Aller au contenu

edge78

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    5

  • Inscription

  • Dernière visite

edge78's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. edge78
    Salut, vundofix n'a rien trouvé, alors qu'il a trouvé 2 fichiers la première fois, et voici le log virtumondobegone : [02/26/2008, 13:03:19] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Propriétaire\Bureau\VirtumundoBeGone.exe" ) [02/26/2008, 13:03:25] - Detected System Information: [02/26/2008, 13:03:25] - Windows Version: 5.1.2600, Service Pack 2 [02/26/2008, 13:03:25] - Current Username: Propriétaire (Admin) [02/26/2008, 13:03:25] - Windows is in SAFE mode with Networking. [02/26/2008, 13:03:25] - Searching for Browser Helper Objects: [02/26/2008, 13:03:25] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [02/26/2008, 13:03:25] - BHO 2: {243B17DE-77C7-46BF-B94B-0B5F309A0E64} () [02/26/2008, 13:03:26] - WARNING: BHO has no default name. Checking for Winlogon reference. [02/26/2008, 13:03:26] - Checking for HKLM\...\Winlogon\Notify\mnyside [02/26/2008, 13:03:26] - Key not found: HKLM\...\Winlogon\Notify\mnyside, continuing. [02/26/2008, 13:03:26] - BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper) [02/26/2008, 13:03:26] - BHO 4: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper) [02/26/2008, 13:03:26] - Finished Searching Browser Helper Objects [02/26/2008, 13:03:26] - Finishing up... [02/26/2008, 13:03:26] - Nothing found! Exiting...
  2. edge78
    Bonsoir, Voici le log OTMoveIt : DllUnregisterServer procedure not found in C:\WINDOWS\system32\jkkli.dll C:\WINDOWS\system32\jkkli.dll NOT unregistered. File move failed. C:\WINDOWS\system32\jkkli.dll scheduled to be moved on reboot. OTMoveIt2 v1.0.20 log created on 02252008_204902 et le log Combofix (à savoir que combofix a planté 3 fois avant qu'il puisse finir) : ComboFix 08-02-25.3 - Propriétaire 2008-02-26 0:48:51.4 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.505 [GMT 1:00] Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Trend Micro\HijackThis\backups\backup-20080225-174518-216.dll C:\WINDOWS\system32\ilkkj.ini C:\WINDOWS\system32\ilkkj.ini2 C:\WINDOWS\system32\jkkli.dll C:\WINDOWS\system32\ljjiffd.dll C:\WINDOWS\system32\motbwfxf.ini C:\WINDOWS\system32\nGpxx01 C:\WINDOWS\system32\qfwgbssv.ini C:\WINDOWS\system32\tximcqvi.ini C:\WINDOWS\system32\uodvpqnt.ini C:\WINDOWS\system32\vxidqpdt.ini . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-25 to 2008-02-25 )))))))))))))))))))))))))))))))))))) . 2008-02-25 20:49 . 2008-02-25 20:49 <REP> d-------- C:\_OTMoveIt 2008-02-25 18:42 . 2008-02-25 18:58 <REP> d-------- C:\Program Files\Navilog1 2008-02-25 17:51 . 2008-02-25 18:28 <REP> d-------- C:\VundoFix Backups 2008-02-25 17:27 . 2008-02-25 17:27 <REP> d-------- C:\Program Files\Trend Micro 2008-02-25 02:46 . 2008-02-25 08:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-02-23 19:00 . 2008-02-23 19:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2008-02-23 18:59 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll 2008-02-23 18:59 . 2008-02-25 08:42 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2008-02-23 18:56 . 2008-02-25 09:07 <REP> d-------- C:\WINDOWS\Internet Logs 2008-02-21 18:17 . 2008-02-25 02:31 70,867 --a------ C:\WINDOWS\BM838f9fdf.xml 2008-02-21 18:17 . 2008-02-25 02:48 22 --a------ C:\WINDOWS\pskt.ini 2008-02-20 03:31 . 2008-02-20 03:31 <REP> d-------- C:\WINDOWS\system32\yw3 2008-02-20 03:31 . 2008-02-25 07:30 <REP> d-------- C:\WINDOWS\system32\mq9 2008-02-20 03:30 . 2008-02-20 03:31 <REP> d-------- C:\WINDOWS\system32\rp1 2008-02-20 03:30 . 2008-02-26 00:06 <REP> d-------- C:\Temp 2008-02-20 03:30 . 2008-02-20 03:30 191,894 --a------ C:\Temp\sbhKK1910.exe 2008-02-14 17:57 . 2008-02-14 17:57 <REP> d-------- C:\Program Files\Ocean Technologies & Media 2008-02-14 17:57 . 2006-03-14 02:26 53,248 --a------ C:\WINDOWS\system32\ImageOle.dll 2008-02-04 16:41 . 2004-09-21 11:13 9,196,032 --------- C:\WINDOWS\system32\RTLCPL.exe 2008-02-04 16:41 . 2004-09-10 10:12 208,896 --------- C:\WINDOWS\alcupd.exe 2008-02-04 16:41 . 2004-09-07 14:23 156,672 --------- C:\WINDOWS\system32\RtlCPAPI.dll 2008-02-04 16:41 . 2002-02-05 13:54 141,016 --------- C:\WINDOWS\system32\alsndmgr.wav 2008-02-04 16:41 . 2004-09-01 20:04 139,264 --------- C:\WINDOWS\alcrmv.exe 2008-02-04 16:41 . 2004-09-16 20:39 69,632 --------- C:\WINDOWS\soundman.exe 2008-02-04 16:41 . 2004-02-25 18:00 40,448 --------- C:\WINDOWS\system32\ChCfg.exe 2008-02-04 16:31 . 2008-02-04 16:31 <REP> d-------- C:\Program Files\Lavalys 2008-02-03 17:55 . 2003-01-01 16:43 <REP> d-a------ C:\Documents and Settings\Administrateur.PASCAL.003\WINDOWS 2008-02-03 17:55 . 2003-01-01 14:41 <REP> d-a------ C:\Documents and Settings\Administrateur.PASCAL.003\Voisinage r‚seau 2008-02-03 17:55 . 2003-01-01 14:41 <REP> d-a------ C:\Documents and Settings\Administrateur.PASCAL.003\Voisinage d'impression 2008-02-03 17:55 . 2008-02-03 17:55 <REP> d---s---- C:\Documents and Settings\Administrateur.PASCAL.003\UserData 2008-02-03 17:55 . 2008-02-03 17:55 <REP> d-a------ C:\Documents and Settings\Administrateur.PASCAL.003\ModŠles 2008-02-03 17:55 . 2008-02-03 17:57 <REP> d-a------ C:\Documents and Settings\Administrateur.PASCAL.003\Mes documents 2008-02-03 17:55 . 2004-12-01 01:14 <REP> d-a------ C:\Documents and Settings\Administrateur.PASCAL.003\Menu D‚marrer 2008-02-03 17:55 . 2004-12-01 01:14 <REP> d-a------ C:\Documents and Settings\Administrateur.PASCAL.003\Favoris 2008-02-03 17:55 . 2003-01-01 17:01 <REP> d-a------ C:\Documents and Settings\Administrateur.PASCAL.003\Bureau 2008-02-03 17:55 . 2004-09-08 18:58 <REP> d-------- C:\Documents and Settings\Administrateur.PASCAL.003\.scorched3d 2008-02-03 17:55 . 2004-02-07 23:29 <REP> d-------- C:\Documents and Settings\Administrateur.PASCAL.003\.jpi_cache 2008-02-03 17:55 . 2003-01-01 17:01 <REP> d-a------ C:\Documents and Settings\Administrateur.PASCAL.003\.javaws 2008-02-03 17:55 . 2004-02-07 23:29 <REP> d-------- C:\Documents and Settings\Administrateur.PASCAL.003\.java 2008-02-03 17:55 . 2004-09-12 19:17 13,195 --a------ C:\Documents and Settings\Administrateur.PASCAL.003\zguicfgw.dat 2008-02-01 18:24 . 2008-02-01 18:24 <REP> d-------- C:\Program Files\Alwil Software 2008-01-26 13:48 . 2004-12-01 01:14 <REP> d-a------ C:\Documents and Settings\Administrateur.PASCAL.002\Favoris 2008-01-26 13:48 . 2003-01-01 17:01 <REP> d-a------ C:\Documents and Settings\Administrateur.PASCAL.002\Bureau 2008-01-26 13:48 . 2004-09-08 18:58 <REP> d-------- C:\Documents and Settings\Administrateur.PASCAL.002\.scorched3d 2008-01-26 13:48 . 2004-02-07 23:29 <REP> d-------- C:\Documents and Settings\Administrateur.PASCAL.002\.jpi_cache 2008-01-26 13:48 . 2003-01-01 17:01 <REP> d-a------ C:\Documents and Settings\Administrateur.PASCAL.002\.javaws 2008-01-26 13:48 . 2004-02-07 23:29 <REP> d-------- C:\Documents and Settings\Administrateur.PASCAL.002\.java 2008-01-26 13:48 . 2004-09-12 19:17 13,195 --a------ C:\Documents and Settings\Administrateur.PASCAL.002\zguicfgw.dat 2008-01-26 13:47 . 2003-01-01 16:43 <REP> d-a------ C:\Documents and Settings\Administrateur.PASCAL.002\WINDOWS 2008-01-26 13:47 . 2003-01-01 14:41 <REP> d-a------ C:\Documents and Settings\Administrateur.PASCAL.002\Voisinage r‚seau 2008-01-26 13:47 . 2003-01-01 14:41 <REP> d-a------ C:\Documents and Settings\Administrateur.PASCAL.002\Voisinage d'impression 2008-01-26 13:47 . 2008-01-26 13:48 <REP> d---s---- C:\Documents and Settings\Administrateur.PASCAL.002\UserData 2008-01-26 13:47 . 2008-01-26 13:48 <REP> d-a------ C:\Documents and Settings\Administrateur.PASCAL.002\ModŠles 2008-01-26 13:47 . 2008-02-24 21:08 <REP> d-a------ C:\Documents and Settings\Administrateur.PASCAL.002\Mes documents 2008-01-26 13:47 . 2008-01-26 14:14 <REP> d-a------ C:\Documents and Settings\Administrateur.PASCAL.002\Menu D‚marrer 2008-01-26 12:40 . 2003-01-01 16:43 <REP> d-a------ C:\Documents and Settings\Administrateur.PASCAL.001\WINDOWS 2008-01-26 12:40 . 2003-01-01 14:41 <REP> d-a------ C:\Documents and Settings\Administrateur.PASCAL.001\Voisinage r‚seau 2008-01-26 12:40 . 2003-01-01 14:41 <REP> d-a------ C:\Documents and Settings\Administrateur.PASCAL.001\Voisinage d'impression 2008-01-26 12:40 . 2008-01-26 12:40 <REP> d---s---- C:\Documents and Settings\Administrateur.PASCAL.001\UserData 2008-01-26 12:40 . 2008-01-26 12:40 <REP> d-a------ C:\Documents and Settings\Administrateur.PASCAL.001\ModŠles 2008-01-26 12:40 . 2008-01-26 12:42 <REP> d-a------ C:\Documents and Settings\Administrateur.PASCAL.001\Mes documents 2008-01-26 12:40 . 2004-12-01 01:14 <REP> d-a------ C:\Documents and Settings\Administrateur.PASCAL.001\Menu D‚marrer 2008-01-26 12:40 . 2004-12-01 01:14 <REP> d-a------ C:\Documents and Settings\Administrateur.PASCAL.001\Favoris 2008-01-26 12:40 . 2003-01-01 17:01 <REP> d-a------ C:\Documents and Settings\Administrateur.PASCAL.001\Bureau 2008-01-26 12:40 . 2004-09-08 18:58 <REP> d-------- C:\Documents and Settings\Administrateur.PASCAL.001\.scorched3d 2008-01-26 12:40 . 2004-02-07 23:29 <REP> d-------- C:\Documents and Settings\Administrateur.PASCAL.001\.jpi_cache 2008-01-26 12:40 . 2003-01-01 17:01 <REP> d-a------ C:\Documents and Settings\Administrateur.PASCAL.001\.javaws 2008-01-26 12:40 . 2004-02-07 23:29 <REP> d-------- C:\Documents and Settings\Administrateur.PASCAL.001\.java 2008-01-26 12:40 . 2004-09-12 19:17 13,195 --a------ C:\Documents and Settings\Administrateur.PASCAL.001\zguicfgw.dat . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-25 22:49 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-02-25 22:41 --------- d-----w C:\Program Files\Opera 2008-02-25 22:40 --------- d-----w C:\Program Files\Logitech 2008-02-25 22:39 --------- d-----w C:\Program Files\KrView 2008-02-23 17:43 --------- d-----w C:\Program Files\Warcraft III 2008-02-19 06:08 98,304 ----a-w C:\WINDOWS\system32CmdLineExt.dll 2008-02-14 16:57 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-04 15:50 --------- d-----w C:\Program Files\ATI Technologies 2008-02-04 00:14 73,216 ----a-w C:\WINDOWS\ODEUNST.EXE 2008-02-04 00:14 327,680 ------w C:\WINDOWS\Setup1.exe 2008-02-04 00:14 151,622 ------w C:\WINDOWS\modcas.dll 2008-02-04 00:14 101,888 ------w C:\WINDOWS\odestkit.dll 2008-02-04 00:14 1,388,544 ------w C:\WINDOWS\msvbvm60.dll 2008-02-03 18:15 --------- d---a-w C:\Program Files\Fichiers communs\Symantec Shared 2008-02-03 18:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-03 18:05 --------- d-----w C:\Program Files\Google 2008-02-03 18:03 --------- d---a-w C:\Program Files\Symantec 2008-02-01 18:15 --------- d-----w C:\Program Files\Mixmpegdeaf 2008-01-19 09:25 --------- d-----w C:\Program Files\DivX 2008-01-01 15:39 --------- d-----w C:\Program Files\Razer 2004-09-12 18:17 13,195 ----a-w C:\WINDOWS\system32\config\systemprofile\zguicfgw.dat 2004-09-12 18:17 13,195 ----a-w C:\Documents and Settings\Default User\zguicfgw.dat 2004-09-12 18:17 13,195 ----a-w C:\Documents and Settings\Administrateur\zguicfgw.dat 2004-09-12 18:17 13,195 ----a-w C:\Documents and Settings\Administrateur.PASCAL\zguicfgw.dat 2004-09-12 18:17 13,195 ----a-w C:\Documents and Settings\Administrateur.PASCAL.000\zguicfgw.dat 2003-12-16 10:56 32 --sha-w C:\WINDOWS\{B179A7B2-E2F6-4CAC-B9F1-1C736024C276}.dat 2003-12-16 10:56 32 --sha-w C:\WINDOWS\system32\{A0985304-19B4-4854-BAA5-D11A1AE46CCE}.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352] "Steam"="" [] "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-04-26 07:06 29696 C:\WINDOWS\KHALMNPR.Exe] "Dimondback"="C:\Program Files\Razer\Diamondback\razerhid.exe" [2007-01-18 09:48 147456] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056] "Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-18 15:36 28672] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Configuration Utility.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Configuration Utility.lnk backup=C:\WINDOWS\pss\Configuration Utility.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor] --a------ 2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange] --a------ 2006-05-03 17:45 26112 C:\WINDOWS\system32\Ati2mdxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] --a------ 2003-07-19 21:10 335872 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor] --a------ 2002-10-07 14:23 90112 c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy] c:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart] C:\Program Files\eMule\emule.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] --a------ 2003-04-07 14:07 114688 C:\WINDOWS\System32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv] --a------ 1998-05-07 23:04 52736 c:\windows\system\hpsysdrv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstaFinderK] C:\Program Files\INSTAFINK\InstaFinderK_inst.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2007-07-10 09:18 270648 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD] C:\HP\KBD\KBD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2003-05-03 06:19 4640768 C:\WINDOWS\System32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW] --a------ 2003-05-03 06:19 835654 C:\WINDOWS\system32\nview.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2003-05-03 06:19 323584 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2] --a------ 2002-10-16 23:57 81920 C:\WINDOWS\system32\ps2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard] --a------ 2002-09-14 04:42 212992 C:\WINDOWS\SMINST\RECGUARD.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] --a------ 2007-01-29 15:36 25370152 C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics] --a------ 2001-10-03 10:09 4247552 C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt] --a------ 2004-11-10 11:57 218240 C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-02-09 16:18 1266936 C:\Program Files\Valve\Steam\\Steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard] C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k] --a------ 2003-08-09 11:27 139264 C:\Program Files\Multimedia Card Reader\shwicon2k.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] --a------ 2005-02-12 22:47 95960 C:\PROGRA~1\SYMNET~1\SNDMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] --a------ 2003-05-08 07:32 36864 C:\WINDOWS\system32\VTTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\mIRC\\mirc.exe"= "C:\\Program Files\\Valve\\Steam\\SteamApps\\lanfeust_de_troy_7@hotmail.com\\counter-strike\\hl.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\WINDOWS\\system32\\dplaysvr.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Valve\\Steam\\Steam.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\Ocean Technologies & Media\\GG E-Sports Platform\\GGclient.exe"= R2 PStrip;PSTRIP;C:\WINDOWS\System32\DRIVERS\PSTRIP.SYS [2004-11-09 23:32] R3 Razerlow;Razerlow USB Filter Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys [2005-04-24 22:43] R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 07:08] S3 MA311;NETGEAR Wireless LAN Driver;C:\WINDOWS\system32\DRIVERS\ma311n51.sys [2002-05-01 16:56] S3 optousb;OPTO ELECTRONICS optousb;C:\WINDOWS\system32\DRIVERS\optousb.sys [2006-10-18 18:14] S3 optovcm;OPTO ELECTRONICS optovcm;C:\WINDOWS\system32\DRIVERS\optovcm.sys [2006-10-19 14:46] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - D:\Info.exe folder.htt 480 480 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\autoplay.exe . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-02-25 23:57:35 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" Et enfin un petit log hjt: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:12, on 2008-02-26 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Razer\Diamondback\razerhid.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Razer\Diamondback\razertra.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Razer\Diamondback\razerofa.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\hjt.exe R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://fr9.hpwis.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Dimondback] C:\Program Files\Razer\Diamondback\razerhid.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM') O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user') O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?2b4f57d452ed41a485687cdb6bead4af O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?2b4f57d452ed41a485687cdb6bead4af O8 - Extra context menu item: Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.consoclicker.com O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1158846338968 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe -- End of file - 6849 bytes Apparement les lignes qui posaient problème ont finalement toutes disparues. Cela signifie t'il que je suis clean? J'attends votre réponse avant de réinstaller antivir et zonealarm. Je compte aussi supprimer tous les outils utilisés, des recommandations particulères? Merci pour votre aide.
  3. edge78
    Tout a été suivi à la lettre ! Search Navipromo version 3.4.7 commencé le 25/02/2008 à 18:43:48,28 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Mise à jour le 23.02.2008 à 20h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 6.0.2900.2180 Système de fichiers : NTFS Executé en mode normal *** Recherche Programmes installés *** *** Recherche dossiers dans C:\WINDOWS *** *** Recherche dossiers dans C:\Program Files *** *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 *** *** Recherche dossiers dans "C:\Documents and Settings\Propriétaire\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\Propriétaire\locals~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\Propriétaire\MENUDM~1\PROGRA~1" *** *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net Aucun Fichier trouvé *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans C:\WINDOWS\system32 * * Recherche dans "C:\Documents and Settings\Propriétaire\locals~1\applic~1" * *** Recherche fichiers *** *** Recherche clés spécifiques dans le Registre *** *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans C:\WINDOWS\system32 : * Dans "C:\Documents and Settings\Propriétaire\locals~1\applic~1" : 3)Recherche Certificats : Certificat Egroup absent ! 4)Recherche fichiers connus : C:\WINDOWS\system32\ilkkj.ini2 trouvé ! infection Vundo possible non traitée par cet outil ! *** Analyse terminée le 25/02/2008 à 18:55:12,26 *** Et un petit scan hjt pour la route : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:05:17, on 25/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Razer\Diamondback\razerhid.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Razer\Diamondback\razertra.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Razer\Diamondback\razerofa.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\hjt.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://fr9.hpwis.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: (no name) - {4D962840-10BE-41C9-A442-D8CAAF4806C0} - C:\WINDOWS\system32\jkkli.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Dimondback] C:\Program Files\Razer\Diamondback\razerhid.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM') O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user') O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?2b4f57d452ed41a485687cdb6bead4af O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?2b4f57d452ed41a485687cdb6bead4af O8 - Extra context menu item: Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program Files\UnibetpokerMPP\MPPoker.exe O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.consoclicker.com O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1158846338968 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe -- End of file - 7777 bytes Merci
  4. edge78
    Ok, j'ai fait tout comme indiqué. Voici le nouveau log : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:30:06, on 25/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Razer\Diamondback\razerhid.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Razer\Diamondback\razertra.exe C:\Program Files\Razer\Diamondback\razerofa.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Trend Micro\HijackThis\hjt.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://fr9.hpwis.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: (no name) - {41CE9C66-A0A8-4283-A756-72566F13E43B} - C:\WINDOWS\system32\jkkli.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {A8CA009F-8CBE-4BEC-8511-0997523E3E80} - C:\Program Files\Internet Explorer\gukim89104.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: {7e8bde47-ed80-b0db-c954-77aaf63607ac} - {ca70636f-aa77-459c-bd0b-08de74edb8e7} - C:\WINDOWS\system32\bmfkmlke.dll (file missing) O2 - BHO: (no name) - {D85530E8-D39D-49D0-9F36-300D594556D2} - C:\WINDOWS\system32\hggdbxx.dll O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Dimondback] C:\Program Files\Razer\Diamondback\razerhid.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM') O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user') O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?2b4f57d452ed41a485687cdb6bead4af O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?2b4f57d452ed41a485687cdb6bead4af O8 - Extra context menu item: Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program Files\UnibetpokerMPP\MPPoker.exe O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.consoclicker.com O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1158846338968 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: hggdbxx - C:\WINDOWS\SYSTEM32\hggdbxx.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe -- End of file - 8203 bytes Merci
  5. edge78
    Bonjour, je suis infecté par le trojan Win32:TratBHO (entre autres), indiqué par avast qui n'arrivait pas à s'en debarrasser. Suite aux conseils de ce forum j'ai desinstallé avast, installé antivir en mode sans echec, lancé un scan (qui m'a quand même trouvé une trentaine de virus/trojans)... mais de retour en mode normal les symptomes finissent par reapparaitre (fausses pubs, ralentissement et parfois plantage) J'ai desinstallé antivir car il m'indique sans cesse le virus que c'etait ingérable ! voici mon log hjt: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:25:58, on 25/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Razer\Diamondback\razerhid.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Razer\Diamondback\razertra.exe C:\Program Files\Razer\Diamondback\razerofa.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://fr9.hpwis.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Dimondback] C:\Program Files\Razer\Diamondback\razerhid.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM') O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user') O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?2b4f57d452ed41a485687cdb6bead4af O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?2b4f57d452ed41a485687cdb6bead4af O8 - Extra context menu item: Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program Files\UnibetpokerMPP\MPPoker.exe O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.consoclicker.com O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1158846338968 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe -- End of file - 7105 bytes Merci de votre aide
×
×
  • Créer...