Aller au contenu

stef44

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    69

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par stef44

  1. stef44
    Ca y est j'ai désactivé la restauration du système et quand tu dis relancer le navigateur c'est : fermer toutes les fenêtres Internet et relancer Internet? Sinon pour les résidus de Répertoires, que faire? Par contre, j'ai toujours une fenêtre qui s'affiche de temps en temps en m'indiquant qu'il s'agit d'un Trojan.... Enfin, dans la barre des tâches, j'ai une icône d'alerte de sécurité internet qui me dit que les MAJ Windows n'ont sont pas actives mais quand je vais dans le centre de sécurité c'est coché MAJ automatiques???????
  2. stef44
    Ci-joint le rapport du scan Kapersky : -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Friday, August 15, 2008 Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Friday, August 15, 2008 08:33:02 Records in database: 1094623 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ Scan statistics: Files scanned: 88476 Threat name: 3 Infected objects: 6 Suspicious objects: 0 Duration of the scan: 01:27:46 File name / Threat name / Threats count C:\System Volume Information\_restore{C088B59D-00E1-4866-9985-462F55916981}\RP671\A0139057.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.clp 1 C:\System Volume Information\_restore{C088B59D-00E1-4866-9985-462F55916981}\RP671\A0139068.exe Infected: not-a-virus:FraudTool.Win32.WinSpywareProtect.bh 1 C:\System Volume Information\_restore{C088B59D-00E1-4866-9985-462F55916981}\RP671\A0139116.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.clp 1 C:\System Volume Information\_restore{C088B59D-00E1-4866-9985-462F55916981}\RP671\A0139132.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1 C:\System Volume Information\_restore{C088B59D-00E1-4866-9985-462F55916981}\RP674\A0139480.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1 C:\System Volume Information\_restore{C088B59D-00E1-4866-9985-462F55916981}\RP674\A0139590.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1 The selected area was scanned. Pour info, ANTIVIR a trouvé en parallèle de l'analyse des Trojans que j'ai mis en quarantaine
  3. stef44
    Comme je ne suis pas très doué avec l'éditeur, je t'envoie a suite de mon message. J'ai remarqué en parcourant le C: qu'il restait beaucoup de répertoires de logiciels que j'avais désinstallé comme : 1-BOONTY sous C:/Doc & Settings/All Users..... 2-Lavasoft (Ad-Aware 2007 sous C:/Doc & Settings/All Users..... 3-ma-conig.com sous C:/Doc & Settings/All Users..... 4-Spybot-Search & Destroy sous C:/Doc & Settings/All Users..... 5-Alwil Software sous C:/Program Files Comment faire pour avoir un PC le plus propre possible? D'avance merci
  4. stef44
    Salut, Le scan Kapersky est en cours. Sinon, je t'envoie le rapport de ToolsCleaner : -->- Recherche: C:\SDFIX: trouvé ! C:\Lop SD: trouvé ! C:\_OtMoveIt: trouvé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé ! C:\Documents and Settings\PAUCHET\Menu Démarrer\Programmes\Lop S&D: trouvé ! C:\Documents and Settings\PAUCHET\Bureau\SdFix.exe: trouvé ! C:\Documents and Settings\PAUCHET\Bureau\HijackThis.lnk: trouvé ! C:\Documents and Settings\PAUCHET\Bureau\Lop S&D.lnk: trouvé ! C:\Documents and Settings\PAUCHET\Bureau\LopSD.exe: trouvé ! C:\Documents and Settings\PAUCHET\Bureau\OtMoveIt2.exe: trouvé ! C:\Documents and Settings\PAUCHET\Bureau\HJTInstall.exe: trouvé ! C:\Documents and Settings\PAUCHET\Bureau\SmitFraudFix.exe: trouvé ! C:\Documents and Settings\PAUCHET\Bureau\SmitFraudfix: trouvé ! C:\Program Files\Trend Micro\HijackThis: trouvé ! C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé ! C:\Lop SD\Lop S&D.lnk: trouvé ! --------------------------------- -->- Suppression: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé ! C:\Documents and Settings\PAUCHET\Bureau\SdFix.exe: supprimé ! C:\Documents and Settings\PAUCHET\Bureau\HijackThis.lnk: supprimé ! C:\Documents and Settings\PAUCHET\Bureau\Lop S&D.lnk: supprimé ! C:\Documents and Settings\PAUCHET\Bureau\LopSD.exe: supprimé ! C:\Documents and Settings\PAUCHET\Bureau\OtMoveIt2.exe: supprimé ! C:\Documents and Settings\PAUCHET\Bureau\HJTInstall.exe: supprimé ! C:\Documents and Settings\PAUCHET\Bureau\SmitFraudFix.exe: supprimé ! C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé ! C:\Lop SD\Lop S&D.lnk: supprimé ! C:\SDFIX: supprimé ! C:\Lop SD: supprimé ! C:\_OtMoveIt: supprimé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé ! C:\Documents and Settings\PAUCHET\Menu Démarrer\Programmes\Lop S&D: supprimé ! C:\Documents and Settings\PAUCHET\Bureau\SmitFraudfix: supprimé ! C:\Program Files\Trend Micro\HijackThis: supprimé ! Point de restauration crée ! Corbeille vidée! Fichiers temporaires nettoyés !
  5. stef44
    Donc après effectué la manip précédente et redémarré le PC, voicile nouveau rapport HiJack : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:37:03, on 14/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\grmhkjyf.exe C:\Documents and Settings\PAUCHET\Menu Démarrer\Programmes\Démarrage\EPM-DM.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\SPAMfighter\sfus.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.aliceadsl.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S85.tmp" /EF "HKLM" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MntChkSys] C:\WINDOWS\system32\grmhkjyf.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: EPM-DM.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichier...ion_3_0_3_0.cab O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr/configurate...countHelper.cab O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} (PhotoBox uploader) - http://www.photoways.com/assets/aurigma/ImageUploader4.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe -- End of file - 7625 bytes
  6. stef44
    Je viens d'exécuter la procédure et les rapports de OTMoveIt2 et HiJack sont les suivants: PS : aucun redémarrage machine demandé. File/Folder c:\windows\system32\tuvsklcy.dll not found. DllUnregisterServer procedure not found in c:\windows\system32\pvvhss.dll c:\windows\system32\pvvhss.dll NOT unregistered. c:\windows\system32\pvvhss.dll moved successfully. DllUnregisterServer procedure not found in c:\windows\system32\fmlwphwg.dll c:\windows\system32\fmlwphwg.dll NOT unregistered. c:\windows\system32\fmlwphwg.dll moved successfully. OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08142008_195004 ---------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:50:59, on 14/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\SPAMfighter\sfus.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\grmhkjyf.exe C:\Documents and Settings\PAUCHET\Menu Démarrer\Programmes\Démarrage\EPM-DM.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\PAUCHET\Bureau\OTMoveIt2.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.aliceadsl.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7EDD07C3-716C-4ED8-92A0-1A8F29C028ED} - C:\WINDOWS\system32\tuvSkLcY.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S85.tmp" /EF "HKLM" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MntChkSys] C:\WINDOWS\system32\grmhkjyf.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: EPM-DM.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichier...ion_3_0_3_0.cab O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr/configurate...countHelper.cab O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} (PhotoBox uploader) - http://www.photoways.com/assets/aurigma/ImageUploader4.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe -- End of file - 7848 bytes
  7. stef44
    En effet, y'a pas photo. Sinon voici le rapport HiJack : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:29:55, on 14/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\SPAMfighter\sfus.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\grmhkjyf.exe C:\Documents and Settings\PAUCHET\Menu Démarrer\Programmes\Démarrage\EPM-DM.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.aliceadsl.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7EDD07C3-716C-4ED8-92A0-1A8F29C028ED} - C:\WINDOWS\system32\tuvSkLcY.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: {ce3bab1e-b972-a6b9-51c4-d1b22756d8db} - {bd8d6572-2b1d-4c15-9b6a-279be1bab3ec} - C:\WINDOWS\system32\pvvhss.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S85.tmp" /EF "HKLM" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\fmlwphwg.dll",b O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MntChkSys] C:\WINDOWS\system32\grmhkjyf.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: EPM-DM.exe O4 - Startup: .security O4 - Global Startup: .security O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichier...ion_3_0_3_0.cab O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr/configurate...countHelper.cab O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} (PhotoBox uploader) - http://www.photoways.com/assets/aurigma/ImageUploader4.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe -- End of file - 8087 bytes
  8. stef44
    Antivir est installé et le rapport de scan est le suivant : Avira AntiVir Personal Report file date: jeudi 14 août 2008 14:35 Scanning for 1552011 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: PAUCHET Computer name: ACER-BBF60584A3 Version information: BUILD.DAT : 8.1.0.326 16933 Bytes 11/07/2008 12:57:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:54 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:42 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:20 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:54 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:16 ANTIVIR2.VDF : 7.0.6.10 2587136 Bytes 14/08/2008 12:07:30 ANTIVIR3.VDF : 7.0.6.14 11776 Bytes 14/08/2008 12:07:30 Engineversion : 8.1.1.19 AEVDF.DLL : 8.1.0.5 102772 Bytes 09/07/2008 08:46:52 AESCRIPT.DLL : 8.1.0.63 311673 Bytes 14/08/2008 12:07:48 AESCN.DLL : 8.1.0.23 119156 Bytes 14/08/2008 12:07:46 AERDL.DLL : 8.1.0.20 418165 Bytes 09/07/2008 08:46:52 AEPACK.DLL : 8.1.2.1 364917 Bytes 14/08/2008 12:07:44 AEOFFICE.DLL : 8.1.0.21 192891 Bytes 14/08/2008 12:07:42 AEHEUR.DLL : 8.1.0.47 1368437 Bytes 14/08/2008 12:07:38 AEHELP.DLL : 8.1.0.15 115063 Bytes 09/07/2008 08:46:52 AEGEN.DLL : 8.1.0.35 315764 Bytes 14/08/2008 12:07:34 AEEMU.DLL : 8.1.0.7 430452 Bytes 14/08/2008 12:07:32 AECORE.DLL : 8.1.1.8 172406 Bytes 14/08/2008 12:07:32 AEBB.DLL : 8.1.0.1 53617 Bytes 24/04/2008 08:50:42 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:06 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:02 AVREP.DLL : 8.0.0.2 98344 Bytes 14/08/2008 12:07:32 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:42 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:24 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:50 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:04 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:42 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:12 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:08 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:38 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: repair Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: jeudi 14 août 2008 14:35 Starting search for hidden objects. '41415' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'avconfig.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'AcroRd32.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'ALG.EXE' - '1' Module(s) have been scanned Scan process 'CALMAIN.EXE' - '1' Module(s) have been scanned Scan process 'WSCNTFY.EXE' - '1' Module(s) have been scanned Scan process 'EPM-DM.EXE' - '1' Module(s) have been scanned Scan process 'grmhkjyf.exe' - '1' Module(s) have been scanned Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned Scan process 'JUSCHED.EXE' - '1' Module(s) have been scanned Scan process 'SFAgent.exe' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SpywareTerminatorShield.Exe' - '1' Module(s) have been scanned Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned Scan process 'SP_RSSER.EXE' - '1' Module(s) have been scanned Scan process 'SFUS.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned Scan process 'LSASS.EXE' - '1' Module(s) have been scanned Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned Scan process 'SMSS.EXE' - '1' Module(s) have been scanned 38 processes with 38 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '60' files ). Starting the file scan: Begin scan in 'C:\' <ACER> C:\pagefile.sys [WARNING] The file could not be opened! C:\hiberfil.sys [WARNING] The file could not be opened! C:\ARK4.tmp [DETECTION] Is the TR/Vundo.ffs.21 Trojan [NOTE] A backup was created as '48ef2743.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4a94d454.qua' ( QUARANTINE ) C:\System Volume Information\_restore{C088B59D-00E1-4866-9985-462F55916981}\RP671\A0139058.dll [DETECTION] Is the TR/Inject.34688 Trojan [NOTE] A backup was created as '48d52d9d.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '48d52d9f.qua' ( QUARANTINE ) C:\System Volume Information\_restore{C088B59D-00E1-4866-9985-462F55916981}\RP671\A0139062.exe [DETECTION] Is the TR/Fakealert.CP Trojan [NOTE] A backup was created as '48d52da0.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '48d52da1.qua' ( QUARANTINE ) C:\System Volume Information\_restore{C088B59D-00E1-4866-9985-462F55916981}\RP671\A0139067.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] A backup was created as '48d52da5.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4a575f86.qua' ( QUARANTINE ) C:\System Volume Information\_restore{C088B59D-00E1-4866-9985-462F55916981}\RP671\A0139117.DLL [DETECTION] Is the TR/Monder.fdn Trojan [NOTE] A backup was created as '48d52da7.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '48d52da9.qua' ( QUARANTINE ) C:\System Volume Information\_restore{C088B59D-00E1-4866-9985-462F55916981}\RP673\A0139198.dll [DETECTION] Is the TR/Inject.34688 Trojan [NOTE] A backup was created as '48d52dac.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4a575f8d.qua' ( QUARANTINE ) C:\System Volume Information\_restore{C088B59D-00E1-4866-9985-462F55916981}\RP673\A0139242.dll [DETECTION] Is the TR/Inject.34688 Trojan [NOTE] A backup was created as '48d52dad.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4a565f8e.qua' ( QUARANTINE ) C:\System Volume Information\_restore{C088B59D-00E1-4866-9985-462F55916981}\RP674\A0139444.exe [DETECTION] Is the TR/Dldr.Agent.aaar Trojan [NOTE] A backup was created as '48d52db3.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '48d52db5.qua' ( QUARANTINE ) C:\SDFix\backups\backups.zip [0] Archive type: ZIP --> backups/ddcCRJdB.dll [DETECTION] Is the TR/Inject.34688 Trojan [NOTE] A backup was created as '49072e0f.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '49072e11.qua' ( QUARANTINE ) C:\_OTMoveIt\MovedFiles\08142008_123358\windows\system32\bcbenyji.exe [DETECTION] Is the TR/Downloader.Gen Trojan [NOTE] A backup was created as '49062e15.qua' ( QUARANTINE ) [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4b83af76.qua' ( QUARANTINE ) Begin scan in 'D:\' <ACERDATA> End of the scan: jeudi 14 août 2008 15:06 Used time: 30:20 Minute(s) The scan has been done completely. 5123 Scanning directories 324238 Files were scanned 10 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 20 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 324226 Files not concerned 6926 Archives were scanned 2 Warnings 10 Notes 41415 Objects were scanned with rootkit scan 0 Hidden objects were found
  9. stef44
    Voilà le raort SmitFraudFix. PS : j'essaie d'installer ANTIVIR cet après-midi SmitFraudFix v2.336 Rapport fait à 12:54:25,07, 14/08/2008 Executé à partir de C:\Documents and Settings\PAUCHET\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est FAT32 Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\PAUCHET »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\PAUCHET\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," "System"="" »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin
  10. stef44
    Ci-joint les deux rapports (vedFiles et Hijack). PS : je n'ai pas encore changé d'antivirus ac quantu dis déconnecter d'internet, moi je suis en WIFI sur un portable, on fait comment? on arrête le WIFI? c:\windows\system32\mlwfetql.exe moved successfully. c:\windows\system32\bcbenyji.exe moved successfully. OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08142008_123358 ------------------------------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:36:03, on 14/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\SPAMfighter\sfus.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\mlwfetql.exe C:\Documents and Settings\PAUCHET\Menu Démarrer\Programmes\Démarrage\EPM-DM.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.aliceadsl.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S85.tmp" /EF "HKLM" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MntChkSys] C:\WINDOWS\system32\grmhkjyf.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: EPM-DM.exe O4 - Startup: .security O4 - Global Startup: .security O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichier...ion_3_0_3_0.cab O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr/configurate...countHelper.cab O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} (PhotoBox uploader) - http://www.photoways.com/assets/aurigma/ImageUploader4.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe -- End of file - 7293 bytes
  11. stef44
    Voilà la manip effectuée. Ci-joint leseux rapports SDFix et HiJack : SDFix: Version 1.216 Run by PAUCHET on 14/08/2008 at 11:18 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\system32\ddcCRJdB.dll - Deleted C:\WINDOWS\SYSTEM32\SYSAV.EXE - Deleted C:\WINDOWS\SYSTEM32\IENX.EXE - Deleted C:\WINDOWS\SYSTEM32\SDKSZ32.EXE - Deleted C:\WINDOWS\SYSTEM32\MFCGZ.EXE - Deleted C:\WINDOWS\SYSTEM32\MFCIK32.EXE - Deleted C:\WINDOWS\SYSTEM32\SYSNN.EXE - Deleted C:\WINDOWS\SYSTEM32\ATLON.EXE - Deleted C:\WINDOWS\SYSTEM32\MSKE32.EXE - Deleted C:\WINDOWS\SYSTEM32\NTYZ.EXE - Deleted C:\WINDOWS\SYSTEM32\ATLEG.EXE - Deleted C:\WINDOWS\SYSTEM32\JAVAUZ32.EXE - Deleted C:\WINDOWS\SYSTEM32\ADDJT.EXE - Deleted C:\WINDOWS\SYSTEM32\IEQY32.EXE - Deleted C:\WINDOWS\SYSTEM32\NTMB32.EXE - Deleted C:\WINDOWS\SYSTEM32\ATLRD.EXE - Deleted C:\WINDOWS\SYSTEM32\APIEQ.EXE - Deleted C:\WINDOWS\SYSTEM32\SDKXN32.EXE - Deleted C:\WINDOWS\SYSTEM32\APPMI.EXE - Deleted C:\WINDOWS\SYSTEM32\JAVANV32.EXE - Deleted C:\WINDOWS\SYSTEM32\MSZS.EXE - Deleted C:\WINDOWS\SYSTEM32\WINIH.EXE - Deleted C:\WINDOWS\SYSTEM32\MFCMI32.EXE - Deleted C:\WINDOWS\SYSTEM32\IEAC.EXE - Deleted C:\WINDOWS\MFCZN32.EXE - Deleted C:\WINDOWS\MFCAD.EXE - Deleted C:\WINDOWS\JAVATF32.EXE - Deleted C:\WINDOWS\NTVS.EXE - Deleted C:\WINDOWS\MSEY32.EXE - Deleted C:\WINDOWS\NTJA.EXE - Deleted C:\WINDOWS\JAVAAO.EXE - Deleted C:\WINDOWS\IEST32.EXE - Deleted C:\WINDOWS\ADDKE32.EXE - Deleted C:\WINDOWS\APIYU.EXE - Deleted C:\WINDOWS\IPYY.EXE - Deleted C:\WINDOWS\ADDDA.EXE - Deleted C:\DOCUME~1\PAUCHET\LOCALS~1\Temp\.tt10.tmp - Deleted C:\DOCUME~1\PAUCHET\LOCALS~1\Temp\.tt12.tmp - Deleted C:\DOCUME~1\PAUCHET\LOCALS~1\Temp\.tt14.tmp - Deleted C:\DOCUME~1\PAUCHET\LOCALS~1\Temp\.tt17.tmp - Deleted C:\DOCUME~1\PAUCHET\LOCALS~1\Temp\.tt19.tmp - Deleted C:\DOCUME~1\PAUCHET\LOCALS~1\Temp\.tt1B.tmp - Deleted C:\DOCUME~1\PAUCHET\LOCALS~1\Temp\.tt1E.tmp - Deleted C:\DOCUME~1\PAUCHET\LOCALS~1\Temp\.tt20.tmp - Deleted C:\WINDOWS\antiv.exe - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-14 11:27:24 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\NewTech Infosystems\\NTI CD-Maker\\LiveUpdate.exe"="C:\\Program Files\\NewTech Infosystems\\NTI CD-Maker\\LiveUpdate.exe:*:Disabled:LiveUpdate" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Documents and Settings\\PAUCHET\\Mes documents\\openarena-0.7.0\\openarena.exe"="C:\\Documents and Settings\\PAUCHET\\Mes documents\\openarena-0.7.0\\openarena.exe:*:Enabled:openarena" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\IEPro\\MiniDM.exe"="C:\\Program Files\\IEPro\\MiniDM.exe:*:Enabled:MiniDM" "C:\\Program Files\\ma-config.com\\maconfservice.exe"="C:\\Program Files\\ma-config.com\\maconfservice.exe:LocalSubNet:Enabled:maconfservice" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Wed 22 Sep 2004 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll" Wed 22 Sep 2004 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK32.dll" Wed 22 Sep 2004 1,024 ...HR --- "C:\WINDOWS\system32\ntiembed.dll" Thu 5 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe" Fri 9 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT1.tmp" Sat 19 Jan 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\PAUCHET\Application Data\U3\temp\Launchpad Removal.exe" Finished! ------------------------------------------------------------------------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:28:19, on 14/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\SPAMfighter\sfus.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\mlwfetql.exe C:\Documents and Settings\PAUCHET\Menu Démarrer\Programmes\Démarrage\EPM-DM.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.aliceadsl.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S85.tmp" /EF "HKLM" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [infomnt] C:\WINDOWS\system32\mlwfetql.exe O4 - HKCU\..\Run: [utilUi] C:\WINDOWS\system32\bcbenyji.exe O4 - HKCU\..\Run: [MntChkSys] C:\WINDOWS\system32\grmhkjyf.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: EPM-DM.exe O4 - Startup: .security O4 - Global Startup: .security O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichier...ion_3_0_3_0.cab O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr/configurate...countHelper.cab O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} (PhotoBox uploader) - http://www.photoways.com/assets/aurigma/ImageUploader4.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe -- End of file - 7400 bytes
  12. stef44
    Ci-joint le raprt HiJack après redémarrage de ma machine. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:51:31, on 14/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\SPAMfighter\sfus.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\Documents and Settings\All Users\Application Data\adsxmfon\cxexkpof.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\mlwfetql.exe C:\Documents and Settings\PAUCHET\Menu Démarrer\Programmes\Démarrage\EPM-DM.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.aliceadsl.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S85.tmp" /EF "HKLM" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [infomnt] C:\WINDOWS\system32\mlwfetql.exe O4 - HKCU\..\Run: [utilUi] C:\WINDOWS\system32\bcbenyji.exe O4 - HKCU\..\Run: [MntChkSys] C:\WINDOWS\system32\grmhkjyf.exe O4 - HKLM\..\Policies\Explorer\Run: [2OQvyCuBwE] C:\Documents and Settings\All Users\Application Data\adsxmfon\cxexkpof.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: EPM-DM.exe O4 - Startup: .security O4 - Global Startup: .security O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichier...ion_3_0_3_0.cab O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr/configurate...countHelper.cab O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} (PhotoBox uploader) - http://www.photoways.com/assets/aurigma/ImageUploader4.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe -- End of file - 7674 bytes
  13. stef44
    Ne ps pre en considération le précédent rapport MBAM. Je te joins le rapport (avec suppression de la sélection), avant le rédémarrage de ma machine. A tout de suite et désolé pour le micmac. Malwarebytes' Anti-Malware 1.24 Version de la base de données: 1052 Windows 5.1.2600 Service Pack 2 10:44:31 14/08/2008 mbam-log-8-14-2008 (10-44-31).txt Type de recherche: Examen rapide Eléments examinés: 40615 Temps écoulé: 3 minute(s), 51 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 2 Clé(s) du Registre infectée(s): 7 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 2 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 7 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): C:\WINDOWS\system32\tuvSkLcY.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\ddcCRJdB.dll (Trojan.Vundo) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78e5afed-299f-4ea0-9de3-6ad01484df0d} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{78e5afed-299f-4ea0-9de3-6ad01484df0d} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1dbd3f8d-abc8-4fba-9cdb-0fefa3c5af84} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1dbd3f8d-abc8-4fba-9cdb-0fefa3c5af84} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddccrjdb (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{1dbd3f8d-abc8-4fba-9cdb-0fefa3c5af84} (Trojan.Vundo) -> Delete on reboot. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\tuvsklcy -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\tuvsklcy -> Delete on reboot. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\tuvSkLcY.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\YcLkSvut.ini (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\YcLkSvut.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ddcCRJdB.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\ihsbiwxg.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\euufkpto.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
  14. stef44
    Salut, Après suppression de la quarantaine de MBAM, l'analyse rapide donne le rapport ci-dessous : Est-ce que je fait "supprimer la sélection"?? avant de relancer le PC? Malwarebytes' Anti-Malware 1.24 Version de la base de données: 1052 Windows 5.1.2600 Service Pack 2 10:29:11 14/08/2008 mbam-log-8-14-2008 (10-29-03).txt Type de recherche: Examen rapide Eléments examinés: 40615 Temps écoulé: 3 minute(s), 51 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 2 Clé(s) du Registre infectée(s): 7 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 2 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 7 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): C:\WINDOWS\system32\tuvSkLcY.dll (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\ddcCRJdB.dll (Trojan.Vundo) -> No action taken. Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78e5afed-299f-4ea0-9de3-6ad01484df0d} (Trojan.Vundo) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{78e5afed-299f-4ea0-9de3-6ad01484df0d} (Trojan.Vundo) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{1dbd3f8d-abc8-4fba-9cdb-0fefa3c5af84} (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1dbd3f8d-abc8-4fba-9cdb-0fefa3c5af84} (Trojan.Vundo) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddccrjdb (Trojan.Vundo) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{1dbd3f8d-abc8-4fba-9cdb-0fefa3c5af84} (Trojan.Vundo) -> No action taken. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\tuvsklcy -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\tuvsklcy -> No action taken. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\tuvSkLcY.dll (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\YcLkSvut.ini (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\YcLkSvut.ini2 (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\ddcCRJdB.dll (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\ihsbiwxg.dll (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\euufkpto.dll (Trojan.Vundo) -> No action taken. C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> No action taken.
  15. stef44
    Bonjour, C'est reparti. Alors comme je le disais hier, impossible de supprimer le fichier/dossier cité précédemment. Cela me donne un message : erreur lors de la suppression du fichier ou dossier (vérifiez que le disque n'est pas plein ou protégé en écriture et que le fichier n'est pas utilisé actuellement). j'ai tenté de le supprimer en fermant toutes les fenêtres Internet Explorer mais rien n'y fait. A bientôt
  16. stef44
    Impossible de supprimer ce fichier malgré la procédure indiquée. On poursuit demain siça ne te dérange pas. Merci A+
  17. stef44
    Donc après réinstalle de Hijack et scan avec Lop S&D, ci-joint les rapports : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:25:09, on 13/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Documents and Settings\All Users\Application Data\adsxmfon\cxexkpof.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\mlwfetql.exe C:\Documents and Settings\PAUCHET\Menu Démarrer\Programmes\Démarrage\EPM-DM.exe C:\Program Files\SPAMfighter\sfus.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.aliceadsl.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S85.tmp" /EF "HKLM" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [infomnt] C:\WINDOWS\system32\mlwfetql.exe O4 - HKCU\..\Run: [utilUi] C:\WINDOWS\system32\bcbenyji.exe O4 - HKLM\..\Policies\Explorer\Run: [2OQvyCuBwE] C:\Documents and Settings\All Users\Application Data\adsxmfon\cxexkpof.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: EPM-DM.exe O4 - Startup: .security O4 - Global Startup: .security O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichier...ion_3_0_3_0.cab O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr/configurate...countHelper.cab O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} (PhotoBox uploader) - http://www.photoways.com/assets/aurigma/ImageUploader4.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe -- End of file - 7535 bytes --------------------------------------------------------------------------------------------------------------------------------------------------------------------- --------------------\\ Lop S&D 4.2.2-8 XP/Vista [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ] [ USER : PAUCHET ] [ "C:\Lop SD" ] [ Selection : 1 ] [ 13/08/2008 | 19:27:44 ] [ PC : ACER-BBF60584A3 (Proc:x86)] [ MAJ : 13-08-2008 | 13:18 ] --------------------\\ Listing des dossiers dans APPLIC~1 --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks [22/06/2008 20:17][--a------] C:\WINDOWS\tasks\MRT.job [11/08/2008 20:45][--a------] C:\WINDOWS\tasks\Vider le dossier prefetch automatiquement.job [13/08/2008 17:42][--ah-----] C:\WINDOWS\tasks\SA.DAT [05/08/2004 05:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing des dossiers dans C:\Program Files [08/03/2007|12:00] C:\Program Files\ABBYY FineReader 6.0 Sprint [22/09/2004|10:18] C:\Program Files\Acer Inc [22/09/2004|10:22] C:\Program Files\Adobe [16/12/2005|17:51] C:\Program Files\Alice [15/07/2005|08:23] C:\Program Files\Alwil Software [08/04/2006|12:26] C:\Program Files\Architecte 3D - Silver [09/04/2005|11:56] C:\Program Files\ATI Technologies [09/04/2005|12:04] C:\Program Files\Canon [20/01/2007|09:28] C:\Program Files\CCleaner [22/09/2004|10:07] C:\Program Files\ComPlus Applications [22/09/2004|10:16] C:\Program Files\CONEXANT [22/09/2004|10:19] C:\Program Files\CyberLink [05/06/2008|19:16] C:\Program Files\Defraggler [07/05/2005|18:00] C:\Program Files\directx [10/10/2007|20:52] C:\Program Files\DK [08/03/2007|11:52] C:\Program Files\epson [22/09/2004|10:02] C:\Program Files\Fichiers communs [27/04/2007|17:21] C:\Program Files\Google [21/05/2008|18:51] C:\Program Files\IEPro [22/09/2004|10:13] C:\Program Files\InstallShield Installation Information [22/09/2004|10:14] C:\Program Files\Intel [22/09/2004|10:07] C:\Program Files\Internet Explorer [02/10/2007|20:50] C:\Program Files\Java [25/04/2005|18:54] C:\Program Files\Launch Manager [11/05/2007|21:31] C:\Program Files\Logitech [11/08/2008|10:28] C:\Program Files\ma-config.com [20/10/2007|10:40] C:\Program Files\MaCuisineLapeyre [13/08/2008|17:00] C:\Program Files\Malwarebytes' Anti-Malware [25/12/2006|18:34] C:\Program Files\Matrox Imaging [09/04/2005|12:18] C:\Program Files\Messager Wanadoo [22/09/2004|10:06] C:\Program Files\Messenger [10/05/2007|19:18] C:\Program Files\Microsoft CAPICOM 2.1.0.2 [22/09/2004|10:09] C:\Program Files\microsoft frontpage [22/09/2004|10:07] C:\Program Files\Movie Maker [22/09/2004|10:06] C:\Program Files\MSN [22/09/2004|10:06] C:\Program Files\MSN Gaming Zone [14/10/2007|18:03] C:\Program Files\MSN Messenger [10/12/2006|17:25] C:\Program Files\MSXML 4.0 [22/09/2004|10:07] C:\Program Files\NetMeeting [22/09/2004|10:23] C:\Program Files\NewTech Infosystems [05/03/2007|17:10] C:\Program Files\OpenOffice.org 2.1 [28/05/2008|19:47] C:\Program Files\OpenOffice.org 2.4 [22/09/2004|10:07] C:\Program Files\Outlook Express [11/06/2007|19:25] C:\Program Files\QuickTime [27/07/2007|16:38] C:\Program Files\RegCleaner [22/09/2004|10:07] C:\Program Files\Services en ligne [08/06/2006|20:24] C:\Program Files\Skype [10/12/2006|12:59] C:\Program Files\SPAMfighter [16/12/2007|12:01] C:\Program Files\Spyware Terminator [22/09/2004|10:17] C:\Program Files\Synaptics [17/12/2005|10:09] C:\Program Files\TechCity Solutions [13/08/2008|19:25] C:\Program Files\Trend Micro [22/09/2004|10:15] C:\Program Files\Uninstall Information [09/04/2005|12:17] C:\Program Files\Wanadoo [19/01/2008|13:16] C:\Program Files\Windows Media Connect 2 [22/09/2004|10:06] C:\Program Files\Windows Media Player [22/09/2004|10:06] C:\Program Files\Windows NT [22/09/2004|10:08] C:\Program Files\WindowsUpdate [22/09/2004|10:09] C:\Program Files\xerox [04/05/2005|16:45] C:\Program Files\XviD --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs [23/04/2005|07:46] C:\Program Files\Fichiers communs\Adobe [19/12/2007|19:34] C:\Program Files\Fichiers communs\Ankiro [19/12/2007|19:33] C:\Program Files\Fichiers communs\Application [13/03/2008|11:17] C:\Program Files\Fichiers communs\BOONTY Shared [22/01/2008|19:17] C:\Program Files\Fichiers communs\Borland Shared [13/04/2008|15:00] C:\Program Files\Fichiers communs\Canon [22/09/2004|10:13] C:\Program Files\Fichiers communs\InstallShield [02/10/2007|20:50] C:\Program Files\Fichiers communs\Java [11/05/2007|21:32] C:\Program Files\Fichiers communs\Logitech [22/09/2004|10:02] C:\Program Files\Fichiers communs\Microsoft Shared [22/09/2004|10:07] C:\Program Files\Fichiers communs\MSSoap [22/09/2004|10:02] C:\Program Files\Fichiers communs\ODBC [22/09/2004|10:07] C:\Program Files\Fichiers communs\Services [01/05/2008|19:16] C:\Program Files\Fichiers communs\Skype [22/09/2004|10:02] C:\Program Files\Fichiers communs\SpeechEngines [09/04/2005|12:28] C:\Program Files\Fichiers communs\Symantec Shared [22/09/2004|10:07] C:\Program Files\Fichiers communs\System --------------------\\ Process ( 40 Processus ) IEXPLORE.EXE ~ [PID:532] ~ [Threads:30] --------------------\\ Recherche avec S_Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Recherche de Fichiers / Dossiers Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Verification du Registre ..... OK ! --------------------\\ Verification du fichier Hosts Fichier Hosts PROPRE --------------------\\ Recherche de fichiers avec Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-13 19:31:20 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Recherche d'autres infections C:\WINDOWS\system32\YcLkSvut.ini C:\WINDOWS\system32\YcLkSvut.ini2 ==> VUNDO <== [F:17][D:3]-> C:\DOCUME~1\PAUCHET\LOCALS~1\Temp [F:34][D:0]-> C:\DOCUME~1\PAUCHET\Cookies [F:564][D:4]-> C:\DOCUME~1\PAUCHET\LOCALS~1\TEMPOR~1\content.IE5 [F:2][D:0]-> C:\Recycled --------------------\\ Fin du rapport a 19:33:30,12
  18. stef44
    Bonjour je viens d'effectuer les actions précédentes et je joins les deux rapports (Hijack et mbam) : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:46:07, on 13/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Documents and Settings\All Users\Application Data\adsxmfon\cxexkpof.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\mlwfetql.exe C:\Documents and Settings\PAUCHET\Menu Démarrer\Programmes\Démarrage\EPM-DM.exe C:\Program Files\SPAMfighter\sfus.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\DOCUME~1\PAUCHET\LOCALS~1\Temp\Répertoire temporaire 2 pour HiJackThis[1].zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.aliceadsl.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S85.tmp" /EF "HKLM" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [infomnt] C:\WINDOWS\system32\mlwfetql.exe O4 - HKCU\..\Run: [utilUi] C:\WINDOWS\system32\bcbenyji.exe O4 - HKLM\..\Policies\Explorer\Run: [2OQvyCuBwE] C:\Documents and Settings\All Users\Application Data\adsxmfon\cxexkpof.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: EPM-DM.exe O4 - Startup: .security O4 - Global Startup: .security O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichier...ion_3_0_3_0.cab O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr/configurate...countHelper.cab O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} (PhotoBox uploader) - http://www.photoways.com/assets/aurigma/ImageUploader4.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe -- End of file - 7609 bytes ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- Malwarebytes' Anti-Malware 1.24 Version de la base de données: 1048 Windows 5.1.2600 Service Pack 2 17:39:29 13/08/2008 mbam-log-8-13-2008 (17-39-29).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 118457 Temps écoulé: 29 minute(s), 2 second(s) Processus mémoire infecté(s): 2 Module(s) mémoire infecté(s): 4 Clé(s) du Registre infectée(s): 36 Valeur(s) du Registre infectée(s): 11 Elément(s) de données du Registre infecté(s): 4 Dossier(s) infecté(s): 21 Fichier(s) infecté(s): 81 Processus mémoire infecté(s): C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\av2008xp.exe (Rogue.XPAntivirus) -> Unloaded process successfully. C:\WINDOWS\system32\lphcv1cj0er1q.exe (Trojan.FakeAlert) -> Unloaded process successfully. Module(s) mémoire infecté(s): C:\WINDOWS\system32\tuvSkLcY.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\efuphpum.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\ddcCRJdB.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\pmaslt.dll (Trojan.Vundo) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0f7c3c4c-215c-4e84-afc5-2c4a265b4284} (Trojan.Vundo) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{0f7c3c4c-215c-4e84-afc5-2c4a265b4284} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff8bf2d5-5d6d-4688-b894-fe02138bf987} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ff8bf2d5-5d6d-4688-b894-fe02138bf987} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1dbd3f8d-abc8-4fba-9cdb-0fefa3c5af84} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1dbd3f8d-abc8-4fba-9cdb-0fefa3c5af84} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddccrjdb (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{60b244be-559d-4269-b96e-cd264d828ec9} (Rogue.PCAntispy) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcr1cj0er1q (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\rhcr1cj0er1q (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdssserv (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\SoftLand Ltd (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\320d18a1 (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{1dbd3f8d-abc8-4fba-9cdb-0fefa3c5af84} (Trojan.Vundo) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\s9201 (Rogue.XPAntivirus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcv1cj0er1q (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\tuvsklcy -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\tuvsklcy -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): C:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Program Files\rhcr1cj0er1q (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\PC-Antispy (Rogue.PCAntispy) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\SoftLand Ltd (Rogue.XPAntivirus) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP (Rogue.XPAntivirus) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\SAVED (Rogue.XPAntivirus) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\DELETED (Rogue.XPAntivirus) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG (Rogue.XPAntivirus) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\BASE (Rogue.XPAntivirus) -> Quarantined and deleted successfully. C:\Documents and Settings\PAUCHET\Application Data\rhcr1cj0er1q (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\PAUCHET\Application Data\rhcr1cj0er1q\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\PAUCHET\Application Data\rhcr1cj0er1q\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\PAUCHET\Application Data\rhcr1cj0er1q\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\PAUCHET\Application Data\rhcr1cj0er1q\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\PAUCHET\Application Data\rhcr1cj0er1q\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\PAUCHET\Application Data\rhcr1cj0er1q\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\PAUCHET\Application Data\rhcr1cj0er1q\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\PAUCHET\Application Data\rhcr1cj0er1q\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\PAUCHET\Application Data\rhcr1cj0er1q\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\PAUCHET\Application Data\rhcr1cj0er1q\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\WINDOWS\system32\tuvSkLcY.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\YcLkSvut.ini (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\YcLkSvut.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pmaslt.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\efuphpum.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\muphpufe.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ddcCRJdB.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\geqoqbns.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fccyxyAp.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\Program Files\rhcr1cj0er1q\rhcr1cj0er1q.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\rhcr1cj0er1q\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\rhcr1cj0er1q\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\rhcr1cj0er1q\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\rhcr1cj0er1q\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\rhcr1cj0er1q\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\rhcr1cj0er1q\rhcr1cj0er1q.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Program Files\rhcr1cj0er1q\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\av2008xp.exe (Rogue.XPAntivirus) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080813124010127.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080813124056224.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080813135219761.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\LOG\20080813164343964.log (Rogue.XPAntivirus) -> Quarantined and deleted successfully. C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\phcv1cj0er1q.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lphcv1cj0er1q.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pphcv1cj0er1q.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\etc\.security (Rogue.Multiple) -> Quarantined and deleted successfully. C:\.security (Rogue.Multiple) -> Quarantined and deleted successfully. C:\WINDOWS\.security (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\PAUCHET\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Documents and Settings\PAUCHET\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\PAUCHET\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\PAUCHET\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\PAUCHET\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\PAUCHET\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\PAUCHET\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. D'avance merci
  19. stef44
    Bonjour, je suis nouveau sur le forum mais je connais le site depuis un bon moment en le parcourant régulièrement et y trouvant de nombreuses infos utiles. Je suis depuis ce matininfecté par le antivirus XP 208 et je ne sais comment me dépétrer de ce truc. CI-joint le rapport HijackThis v2.0.2 : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:03:07, on 13/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Documents and Settings\All Users\Application Data\adsxmfon\cxexkpof.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\lphcv1cj0er1q.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\mlwfetql.exe C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\av2008xp.exe C:\Documents and Settings\PAUCHET\Menu Démarrer\Programmes\Démarrage\EPM-DM.exe C:\Program Files\SPAMfighter\sfus.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\DOCUME~1\PAUCHET\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis[1].zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.aliceadsl.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S85.tmp" /EF "HKLM" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [lphcv1cj0er1q] C:\WINDOWS\system32\lphcv1cj0er1q.exe O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\efuphpum.dll",b O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [infomnt] C:\WINDOWS\system32\mlwfetql.exe O4 - HKCU\..\Run: [s9201] "C:\Documents and Settings\All Users\Application Data\SoftLand Ltd\Antivirus 2008 XP\av2008xp.exe" /autorun O4 - HKLM\..\Policies\Explorer\Run: [2OQvyCuBwE] C:\Documents and Settings\All Users\Application Data\adsxmfon\cxexkpof.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: EPM-DM.exe O4 - Startup: .security O4 - Global Startup: .security O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichier...ion_3_0_3_0.cab O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr/configurate...countHelper.cab O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} (PhotoBox uploader) - http://www.photoways.com/assets/aurigma/ImageUploader4.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe -- End of file - 7974 bytes Vous remerciant par avance. A bientô Stef
×
×
  • Créer...