour de sécurité pour Windows XP (KB923789) Mozilla Firefox (2.0.0.3) Mozilla Firefox (2.0.0.4) MSXML 4.0 SP2 (KB927978) MSXML 6.0 Parser (KB927977) MyDSC2 Nero Media Player Nero OEM NeroVision Express 2 NewCopy_CDA NVIDIA Drivers OCR Software by I.R.I.S 7.0 OCR Software by I.R.I.S 7.0 OpenOffice.org 2.2 Outil de mise à jour Google Outil de mise à jour Google Oxygene Online PanoStandAlone PCI Audio Driver Philips SPC 200NC PC Camera PhotoGallery ProductContextNPI RandMap Readme Scan ScannerCopy Security Update for Microsoft .NET Framework 2.0 (KB922770) Security Update pour Microsoft .NET Framework 2.0 (KB917283) SimCity 3000 SimCity 4 Deluxe SkinsHP1 SlideShow SolutionCenter Sonic_PrimoSDK SpeedSim Spybot - Search & Destroy 1.4 Status TeamSpeak 2 RC2 Toolbox TrayApp Unload UserBar Generator 1.2 Ventrilo WebFldrs XP WebReg Windows Communication Foundation Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Internet Explorer 7 Windows Internet Explorer 7 Windows Live Messenger Windows Live Sign-in Assistant Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Presentation Foundation Windows Workflow Foundation Worms2 XML Paper Specification Shared Components Pack 1.0 Le volume dans le lecteur C s'appelle carlos Le numéro de série du volume est 541A-46F7 Répertoire de C:\Program Files 30/06/2007 23:23 <REP> . 30/06/2007 23:23 <REP> .. 18/06/2007 22:49 <REP> Adobe 24/05/2007 14:25 <REP> Ahead 30/04/2007 09:56 <REP> Alice_Triway_WiFi 04/04/2007 15:00 <REP> Alwil Software 06/07/2007 21:25 <REP> AntiVir PersonalEdition Classic 22/05/2007 14:51 <REP> CCleaner 04/04/2007 14:35 <REP> ComPlus Applications 22/05/2007 16:09 <REP> CVitae 22/05/2007 14:11 <REP> Dial-Messenger 27/04/2007 12:00 <REP> DivX 27/06/2007 17:42 <REP> Fichiers communs 07/05/2007 08:26 <REP> Google 06/06/2007 11:31 <REP> Grammatica 7 27/06/2007 17:31 <REP> Hewlett-Packard 27/06/2007 17:47 <REP> HP 13/06/2007 21:36 <REP> Internet Explorer 22/05/2007 08:21 <REP> Java 19/06/2007 11:16 <REP> Lavasoft 01/06/2007 23:16 <REP> Maxis 04/04/2007 15:34 <REP> Messenger 18/05/2007 09:44 <REP> microsoft frontpage 04/04/2007 14:36 <REP> Movie Maker 31/05/2007 15:24 <REP> Mozilla Firefox 07/05/2007 08:16 <REP> MSBuild 19/06/2007 09:45 <REP> MSN 04/04/2007 14:34 <REP> MSN Gaming Zone 18/06/2007 22:22 <REP> MSN Messenger 28/06/2007 07:45 <REP> MSXML 4.0 04/04/2007 14:37 <REP> NetMeeting 04/04/2007 14:35 <REP> Online Services 17/05/2007 20:09 <REP> OpenOffice.org 2.2 13/06/2007 21:38 <REP> Outlook Express 12/06/2007 19:25 <REP> Oxygene Online 19/05/2007 19:56 <REP> Philips 07/05/2007 08:04 <REP> Reference Assemblies 04/04/2007 14:38 <REP> Services en ligne 01/05/2007 16:04 <REP> Sierra On-Line 26/06/2007 10:20 <REP> SpeedSim 19/06/2007 16:26 <REP> Spybot - Search & Destroy 07/05/2007 02:58 <REP> Valve 18/06/2007 22:15 <REP> Windows Live Toolbar 11/05/2007 13:01 <REP> Windows Media Connect 2 11/05/2007 13:01 <REP> Windows Media Player 04/04/2007 14:34 <REP> Windows NT 02/05/2007 08:03 <REP> WinRAR 04/04/2007 14:41 <REP> xerox 05/06/2007 20:14 <REP> Zylom Games 0 fichier(s) 0 octets 49 Rép(s) 23 648 591 872 octets libres Le volume dans le lecteur C s'appelle carlos Le numéro de série du volume est 541A-46F7 Répertoire de C:\Program Files\fichiers communs 27/06/2007 17:42 <REP> . 27/06/2007 17:42 <REP> .. 18/06/2007 22:53 <REP> Adobe 24/05/2007 11:14 <REP> Ahead 27/06/2007 17:28 <REP> Hewlett-Packard 27/06/2007 17:40 <REP> HP 19/05/2007 19:58 <REP> InstallShield 22/05/2007 08:20 <REP> Java 18/05/2007 09:44 <REP> Microsoft Shared 04/04/2007 14:37 <REP> MSSoap 04/04/2007 16:26 <REP> ODBC 04/04/2007 14:37 <REP> Services 27/06/2007 17:42 <REP> Sonic Shared 04/04/2007 16:26 <REP> SpeechEngines 13/06/2007 21:38 <REP> System 19/06/2007 20:21 <REP> Wise Installation Wizard 0 fichier(s) 0 octets 16 Rép(s) 23 648 587 776 octets libres Le volume dans le lecteur C s'appelle carlos Le numéro de série du volume est 541A-46F7 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 04/04/2007 14:49 <REP> . 04/04/2007 14:49 <REP> .. 18/05/2001 15:57 561 209 MSONSEXT.DLL 03/06/1999 12:09 122 937 MSOWS409.DLL 07/03/2001 07:00 127 033 MSOWS40c.DLL 3 fichier(s) 811 179 octets 2 Rép(s) 23 648 587 776 octets libres Le volume dans le lecteur C s'appelle carlos Le numéro de série du volume est 541A-46F7 Répertoire de C:\ 12/05/2007 18:22 68 096 diff.exe 12/05/2007 18:22 103 424 grep.exe 2 fichier(s) 171 520 octets 0 Rép(s) 23 648 587 776 octets libres c:\Documents and Settings\Administrateur\Application Data\MSNInstaller\msnauins.exe c:\Documents and Settings\Carlos\Bureau\VundoFix.exe c:\Documents and Settings\Carlos\Bureau\DiagHelp\catchme.exe c:\Documents and Settings\Carlos\Bureau\DiagHelp\diff.exe c:\Documents and Settings\Carlos\Bureau\DiagHelp\dumphive.exe c:\Documents and Settings\Carlos\Bureau\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\Carlos\Bureau\DiagHelp\find2.exe c:\Documents and Settings\Carlos\Bureau\DiagHelp\Fport.exe c:\Documents and Settings\Carlos\Bureau\DiagHelp\grep.exe c:\Documents and Settings\Carlos\Bureau\DiagHelp\KProcCheck.exe c:\Documents and Settings\Carlos\Bureau\DiagHelp\LFiles.exe c:\Documents and Settings\Carlos\Bureau\DiagHelp\LISTDLLS.exe c:\Documents and Settings\Carlos\Bureau\DiagHelp\pslist.exe c:\Documents and Settings\Carlos\Bureau\DiagHelp\streams.exe c:\Documents and Settings\Carlos\Bureau\DiagHelp\swreg.exe c:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\avewin32.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\Zylom\ZylomDeluxeInstaller\ZylomDeluxeInstaller.dll c:\Documents and Settings\Carlos\Application Data\Identities\{00009BV5-V6E6-N99D-O8SF-9VRP3OLUMVGP}\xmlparse.dll ****** Fin du rapport DiagHelp et voici un nouveau rapport hijackthis.log Logfile of HijackThis v1.99.1 Scan saved at 23:13:33, on 06/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\Mixer.exe C:\WINDOWS\VM_STI.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\DOCUME~1\Carlos\LOCALS~1\Temp\Rar$EX00.416\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.ircfast.com/index.php?rvs=hompag R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O1 - Hosts: suivie par le nom d'hôte correspondant. L'adresse O1 - Hosts: des commentaires (tels que celui-ci) peuvent être insérés sur des O1 - Hosts: 91.121.26.142 l2authd.lineage2.com O1 - Hosts: nProtect.lineage2.com nProtect.lineage2.com O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hiijoiwj] c:\windows\system32\hiijoiwj.exe hiijoiwj O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO O4 - HKCU\..\Run: [TVAgent WiFi] C:\Program Files\Alice_Triway_WiFi\Wizard\Agent_WiFi.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: TrayMin300.exe.lnk = ? O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1175691409178 O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr/configurate...countHelper.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{67177F8A-F238-4B65-A054-EEF6E4300D99}: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{767214CE-9639-43D5-83F0-2D6F3E10B505}: NameServer = 208.67.220.220 208.67.222.222 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe d'avance je te remercie
  3. jocecal
    Bonjour, je te remercie de ta réponse rapide J'ai enlevé FlashGet comme tu me la conseillé. Les opérations que j'ai effectué tous seul avec le topic de ce lien http://forum.zebulon.fr/index.php?showtopic=85543 J'ai téléchargé - Antivir ;- Spybot Search & Destroy ;- ATF Cleaner . J'ai essayé de téléchargé - Autoruns : http://www.sysinternals.com/ mais je ne le trouve pas sur ce lien. j'ai effectué toutes les manipulations demandé par le membre du forum "tesgaz" avec ce qu'il disait sauf celle de autorun mais sa ne marche pas, car il y autant de page de pub qui apparait constamment ,maintenant le problème, c'est que de temps en temps, le pc se fige et je suis obligé de redémarré le pc Ensuite j'ai effectué les opérations que tu as demandé lancé Vundofix.exe il m'annonce Done Searching for file. No infected files were found pas de rapport Lancé diaglHelp.zip mais rien ne se passe au bout de 2 heures ( je pense qui sa doit pas etre si long,, donc j'ai redemarré le pc. la non plus, pas de rapport . voila le nouveau rapport HijackThis donc! toujours les mêmes soucis. D'avance je te remercie de aide Salutation et bon courage Logfile of HijackThis v1.99.1 Scan saved at 12:40:54, on 05/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\windows\system32\hiijoiwj.exe C:\WINDOWS\Mixer.exe C:\WINDOWS\VM_STI.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\calc.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN C:\Program Files\SpeedSim\SpeedSim.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\Carlos\LOCALS~1\Temp\Rar$EX00.627\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.ircfast.com/index.php?rvs=hompag R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O1 - Hosts: suivie par le nom d'hôte correspondant. L'adresse O1 - Hosts: des commentaires (tels que celui-ci) peuvent être insérés sur des O1 - Hosts: 91.121.26.142 l2authd.lineage2.com O1 - Hosts: nProtect.lineage2.com nProtect.lineage2.com O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO O4 - HKCU\..\Run: [TVAgent WiFi] C:\Program Files\Alice_Triway_WiFi\Wizard\Agent_WiFi.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: TrayMin300.exe.lnk = ? O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1175691409178 O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr/configurate...countHelper.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{67177F8A-F238-4B65-A054-EEF6E4300D99}: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{767214CE-9639-43D5-83F0-2D6F3E10B505}: NameServer = 208.67.220.220 208.67.222.222 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  4. jocecal
    bonjour, depuis quelques temps j'ai des page de pub qui s'ouvre regulièrement a chaque clique de page web, ainsi que des image pour adulte j'ai lu le forum pour trouve un exemple identique au miens j'ai cette solution http://forum.zebulon.fr/index.php?showtopic=85543 mais le probleme reviens sans arret je vous est fait une analyse HijackThis voici le rapport Logfile of HijackThis v1.99.1 Scan saved at 21:52:09, on 29/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE D:\Program Files\FlashGet\FlashGet.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\Carlos\LOCALS~1\Temp\Rar$EX00.386\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O1 - Hosts: suivie par le nom d'hôte correspondant. L'adresse O1 - Hosts: des commentaires (tels que celui-ci) peuvent être insérés sur des O1 - Hosts: 91.121.26.142 l2authd.lineage2.com O1 - Hosts: nProtect.lineage2.com nProtect.lineage2.com O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hiijoiwj] c:\windows\system32\hiijoiwj.exe hiijoiwj O4 - HKLM\..\Run: [Flashget] D:\Program Files\FlashGet\FlashGet.exe /min O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\RunOnce: [spybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO O4 - HKCU\..\Run: [TVAgent WiFi] C:\Program Files\Alice_Triway_WiFi\Wizard\Agent_WiFi.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: TrayMin300.exe.lnk = ? O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Télécharger avec FlashGet - D:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1175691409178 O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr/configurate...countHelper.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{67177F8A-F238-4B65-A054-EEF6E4300D99}: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{767214CE-9639-43D5-83F0-2D6F3E10B505}: NameServer = 208.67.220.220 208.67.222.222 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe d'avance je vous remercie
×
×
  • Créer...