

veropoupoune
Membres-
Compteur de contenus
9 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par veropoupoune
-
Bloquée sur la page de démarrage windows
veropoupoune a posté un sujet dans Analyses et éradication malwares
Bonjour à tous, Depuis hier je reste bloquée sur la page de démarrage windows lorsque je reboote en mode normal. Je me suis donc connectée en mode sans échec pour commencer un nettoyage de mon PC suivant les indications d'un tutorial zébulon sur le nettoyage windows. J'ai nettoyé avec malwarebytes 2 fichiers infectés mais en essayant de redémarrer en mode normal, je suis toujours confrontée au même problème : blocage en page de démarrage windows. Je suis donc retournée en mode sans échec et ai passé Hijackthis sur mes disques. Ci-après le rapport. Par avance merci de votre support et vos suggestions concernant ce problème. Véronique PS : une remarque, je suis également aller essayer de modifier l'onglet démarrage (par msconfig) en ne laissant que le démarrage de l'internet et de mon antivirus mais impossible (sous profil administrateur) d'appliquer la nouvelle config demandée. J'ai eu un message d'erreur me demandant de me mettre sous profil administrateur. (j'y étais déjà?)...je ne sais si ces inidcations supplèmentaires peuvent aider... _____________________________________________________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:47:33, on 19/07/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\WINDOWS\Explorer.EXE c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\winrar\WinRAR.exe C:\DOCUME~1\ADMINI~2\LOCALS~1\Temp\Rar$EX00.875\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [intelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [statusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [iPHSend] C:\Program Files\Fichiers communs\AOL\IPHSend\IPHSend.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1154272819\ee\AOLSoftware.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.fr/s/v/39.20/uploader2.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://fare83.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1108897364750 O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 9128 bytes -
Analyse rapport
veropoupoune a répondu à un(e) sujet de veropoupoune dans Analyses et éradication malwares
Bonjour Gof, J'ai donc suivi à la lettre tes recommendations ce week-end. Voici les deux rapports : - le rapport MBAM après suppression des malwares détectés, - le nouveau rapport Hijackthis ! Merci encore pour ton support. Cordialement, Véronique ________________MBAM______________________ Malwarebytes' Anti-Malware 1.35 Version de la base de données: 1916 Windows 5.1.2600 Service Pack 3 29/03/2009 17:22:20 mbam-log-2009-03-29 (17-22-20).txt Type de recherche: Examen complet (C:\|D:\|F:\|G:\|) Eléments examinés: 183362 Temps écoulé: 57 minute(s), 28 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 7 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 2 Dossier(s) infecté(s): 67 Fichier(s) infecté(s): 50 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\egauth.egegauth (Adware.EGDAccess) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\egauth.egegauth.1 (Adware.EGDAccess) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mslagent.3 (Adware.EGDAccess) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mslagent.3.1 (Adware.EGDAccess) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\navipromo.egnaviscoring (Adware.EGDAccess) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\navipromo.egnaviscoring.1 (Adware.EGDAccess) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/system32/eglivecam_1028.dll (Adware.EGDAccess) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\eglivecam_1028.dll (Adware.EGDAccess) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): C:\Program Files\Instant Access (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\Center (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\Center\Icons (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\DesktopIcons (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\4632771568 (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\4632771568\img (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\4632771568\members (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\4632771568\res (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\4632771568\res\34534 (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\4632771568\res\34534\pr (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\4632771568\res\34534\pr\rev (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\4632771568\res\34534\pr\rev\ci (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\4632771568\res\34534\pr\rev\ci\ti (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\4632771568\res\34534\pr\rev\ci\ti\tour0 (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\4632771568\res\34534\pr\rev\ci\ti\tour0\co (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\4632771568\res\34534\pr\rev\ci\ti\tour0\co\fc (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\4632771568\res\34534\pr\rev\ci\ti\tour0\co\fc\jo (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\4632771568\res\34534\pr\rev\ci\ti\tour0\co\fc\jo\join0 (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\4632771568\res\34534\pr\rev\ci\ti\tour0\co\fc\jo\join0\pi (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\4632771568\res\34534\pr\rev\ci\ti\tour0\co\fc\jo\join0\pi\front (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\4632771568\res\34534\pr\rev\ci\ti\tour0\co\fc\jo\join0\pi\front\tt (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\4632771568\res\34534\pr\rev\ci\ti\tour0\co\fc\jo\join0\pi\front\tt\cf (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\4632771568\res\34534\pr\rev\ci\ti\tour0\co\fc\jo\join0\pi\front\tt\cf\ln (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\4632771568\res\34534\pr\rev\ci\ti\tour0\co\fc\jo\join0\pi\front\tt\cf\ln\pt (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\4632771568\res\34534\pr\rev\ci\ti\tour0\co\fc\jo\join0\pi\front\tt\cf\ln\pt\h (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\4632771568\res\34534\pr\rev\ci\ti\tour0\co\fc\jo\join0\pi\front\tt\cf\ln\pt\h\sid (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\4632771568\res\34534\pr\rev\ci\ti\tour0\co\fc\jo\join0\pi\front\tt\cf\ln\pt\t (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\4632771568\res\34534\pr\rev\ci\ti\tour0\co\fc\jo\join0\pi\front\tt\cf\ln\pt\t\sid (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\4632771568\res\34534\pr\rev\ti (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\4632771568\res\34534\pr\rev\ti\tour0 (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\4632771568\res\34534\pr\rev\ti\tour0\co (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\4632771568\res\34534\pr\rev\ti\tour0\co\fc (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\4632771568\res\34534\pr\rev\ti\tour0\co\fc\pi (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289 (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\img (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\members (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\res (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\res\34534 (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\res\34534\pr (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\res\34534\pr\rev (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\res\34534\pr\rev\ci (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\res\34534\pr\rev\ci\ti (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\res\34534\pr\rev\ci\ti\tour0 (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\res\34534\pr\rev\ci\ti\tour0\co (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\res\34534\pr\rev\ci\ti\tour0\co\fc (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\res\34534\pr\rev\ci\ti\tour0\co\fc\jo (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\res\34534\pr\rev\ci\ti\tour0\co\fc\jo\join0 (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\res\34534\pr\rev\ci\ti\tour0\co\fc\jo\join0\pi (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\res\34534\pr\rev\ci\ti\tour0\co\fc\jo\join0\pi\front (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\res\34534\pr\rev\ci\ti\tour0\co\fc\jo\join0\pi\front\tt (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\res\34534\pr\rev\ci\ti\tour0\co\fc\jo\join0\pi\front\tt\cf (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\res\34534\pr\rev\ci\ti\tour0\co\fc\jo\join0\pi\front\tt\cf\ln (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\res\34534\pr\rev\ci\ti\tour0\co\fc\jo\join0\pi\front\tt\cf\ln\pt (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\res\34534\pr\rev\ci\ti\tour0\co\fc\jo\join0\pi\front\tt\cf\ln\pt\h (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\res\34534\pr\rev\ci\ti\tour0\co\fc\jo\join0\pi\front\tt\cf\ln\pt\h\sid (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\res\34534\pr\rev\ci\ti\tour0\co\fc\jo\join0\pi\front\tt\cf\ln\pt\t (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\res\34534\pr\rev\ci\ti\tour0\co\fc\jo\join0\pi\front\tt\cf\ln\pt\t\sid (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\res\34534\pr\rev\ti (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\res\34534\pr\rev\ti\tour0 (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\res\34534\pr\rev\ti\tour0\co (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\res\34534\pr\rev\ti\tour0\co\fc (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\res\34534\pr\rev\ti\tour0\co\fc\pi (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7690309565 (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7690309565\Common (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7690309565\ExitTraffic (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7690309565\img (Adware.EGDAccess) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Program Files\Instant Access\Center\.upd (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\Center\InstantAccess.upd (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\Center\KooAccess.upd (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\Center\tray1.ico (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\Center\Icons\KooAccess.lnk (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\DesktopIcons\KooAccess.lnk (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\4632771568\members\index.htm (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\4632771568\res\34534\pr\rev\ci\ti\tour0\co\fc\jo\join0\pi\front\tt\cf\ln\pt\h\sid\41f9013125263d2c7a88a5edb5bf901f (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\4632771568\res\34534\pr\rev\ci\ti\tour0\co\fc\jo\join0\pi\front\tt\cf\ln\pt\t\sid\41f9013125263d2c7a88a5edb5bf901f (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\img\box1.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\img\box3.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\img\tawnee1.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\img\tawnee10.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\img\tawnee11.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\img\tawnee12.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\img\tawnee13.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\img\tawnee14.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\img\tawnee15.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\img\tawnee16.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\img\tawnee17.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\img\tawnee18.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\img\tawnee19.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\img\tawnee2.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\img\tawnee3.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\img\tawnee4.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\img\tawnee5.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\img\tawnee6.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\img\tawnee7.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\img\tawnee8.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\img\tawnee9.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\img\top.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\img\view.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\members\index.htm (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\res\34534\pr\rev\ci\ti\tour0\co\fc\jo\join0\pi\front\tt\cf\ln\pt\h\sid\5ff0ddb7cd677c2c48b43cec39519a23 (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7645986289\res\34534\pr\rev\ci\ti\tour0\co\fc\jo\join0\pi\front\tt\cf\ln\pt\t\sid\5ff0ddb7cd677c2c48b43cec39519a23 (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7690309565\Common\hits.php (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7690309565\Common\module.php (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7690309565\Common\show_module.php (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7690309565\ExitTraffic\exit.php (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7690309565\img\hits_img.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7690309565\img\p2e.ico (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7690309565\img\p2e_1_2.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7690309565\img\p2e_2_2.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7690309565\img\p2e_go_2.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\P2E\7690309565\img\p2e_logo_2.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Bureau\Instant Access.lnk (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\WINDOWS\tmlpcert2005 (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\WINDOWS\system32\eglivecam_1028.dll (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mseggrpid.dll (Adware.EGDAccess) -> Quarantined and deleted successfully. ________________________________HIJACKTHIS_________________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:37:02, on 29/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe C:\Program Files\Microsoft Hardware\Keyboard\type32.exe C:\Program Files\Fichiers communs\AOL\1154272819\ee\AOLSoftware.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Logitech\QuickCam10\COCIManager.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\winrar\WinRAR.exe C:\DOCUME~1\VRONIQ~1\LOCALS~1\Temp\Rar$EX00.406\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mana.pf/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.search.yahoo.com/search?fr=mcafee&p=%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [statusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [iPHSend] C:\Program Files\Fichiers communs\AOL\IPHSend\IPHSend.exe O4 - HKLM\..\Run: [intelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1154272819\ee\AOLSoftware.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.fr/s/v/39.20/uploader2.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://fare83.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1108897364750 O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 11362 bytes -
Analyse rapport
veropoupoune a répondu à un(e) sujet de veropoupoune dans Analyses et éradication malwares
Bonsoir Gof ! Merci pour ta réponse. Je vais m'atteler à la mise en oeuvre de tes préconisations dès que possible (je pense malheureusement plutôt en fin de semaine) et je reviens vers toi avec un nouveau rapport. A très bientôt et un petit rayon de soleil des tropiques ! Véronique -
Bonjour à tous, J'expérimente depuis quelques temps un ralentissement significatif de mon PC. J'ai commencé par appliquer les recommendations basiques (nettoyage du disque, defrag,..) mais le pb persiste. Je me demande donc si mon PC n'est pas infecté bien que mon antivirus (McAfee) est à jour. Je poste donc un rapport HijackThis en vous demandant votre aide quand à son interprétation Par avance, je vous remercie pour votre support. Bien cordialement, Véronique Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:17:36, on 19/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe C:\Program Files\Microsoft Hardware\Keyboard\type32.exe C:\Program Files\Fichiers communs\AOL\1154272819\ee\AOLSoftware.exe C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Logitech\QuickCam10\COCIManager.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Skype\Phone\Skype.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\winrar\WinRAR.exe C:\DOCUME~1\VRONIQ~1\LOCALS~1\Temp\Rar$EX00.187\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mana.pf/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.search.yahoo.com/search?fr=mcafee&p=%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - C:\WINDOWS\mslagent\4b_1,0,1,2_mslagent.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [statusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [iPHSend] C:\Program Files\Fichiers communs\AOL\IPHSend\IPHSend.exe O4 - HKLM\..\Run: [intelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1154272819\ee\AOLSoftware.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) - http://akamai.downloadv3.com/binaries/P2EC..._1022_FR_XP.cab O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_FR_XP.cab O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.fr/s/v/39.20/uploader2.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://fare83.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1108897364750 O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - O16 - DPF: {FC9C7D52-C99A-494A-AA79-4A25098F659C} (GVDLoad Control) - http://www.casinoglamour.com/dload/gvdload.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 12033 bytes
-
Résolu - PC infesté win32:trojan-gen {other}
veropoupoune a répondu à un(e) sujet de veropoupoune dans Analyses et éradication malwares
Merci beaucoup chrifleur pour tes conseils avisés et ton support. Je vais appliquer les procédures de prévention que tu me conseilles sur ce portable qui était infecté mais également sur mon PC fixe pour qu'il ne le soit jamais . A bientôt peut-être sur le forum ! veropoupoune -
Résolu - PC infesté win32:trojan-gen {other}
veropoupoune a répondu à un(e) sujet de veropoupoune dans Analyses et éradication malwares
voilà, - le grand nettoyeur ccleaner est passé, - avast est supprimé et remplacé par antivir (en suivant le tuto de tesgaz sur la config antivir) - le scan a été fait en mode sans échec et voici le rapport ci-aprés...à priori tout à l'air propre...tu me dis ce que tu en penses et si je fais une autre manip pour en être complètement sûre. A bientôt Veropoupoune ------------------------ Avira AntiVir Personal Report file date: lundi 6 octobre 2008 23:42 Scanning for 1664755 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Save mode Username: Utilisateur Computer name: POSTE-XP Version information: BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 20:57:53 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 19:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 13/06/2008 00:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 19:58:52 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 22:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 01:54:15 ANTIVIR2.VDF : 7.0.6.217 3773440 Bytes 26/09/2008 08:54:24 ANTIVIR3.VDF : 7.0.7.2 280576 Bytes 07/10/2008 08:54:33 Engineversion : 8.1.1.35 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 21:58:21 AESCRIPT.DLL : 8.1.0.76 319867 Bytes 07/10/2008 08:55:30 AESCN.DLL : 8.1.0.23 119156 Bytes 11/07/2008 00:44:49 AERDL.DLL : 8.1.1.2 438644 Bytes 07/10/2008 08:55:23 AEPACK.DLL : 8.1.2.3 364918 Bytes 07/10/2008 08:55:16 AEOFFICE.DLL : 8.1.0.25 196986 Bytes 07/10/2008 08:55:08 AEHEUR.DLL : 8.1.0.59 1438071 Bytes 07/10/2008 08:55:02 AEHELP.DLL : 8.1.0.15 115063 Bytes 11/07/2008 00:44:48 AEGEN.DLL : 8.1.0.36 315764 Bytes 07/10/2008 08:54:47 AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 20:33:21 AECORE.DLL : 8.1.1.11 172406 Bytes 07/10/2008 08:54:42 AEBB.DLL : 8.1.0.1 53617 Bytes 11/07/2008 00:44:48 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 20:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 21:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 07/10/2008 08:54:36 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 23:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 20:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 13/06/2008 00:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/01/2008 05:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 13/06/2008 00:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 26/01/2008 00:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 13/06/2008 01:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 28/06/2008 01:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: high Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: lundi 6 octobre 2008 23:42 Starting search for hidden objects. The driver could not be initialized. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 11 processes with 11 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '57' files ). Starting the file scan: Begin scan in 'C:\' <XP> C:\pagefile.sys [WARNING] The file could not be opened! Begin scan in 'D:\' <Data> End of the scan: mardi 7 octobre 2008 00:11 Used time: 28:18 Minute(s) The scan has been done completely. 3073 Scanning directories 72210 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 72209 Files not concerned 1006 Archives were scanned 1 Warnings 0 Notes -
Résolu - PC infesté win32:trojan-gen {other}
veropoupoune a répondu à un(e) sujet de veropoupoune dans Analyses et éradication malwares
Re-bonjour chrifleur ! Voici donc les noms et chemins des fichiers trouvés par avast et mis en quarantaine : A0039277.dll C:\System Volume Informaion\_restore{213E31C7-D7F1-4190-892C-5BD2DE666626}\RP203 SC2Hook.dll C:\Program Files\SuperCopier2 trz47.tmp C:\WINDOWS\Temp\_avast4_ unp92215309.tmp C:\WINDOWS\Temp\_avast4_ Voilà ! Sinon, après avoir consulter plusieurs sujets du forum concernant le même problème, je comprends qu'il faudrait, à priori que je change avast pour antivir et ensuite faire un scan en mode sans échec avec antivir. Pour l'instant je n'ai rien fait. J'attends tes conseils. A bientôt ! veropoupone -
Résolu - PC infesté win32:trojan-gen {other}
veropoupoune a répondu à un(e) sujet de veropoupoune dans Analyses et éradication malwares
Bonjour chrifleur et merci de t'occuper de mon cas. Je te donne ça ce soir car je n'ai pas le PC avec moi au boulot. Je suis localisée en polynésie francaise, donc j'aurais toujours autour de 12h de décalage pour te répondre. Je te prie de m'en excuser. Cordialement, veropoupoune -
Résolu - PC infesté win32:trojan-gen {other}
veropoupoune a posté un sujet dans Analyses et éradication malwares
Bonjour ! A priori mon PC est infesté avec le trojan mentioné ci-dessus. 4 fichiers infectés ont été mis en quarantaine par avast. Pourriez-vous s'il vous plait m'expliquer la procédure à suivre afin de m'en débarrasser ? J'ai essayé d'interpréter le log Hijackthis en utilisant le tutorial d'interprétation des listes Hijackthis mais j'ai peur de faire des c... Par avance merci pour votre aide. veropoupoune Mon rapport Hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:32:25, on 05/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Free\a2service.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\sm56hlpr.exe C:\Program Files\UPHClean\uphclean.exe C:\WINDOWS\ATK0100\Hcontrol.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DVD Region-Free\DVDRegionFree.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Program Files\Alwil Software\Avast4\ashSimpl.exe C:\Program Files\Alwil Software\Avast4\ashChest.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\update\update.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O1 - Hosts: 62.189.6.78 _sip._tls.sip1.callserve.com O1 - Hosts: 62.189.6.78 _sip._ssl.sip1.callserve.com O1 - Hosts: 62.189.6.79 _sip._tls.sip2.callserve.com O1 - Hosts: 62.189.6.79 _sip._ssl.sip2.callserve.com O1 - Hosts: 62.189.6.85 _sip._tls.sip5.phoneserve.com O1 - Hosts: 62.189.6.85 _sip._ssl.sip5.phoneserve.com O1 - Hosts: 62.189.6.86 _sip._tls.sip6.phoneserve.com O1 - Hosts: 62.189.6.86 _sip._ssl.sip6.phoneserve.com O1 - Hosts: 62.189.6.84 _sip._tls.abcd.winnerip.com O1 - Hosts: 62.189.6.84 _sip._ssl.abcd.winnerip.com O1 - Hosts: 62.189.6.81 _sip._tls.efgh.winnerip.com O1 - Hosts: 62.189.6.81 _sip._ssl.efgh.winnerip.com O1 - Hosts: 62.189.6.83 _sip._tls.ijkl.winnerip.com O1 - Hosts: 62.189.6.83 _sip._ssl.ijkl.winnerip.com O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: DVD Region-Free.lnk = C:\Program Files\DVD Region-Free\DVDRegionFree.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{40BA1D65-2893-436C-823E-6197DD3E694C}: NameServer = 202.3.225.115,202.3.225.125 O17 - HKLM\System\CS1\Services\Tcpip\..\{40BA1D65-2893-436C-823E-6197DD3E694C}: NameServer = 202.3.225.115,202.3.225.125 O17 - HKLM\System\CS2\Services\Tcpip\..\{40BA1D65-2893-436C-823E-6197DD3E694C}: NameServer = 202.3.225.115,202.3.225.125 O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe -- End of file - 9732 bytes