Aller au contenu

hoch

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    29

  • Inscription

  • Dernière visite

Tout ce qui a été posté par hoch

  1. hoch
    Merci Apollo, Je m'occupe de tout ca dès que je peux. Cependant, concernant la pop up d'info me disant que le module c:\windows\system32\hldowkr.dll est introuvable, je ne l'ai plus depuis que j'ai rebooté. J'ai vu que cette dll a été éradiquée dans la log de malwarebyte -->C:\WINDOWS\system32\hldlowkr.dll (Trojan.Agent) -> Delete on reboot. Je pense que je n'ai pas a réinstaller IE dans ce cas. Je te tiens au courant. ++
  2. hoch
    Bonsoir Apollo, Donc j'ai fait tout ce que tu m'as dit. Avant de te mettre les logs demandées, voici le constat actuel : 1. après avoir rebooté, quand windows s'ouvre, j'ai une pop up d'info me disant que le module c:\windows\system32\hldowkr.dll est introuvable -->modif : je viens de rebooter et je n'ai plus ce message 2. dans internet explorer, ca va beaucoup plus vite et je n'ai plus pour l'instant de fenêtre de pub 3. avant de faire tourner malwarebytes, quand je me suis connecte sur IE, j'ai eu une fenêtre "Microsoft visual C++ runtime library" avec comme message "runtime error pour iexplore.exe". Mais seulement sur la page d'orange. Je ne l ai plus pour l instant. 4. dernier point, quand windows s'ouvrait, j avais l'alerte de securité windows dans la barre de tache concernant l'update automatique de windows qui etait desactive. Je ne pouvais pas le réactiver. Cette fois ci, je peux. Voici a la suite : log SDFIX, log Malware, et log hijacki. J'attends ta réponse pour continuer. Merci d'avance, vous êtes tous super pro. LOG SDFIX SDFix: Version 1.228 Run by Christian on 24/09/2008 at 18:33 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\system32\opnmjKaa.dll - Deleted C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\TMP5.tmp - Deleted C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\TMP6.tmp - Deleted C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\TMP9.tmp - Deleted C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\TMP31.tmp - Deleted C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\TMP37.tmp - Deleted C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\TMP5.tmp - Deleted C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\TMP6.tmp - Deleted C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\TMP9.tmp - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-24 18:40:10 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:enabled:Assistance … distance" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:enabled:Windows Messenger" "C:\\Program Files\\NetMeeting\\Conf.exe"="C:\\Program Files\\NetMeeting\\Conf.exe:*:enabled:NetMeeting" "C:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"="C:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe:*:enabled:Nero MediaHome" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Sid Meier s Railroads\\RailRoads.exe"="C:\\Sid Meier s Railroads\\RailRoads.exe:*:Enabled:Sid Meier's Railroads!" "C:\\Cyanide\\GameCenter\\GameCenter.exe"="C:\\Cyanide\\GameCenter\\GameCenter.exe:*:Enabled:GameCenter" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\THE SETTLERS - Batisseurs dEmpire\\base\\bin\\Settlers6.exe"="C:\\THE SETTLERS - Batisseurs dEmpire\\base\\bin\\Settlers6.exe:*:Enabled:THE SETTLERS - Bƒtisseurs d'Empire" "C:\\THE SETTLERS - Bƒtisseurs d'Empire\\base\\bin\\Settlers6.exe"="C:\\THE SETTLERS - Bƒtisseurs d'Empire\\base\\bin\\Settlers6.exe:*:Enabled:THE SETTLERS - Bƒtisseurs d'Empire" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Company of heroes OF\\RelicCOH.exe"="C:\\Company of heroes OF\\RelicCOH.exe:*:Enabled:Company of Heroes - Opposing Fronts" "C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\\GameSpy Arcade\\Aphex.exe"="C:\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade" "C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server" "C:\\Railroad Tycoon 3\\RT3.exe"="C:\\Railroad Tycoon 3\\RT3.exe:*:Enabled:Railroad Tycoon 3" "C:\\HiddenStroke2\\Run\\APRM\\aprm_xmas.exe"="C:\\HiddenStroke2\\Run\\APRM\\aprm_xmas.exe:*:Enabled:aprm_exe" "C:\\Program Files\\Steam\\steamapps\\common\\red orchestra\\System\\RedOrchestra.exe"="C:\\Program Files\\Steam\\steamapps\\common\\red orchestra\\System\\RedOrchestra.exe:*:Enabled:RedOrchestra" "C:\\TmNationsForever\\TmForever.exe"="C:\\TmNationsForever\\TmForever.exe:*:Enabled:TmForever" "C:\\Azureus\\Azureus.exe"="C:\\Azureus\\Azureus.exe:*:Enabled:Azureus" "C:\\Anno 1701\\Anno1701.exe"="C:\\Anno 1701\\Anno1701.exe:*:Enabled:Anno 1701" "C:\\Sudden Strike 3\\SS3Game.exe"="C:\\Sudden Strike 3\\SS3Game.exe:*:Enabled:Jouer … Sudden Strike 3" "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare " "C:\\Demo Pro Cycling Manager - Season 2008\\PCMDemo.exe"="C:\\Demo Pro Cycling Manager - Season 2008\\PCMDemo.exe:*:Disabled:pcm" "C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper" "C:\\XIII Century\\engine.exe"="C:\\XIII Century\\engine.exe:*:Enabled:engine" "C:\\XIII Century\\editor.exe"="C:\\XIII Century\\editor.exe:*:Enabled:editor" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:enabled:Assistance … distance" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:enabled:Windows Messenger" "C:\\Program Files\\NetMeeting\\Conf.exe"="C:\\Program Files\\NetMeeting\\Conf.exe:*:enabled:NetMeeting" "C:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"="C:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe:*:enabled:Nero MediaHome" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Thu 20 Sep 2007 5,903,928 A..H. --- "C:\Picasa2\setup.exe" Sat 13 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Wed 24 Sep 2008 120 A..H. --- "C:\Program Files\Common Files\X10\Common\x10prod.sys" Sun 13 Jan 2008 3,872 ...HR --- "C:\Documents and Settings\Christian\Application Data\SecuROM\UserData\securom_v7_01.bak" Wed 24 Sep 2008 5,940 A.SH. --- "C:\Documents and Settings\All Users\Documents\TV enregistr‚e\TempRec\TempSBE\SBE1.tmp" Wed 24 Sep 2008 5,686 A.SH. --- "C:\Documents and Settings\All Users\Documents\TV enregistr‚e\TempRec\TempSBE\SBE2.tmp" Wed 9 Aug 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp" Wed 9 Aug 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp" Wed 9 Aug 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp" Finished! LOG MALWARE Malwarebytes' Anti-Malware 1.28 Version de la base de données: 1202 Windows 5.1.2600 Service Pack 2 24/09/2008 19:54:56 mbam-log-2008-09-24 (19-54-56).txt Type de recherche: Examen complet (C:\|D:\|E:\|) Eléments examinés: 153440 Temps écoulé: 51 minute(s), 9 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 3 Clé(s) du Registre infectée(s): 12 Valeur(s) du Registre infectée(s): 2 Elément(s) de données du Registre infecté(s): 2 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 33 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): C:\WINDOWS\system32\bkuhupkx.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\iifefETj.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\tpbpge.dll (Trojan.Vundo.H) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9e5e3540-c60e-4733-a8d9-777df4e7d53f} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9e5e3540-c60e-4733-a8d9-777df4e7d53f} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a249aa81-5f10-414b-b99d-45c956da788b} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{a249aa81-5f10-414b-b99d-45c956da788b} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c0f8cc65 (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmc3cbfff9 (Trojan.Agent) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\iifefetj -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\iifefetj -> Delete on reboot. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\tpbpge.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\iifefETj.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\jTEfefii.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jTEfefii.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bkuhupkx.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\xkpuhukb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP725\A0061093.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP725\A0061096.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP725\A0061119.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP725\A0061120.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP725\A0061126.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP726\A0061144.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP727\A0061258.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP728\A0061340.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP729\A0061383.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP729\A0061400.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A7AE9385-5787-4AEE-A116-EDEB56850218}\RP729\A0061411.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\alhaiiqf.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\weautg.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pmnoPhIb.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rfmrdq(2).dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vjhpgj.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yjxktydk.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lqruksim.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\Christian\Local Settings\Temporary Internet Files\Content.IE5\OJMS4N12\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\Christian\Local Settings\Temporary Internet Files\Content.IE5\E8RHUWZG\nd82m0[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\Christian\Local Settings\Temporary Internet Files\Content.IE5\YPWIYBCG\cntr[1] (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hldlowkr.dll (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\BMc3cbfff9.xml (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\BMc3cbfff9.txt (Trojan.Vundo) -> Quarantined and deleted successfully. LOG HIJACKI Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:59:54, on 24/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe C:\Program Files\Fichiers communs\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Intel\IntelDH\CCU\AlertService.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\rsvp.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Christian\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {32AA5D8E-7139-49D2-9BFA-6CD69320B80F} - C:\WINDOWS\system32\rqRKEVmL.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Fichiers communs\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe O4 - HKLM\..\Run: [Adobe] "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-21-2826813766-903991966-494715532-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'IUSR_NMPR') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshel...ronGameHost.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F869F6BC-3632-41AF-A626-E69F242B7684}: NameServer = 192.168.1.1 O20 - AppInit_DLLs: tpbpge.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Intel® Alert Service (AlertService) - Intel Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Intel® Software Services Manager (ISSM) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe O23 - Service: Serveur Média Intel® Viiv (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 8515 bytes
  3. hoch
    Bonjour, J'ai un problème depuis hier quand je me connecte via Internet explorer, je ne peux pas accéder à certaines url (ca cherche sans rien trouver alors qu'avant ca chargeait normalement) ou alors j'ai des fenêtres publicitaires qui s'affichent. J'ai lancé spybot qui m'a découvert des trajans que j'ai éradiqué et adaware, mais le problème est toujours le même. J'ai avast comme antivirus. J'ai fait une analyse complète mais il n'a rien détecté, le bougre. Comme je vois que vous etes des experts, je vous adresse ci dessous la log de hijackthis, ca avancera dans votre analyse. Merci d'avance de votre aide. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:30:02, on 23/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Fichiers communs\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Intel\IntelDH\CCU\AlertService.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\rsvp.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Christian\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {111654DC-0C4D-457A-8320-B95ED05B0F80} - C:\WINDOWS\system32\opnmjKaa.dll O2 - BHO: (no name) - {32AA5D8E-7139-49D2-9BFA-6CD69320B80F} - C:\WINDOWS\system32\rqRKEVmL.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: {c8b5623d-2296-0f69-fc94-1241cfa57f29} - {92f75afc-1421-49cf-96f0-6922d3265b8c} - C:\WINDOWS\system32\weautg.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Fichiers communs\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe O4 - HKLM\..\Run: [Adobe] "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [c0f8cc65] rundll32.exe "C:\WINDOWS\system32\dsymmatv.dll",b O4 - HKLM\..\Run: [bMc3cbfff9] Rundll32.exe "C:\WINDOWS\system32\qhhlhmeg.dll",s O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-21-2826813766-903991966-494715532-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'IUSR_NMPR') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshel...ronGameHost.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F869F6BC-3632-41AF-A626-E69F242B7684}: NameServer = 192.168.1.1 O20 - AppInit_DLLs: weautg.dll O20 - Winlogon Notify: opnmjKaa - C:\WINDOWS\SYSTEM32\opnmjKaa.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Intel® Alert Service (AlertService) - Intel Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Intel® Software Services Manager (ISSM) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe O23 - Service: Serveur Média Intel® Viiv (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 9050 bytes
×
×
  • Créer...