alexandre 69
-
Compteur de contenus
32 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par alexandre 69
-
rapport HijackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:45:27, on 12/11/08 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\System32\SCardSvr.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\locator.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\vssvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\rolle\Bureau\iexplore.exe C:\Documents and Settings\rolle\Bureau\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\IPSBHO.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file) O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [iSUSPM Startup] c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - Winlogon Notify: 6c37c379511 - C:\WINDOWS\System32\dsauth32.dll O23 - Service: COM+ System Executer (DComEx) - Unknown owner - C:\WINDOWS\System32\SoftwareDistribution32\mmc.exe (file missing) O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Software Distribution (SoftwareDistribution32) - Unknown owner - C:\WINDOWS\Rootdistribution32.exe (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing) O24 - Desktop Component 0: (no name) - http://www.glenatbd.com/dyn/glenat/upload/...ran/224-800.jpg -- End of file - 7347 bytes
-
Voici le très long rapport combofix.txt généré après l'utilisation du programme combofix.exe: ComboFix 08-12-09.03 - rolle 2008-12-10 20:06:28.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.263 [GMT 1:00] LancÚ depuis: c:\documents and settings\rolle\Bureau\ComboFix.exe * Un nouveau point de restauration a ÚtÚ crÚÚ . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\rolle\Menu Démarrer\Programmes\PlayMP3z c:\windows\Fonts\a.zip c:\windows\system32\dPI02 c:\windows\system32\ffrdnqce.ini c:\windows\system32\fkegeblh.dll c:\windows\system32\fsfmtuae.dll c:\windows\system32\fshdewiw.ini c:\windows\system32\fsujywuk.ini c:\windows\system32\GroupPolicyManifest c:\windows\system32\GroupPolicyManifest\1.music.mp3 c:\windows\system32\GroupPolicyManifest\1.music.mp3.kwd c:\windows\system32\GroupPolicyManifest\2.crack.zip c:\windows\system32\GroupPolicyManifest\2.crack.zip.kwd c:\windows\system32\GroupPolicyManifest\3.video.zip c:\windows\system32\GroupPolicyManifest\3.video.zip.kwd c:\windows\system32\GroupPolicyManifest\4.setup.zip c:\windows\system32\GroupPolicyManifest\4.setup.zip.kwd c:\windows\system32\GroupPolicyManifest\5.unpack.zip c:\windows\system32\GroupPolicyManifest\5.unpack.zip.kwd c:\windows\system32\GroupPolicyManifest\6.limepro.zip c:\windows\system32\GroupPolicyManifest\6.limepro.zip.kwd c:\windows\system32\GroupPolicyManifest\7.keygen.zip c:\windows\system32\GroupPolicyManifest\7.keygen.zip.kwd c:\windows\system32\GroupPolicyManifest\8.mpgvideo.mpg c:\windows\system32\GroupPolicyManifest\8.mpgvideo.mpg.kwd c:\windows\system32\gszhts.dll c:\windows\system32\I2 c:\windows\system32\ithecsbe.ini c:\windows\system32\L2 c:\windows\system32\mlmowq.dll c:\windows\system32\nfbovldv.dll c:\windows\system32\pnrlnsho.dll c:\windows\system32\qdjnxjcs.dll c:\windows\system32\qkrwxrug.ini c:\windows\system32\qpjdygln.ini c:\windows\system32\qtdegkik.dll c:\windows\system32\rbchckae.ini c:\windows\system32\rzeoko.dll c:\windows\system32\vhdkpv.dll c:\windows\system32\vxkiufog.dll c:\windows\system32\vyubauhw.dll c:\windows\system32\wasugk.dll c:\windows\system32\wnsanb.dll c:\windows\system32\zqbdba.dll c:\windows\Tasks\ovgyfsme.job . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_DNLSVC -------\Legacy_MSDIRECT ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-10 au 2008-12-10 )))))))))))))))))))))))))))))))))))) . 2008-12-10 19:59 . 2008-12-10 20:01 <REP> d-------- C:\32788R22FWJFW.0.tmp 2008-12-08 22:23 . 2008-12-08 22:23 6,144 --a------ c:\windows\GnuHashes.ini 2008-12-08 22:16 . 2008-12-08 22:16 1,718 --ahs---- c:\windows\system32\GroupPolicy000.dat 2008-12-08 22:15 . 2008-12-08 22:15 373,760 --ahs---- c:\windows\system32\36.tmp 2008-12-08 22:15 . 2008-12-08 22:15 135,168 --a------ c:\windows\system32\dsauth32.dll 2008-12-08 21:50 . 2008-12-09 23:55 <REP> d-------- c:\documents and settings\rolle\Application Data\LimeWire 2008-12-08 14:28 . 2008-12-08 14:28 <REP> d-------- c:\program files\LimeWire 2008-12-08 03:17 . 2008-12-08 20:28 2,100 --a------ c:\documents and settings\All Users.BAK 2008-12-08 03:14 . 2008-12-08 03:14 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\NortonInstaller 2008-12-08 03:14 . 2008-12-08 20:54 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Norton 2008-12-07 23:56 . 2008-12-10 19:51 <REP> d-------- c:\program files\Navilog1 2008-12-07 23:49 . 2008-12-07 23:51 <REP> d-------- c:\program files\Yahoo! 2008-12-07 17:08 . 2008-12-07 17:08 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-07 17:08 . 2008-12-07 17:08 <REP> d-------- c:\documents and settings\rolle\Application Data\Malwarebytes 2008-12-07 17:08 . 2008-12-07 17:08 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes 2008-12-07 17:08 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-07 17:08 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-03 21:01 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2008-11-30 19:19 . 2008-11-30 19:19 <REP> d-------- c:\program files\Moyea 2008-11-24 19:05 . 2008-11-29 01:58 <REP> d-------- c:\documents and settings\rolle\Application Data\Twain 2008-11-24 14:06 . 2008-11-24 20:16 <REP> d-------- c:\windows\system32\vp2 2008-11-24 14:06 . 2008-11-24 20:14 <REP> d-------- c:\windows\system32\NX 2008-11-24 14:06 . 2008-12-06 00:40 <REP> d-------- C:\Temp 2008-11-23 23:56 . 2008-11-23 23:56 147,456 --a------ c:\windows\system32\vbzip10.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-10 17:56 --------- d-----w c:\program files\bwin 2008-12-08 19:53 --------- d-----w c:\program files\Fichiers communs\Symantec Shared 2008-11-25 21:38 --------- d-----w c:\program files\Java 2008-11-05 20:41 --------- d-----w c:\program files\Everest Poker 2008-11-02 13:55 --------- d-----w c:\documents and settings\rolle\Application Data\Moyea 2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-12 14:41 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-12 14:41 --------- d-----w c:\program files\Infogrames 2008-09-29 05:00 75 ----a-w c:\windows\Fonts\verdanaz._ttf 2008-09-28 20:52 264 ----a-w c:\windows\Fonts\webdings._ttf 2007-02-20 19:47 41,992 -c--a-w c:\documents and settings\rolle\Application Data\GDIPFONTCACHEV1.DAT 2006-09-11 00:29 278,528 -c--a-w c:\program files\Fichiers communs\FDEUnInstaller.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872] "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-08-19 290816] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-03-01 200766] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-04-08 4730880] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-08 159744] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-06-16 81920] "LogitechCommunicationsManager"="c:\program files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 284184] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 746520] "LVCOMSX"="c:\program files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" [2006-11-15 244512] "ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184] "AGRSMMSG"="AGRSMMSG.exe" [2004-09-04 c:\windows\AGRSMMSG.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\6c37c379511] 2008-12-08 22:15 135168 c:\windows\system32\dsauth32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= i263_32.drv "msacm.g723"= g723.acm "vidc.I263"= I263_32.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SoftwareDistribution32] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2004-06-16 06:03 221184 c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager] --a------ 2003-08-19 00:01 110592 c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\StubInstaller.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Documents and Settings\\rolle\\Bureau\\Age Of Empire II\\empires2.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Documents and Settings\\rolle\\Bureau\\Age Of Empire II\\age2_x1.exe"= "c:\\WINDOWS\\explorer.exe"= R2 LF30FS;LF30FS;\??\c:\program files\Everstrike Software\ XP 3.6\LF30XP.sys [2004-11-19 101488] S2 DComEx;COM+ System Executer;c:\windows\System32\SoftwareDistribution32\mmc.exe [] S2 SoftwareDistribution32;Software Distribution;c:\windows\Rootdistribution32.exe [] S3 Philipscam2;Caméra numérique Philips 646 ; Vidéo;c:\windows\system32\DRIVERS\philcam1.sys [2006-10-19 75776] . - - - - ORPHELINS SUPPRIMES - - - - BHO-{2240318D-8863-42FD-A671-520D33A940D4} - (no file) HKCU-Run-alpha - c:\z_drivers\svchost.exe HKCU-Run-CDriver - c:\z_drivers\svchost.exe HKCU-Run-DDriver - c:\z_drivers\svchost.exe HKCU-Run-beta - c:\z_drivers\svchost.exe HKCU-Run-gamma - c:\z_drivers\svchost.exe HKCU-Run-AlcoholAutomount - c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe HKCU-Run-ccleaner - c:\documents and settings\rolle\Bureau\CCleaner\ccleaner.exe HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe HKCU-Run-oeqwk - c:\documents and settings\rolle\local settings\application data\oeqwk.exe HKLM-Run-LFAgent - (no file) HKU-Default-Run-CDriver - c:\z_drivers\svchost.exe HKU-Default-Run-DDriver - c:\z_drivers\svchost.exe HKU-Default-Run-alpha - c:\z_drivers\svchost.exe HKU-Default-Run-beta - c:\z_drivers\svchost.exe HKU-Default-Run-gamma - c:\z_drivers\svchost.exe HKU-Default-Run-DriverLoad - (no file) HKU-Default-Run-DriverCheck - (no file) HKU-Default-Run-SystemDriverLoad - (no file) HKU-Default-Run-SystemDriver - (no file) HKU-Default-Run-FDriver - (no file) HKU-Default-Run-ADriver - (no file) ShellExecuteHooks-{ADA12CEB-64E9-494A-B404-D0ECF3065519} - (no file) ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-10 20:09:30 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????????????????p???? ???B???????????????B? ?????? Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(740) c:\windows\System32\dsauth32.dll c:\windows\system32\WININET.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe c:\windows\system32\scardsvr.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\locator.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\vssvc.exe c:\program files\Apoint2K\ApntEx.exe c:\program files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Heure de fin: 2008-12-10 20:11:46 - La machine a redémarré ComboFix-quarantined-files.txt 2008-12-10 19:11:43 Avant-CF: 26 554 028 032 octets libres Après-CF: 26,509,434,880 octets libres WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect 220
-
ok, merci. Mais au final est ce que tu peux me resumer ce que j'avais sur ma machine, juste pour comprendre ce qu'on vient de faire. STP Dernier rapport "CLEANNAVI.txt", suivi du rapport "HijackThis": ******************************************************************************** ** CLEANNAVI.txt ******************************************************************************** ** Clean Navipromo version 3.6.9 commencé le 12/08/08 à 2:34:02,29 Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "rolle" Mise à jour le 05.11.2008 à 21h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 7.0.5730.11 Système de fichiers : NTFS Mode suppression automatique avec prise en charge résultats Catchme et GNS Nettoyage exécuté au redémarrage de l'ordinateur *** fsbl1.txt non trouvé *** (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche) *** Suppression avec sauvegardes résultats GenericNaviSearch *** * Suppression dans "C:\WINDOWS\System32" * * Suppression dans "C:\Documents and Settings\rolle\locals~1\applic~1" * * Suppression dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * *** Suppression dossiers dans "C:\WINDOWS" *** *** Suppression dossiers dans "C:\Program Files" *** *** Suppression dossiers dans "C:\Documents and Settings\All Users.WINDOWS\menudm~1\progra~1" *** *** Suppression dossiers dans "C:\Documents and Settings\All Users.WINDOWS\menudm~1" *** ******************************************************************************** *** HijackThis ******************************************************************************** *** Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:42:02, on 12/08/08 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\vssvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe C:\Documents and Settings\rolle\Bureau\iexplore.exe C:\Documents and Settings\rolle\Bureau\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2240318D-8863-42FD-A671-520D33A940D4} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file) O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [iSUSPM Startup] c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe O4 - HKCU\..\Run: [alpha] c:\z_Drivers\svchost.exe O4 - HKCU\..\Run: [CDriver] c:\z_Drivers\svchost.exe O4 - HKCU\..\Run: [DDriver] c:\z_Drivers\svchost.exe O4 - HKCU\..\Run: [beta] c:\z_Drivers\svchost.exe O4 - HKCU\..\Run: [gamma] c:\z_Drivers\svchost.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [ccleaner] "C:\Documents and Settings\rolle\Bureau\CCleaner\ccleaner.exe" /AUTO O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [oeqwk] "c:\documents and settings\rolle\local settings\application data\oeqwk.exe" oeqwk O4 - HKLM\..\Policies\Explorer\Run: [CDriver] c:\z_Drivers\svchost.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [systemDriverLoad] (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [systemDriver] (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [FDriver] (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [ADriver] (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [CDriver] c:\z_Drivers\svchost.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DDriver] c:\z_Drivers\svchost.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [alpha] c:\z_Drivers\svchost.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [beta] c:\z_Drivers\svchost.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [gamma] c:\z_Drivers\svchost.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\lcntlsdl.exe O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rswnw64m.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - AppInit_DLLs: pkwmex.dll O23 - Service: COM+ System Executer (DComEx) - Unknown owner - C:\WINDOWS\System32\SoftwareDistribution32\mmc.exe (file missing) O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Software Distribution (SoftwareDistribution32) - Unknown owner - C:\WINDOWS\Rootdistribution32.exe (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing) O24 - Desktop Component 0: (no name) - http://www.glenatbd.com/dyn/glenat/upload/...ran/224-800.jpg -- End of file - 8597 bytes
-
Effectivement, comme tu dis sacrée récolte. Le fait est que j'ai laissé mon ordi longtemps sans anti virus et voila le resultat. Je suis concient d'avoir fait une boulette. Voici le rapport "navilog1": Search Navipromo version 3.6.9 commencé le 12/07/08 à 23:58:19,79 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "rolle" Mise à jour le 05.11.2008 à 21h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 7.0.5730.11 Système de fichiers : NTFS Recherche executé en mode normal *** Recherche Programmes installés *** *** Recherche dossiers dans "C:\WINDOWS" *** *** Recherche dossiers dans "C:\Program Files" *** *** Recherche dossiers dans "C:\Documents and Settings\All Users.WINDOWS\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\Documents and Settings\All Users.WINDOWS\menudm~1" *** *** Recherche dossiers dans "c:\docume~1\alluse~1.win\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\rolle\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\rolle\locals~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\rolle\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans "C:\WINDOWS\system32" * * Recherche dans "C:\Documents and Settings\rolle\locals~1\applic~1" * * Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * *** Recherche fichiers *** *** Recherche clés spécifiques dans le Registre *** HKEY_CURRENT_USER\Software\Lanconfig trouvé ! *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans "C:\WINDOWS\system32" : * Dans "C:\Documents and Settings\rolle\locals~1\applic~1" : * Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" : 3)Recherche Certificats : Certificat Egroup trouvé ! Certificat Electronic-Group trouvé ! Certificat Montorgueil absent ! Certificat OOO-Favorit trouvé ! Certificat Sunny-Day-Design-Ltd absent ! 4)Recherche fichiers connus : *** Analyse terminée le 12/08/08 à 0:02:15,31 ***
-
VOILA LE "LOG / RAPPORT" DANS SON INTEGRALITE: Malwarebytes' Anti-Malware 1.31 Version de la base de données: 1471 Windows 5.1.2600 Service Pack 2 12/07/08 17:51:45 mbam-log-2008-12-07 (17-51-45).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 94486 Temps écoulé: 39 minute(s), 31 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 4 Clé(s) du Registre infectée(s): 49 Valeur(s) du Registre infectée(s): 25 Elément(s) de données du Registre infecté(s): 3 Dossier(s) infecté(s): 18 Fichier(s) infecté(s): 56 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): C:\WINDOWS\system32\atifqvpv.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\awtqpPgf.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\igoqbpao.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\pkwmex.dll (Trojan.Vundo.H) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ada12ceb-64e9-494a-b404-d0ecf3065519} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbxopgfd (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ada12ceb-64e9-494a-b404-d0ecf3065519} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8d30782-f3fb-4da1-812a-0c2bd594efda} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{c8d30782-f3fb-4da1-812a-0c2bd594efda} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7b266b2-595c-43d9-9a10-4efd87101091} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e7b266b2-595c-43d9-9a10-4efd87101091} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6cab59b4-55a3-4737-9fd5-b93c6430bf77} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{6cab59b4-55a3-4737-9fd5-b93c6430bf77} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6cab59b4-55a3-4737-9fd5-b93c6430bf77} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\testcpv6.bho.1 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj.1 (Adware.WebHancer) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1f323594-30e9-4e1e-8262-ca7b4d0a65a1} (Adware.EGDAccess) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{c2ccbfaf-1474-4e53-8130-0cc12b31856b} (Adware.EGDAccess) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{95012afd-f4f1-4a96-bf3b-4f5d6c54d593} (Adware.EGDAccess) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c8d30782-f3fb-4da1-812a-0c2bd594efda} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e7b266b2-595c-43d9-9a10-4efd87101091} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpeedRunner (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\SpeedRunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dnlsvc (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deewoo Network Manager (Adware.Radio) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\whiehelperobj.whiehelperobj (Adware.WebHancer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent (Adware.WebHancer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\webHancer (Adware.WebHancer) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6c37c3d6 (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ddriver (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\alpha (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\beta (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\gamma (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{7c-c3-37-79-dw} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ExploreUpdSched (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Host Process (Worm.IRCBot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DriverCheck (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SystemDriverLoad (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SystemDriver (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\FDriver (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ADriver (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DriverLoad (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\DriverLoad (Trojan.Clicker) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\DriverCheck (Trojan.Clicker) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\SystemDriverLoad (Trojan.Clicker) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\winhost (Trojan.Clicker) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\winhost1 (Trojan.Clicker) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\winhost2 (Trojan.Clicker) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\winhost3 (Trojan.Clicker) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\winhost4 (Trojan.Clicker) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\FDriver (Trojan.Clicker) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ADriver (Trojan.Clicker) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\SystemDriver (Trojan.Clicker) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\awtqppgf -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\awtqppgf -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Dossier(s) infecté(s): C:\Program Files\Webtools (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\append.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xlib254.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Fonts\' (Trojan.Agent) -> Files: 28608 -> Quarantined and deleted successfully. C:\Program Files\Mjcore (Trojan.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService.AUTORITE NT\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService.AUTORITE NT\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService.AUTORITE NT\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService.AUTORITE NT\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService.AUTORITE NT\Application Data\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Documents and Settings\rolle\Application Data\gadcom (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\rolle\Application Data\speedrunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\WINDOWS\system32\cbXoPgfd.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\awtqpPgf.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\fgPpqtwa.ini (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\fgPpqtwa.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pkwmex.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\atifqvpv.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\vpvqfita.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fwpkpmkk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kkmpkpwf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\odflwyes.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\seywlfdo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wfeqgkfd.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dfkgqefw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\igoqbpao.dll (Trojan.Vundo.H) -> Delete on reboot. C:\Documents and Settings\rolle\Local Settings\Application Data\laetrg_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\rolle\Local Settings\Application Data\laetrg_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\rolle\Local Settings\Application Data\laetrg.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\rolle\Local Settings\Application Data\oeqwk_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\rolle\Local Settings\Application Data\oeqwk_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\rolle\Local Settings\Application Data\oeqwk.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\rolle\Local Settings\Application Data\oeqwk.exe (Adware.Navipromo.H) -> Delete on reboot. C:\Documents and Settings\rolle\Local Settings\Application Data\yyykyya_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\rolle\Local Settings\Application Data\yyykyya_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully. C:\Documents and Settings\rolle\Local Settings\Application Data\yyykyya.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully. C:\Program Files\Mjcore\Mjcore.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\Program Files\Webtools\webtools.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\rolle\Local Settings\Temp\uufuayaq.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F1A2EBDE-549E-43E9-9CD6-D0FD124C1EFF}\RP233\A0536435.exe (Adware.Webhancer) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F1A2EBDE-549E-43E9-9CD6-D0FD124C1EFF}\RP233\A0536438.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F1A2EBDE-549E-43E9-9CD6-D0FD124C1EFF}\RP233\A0536447.exe (Adware.Webhancer) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ksahmvpy.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hdbvufeb.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hgwkmg.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService.AUTORITE NT\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService.AUTORITE NT\Application Data\ShoppingReport\cs\persist.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService.AUTORITE NT\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService.AUTORITE NT\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService.AUTORITE NT\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Documents and Settings\NetworkService.AUTORITE NT\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\ShoppingReport\cs\persist.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Documents and Settings\rolle\Application Data\speedrunner\config.cfg (Adware.SurfAccuracy) -> Quarantined and deleted successfully. C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\zxdnt3d.cfg. (Adware.ZenoSearch) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\crock+mock.config (Worm.Zhelatin) -> Quarantined and deleted successfully. C:\WINDOWS\system32\winsub.xml (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\svcp.csv (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Documents and Settings\rolle\Application Data\temp.dll (Trojan.Agent) -> Quarantined and deleted successfully.
-
Merci Falkra! Le remede a ete super efficace. Tout a l'air de tres bien fonctionner, je n'ai plus de pop up qui apparaissent, plus de ralentissements. Je revies. voici le nouveau rapport HijackThis apres desinfection. Ca ne me parle pas plus que ca, mais en touts cas je n'ai plus de probleme: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:59:41, on 12/07/08 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\vssvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe C:\Documents and Settings\rolle\Bureau\iexplore.exe C:\Documents and Settings\rolle\Bureau\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2240318D-8863-42FD-A671-520D33A940D4} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file) O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [iSUSPM Startup] c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe O4 - HKCU\..\Run: [alpha] c:\z_Drivers\svchost.exe O4 - HKCU\..\Run: [CDriver] c:\z_Drivers\svchost.exe O4 - HKCU\..\Run: [DDriver] c:\z_Drivers\svchost.exe O4 - HKCU\..\Run: [beta] c:\z_Drivers\svchost.exe O4 - HKCU\..\Run: [gamma] c:\z_Drivers\svchost.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [ccleaner] "C:\Documents and Settings\rolle\Bureau\CCleaner\ccleaner.exe" /AUTO O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [oeqwk] "c:\documents and settings\rolle\local settings\application data\oeqwk.exe" oeqwk O4 - HKLM\..\Policies\Explorer\Run: [CDriver] c:\z_Drivers\svchost.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [systemDriverLoad] (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [systemDriver] (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [FDriver] (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [ADriver] (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [CDriver] c:\z_Drivers\svchost.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DDriver] c:\z_Drivers\svchost.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [alpha] c:\z_Drivers\svchost.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [beta] c:\z_Drivers\svchost.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [gamma] c:\z_Drivers\svchost.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\lcntlsdl.exe O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rswnw64m.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - AppInit_DLLs: pkwmex.dll O23 - Service: COM+ System Executer (DComEx) - Unknown owner - C:\WINDOWS\System32\SoftwareDistribution32\mmc.exe (file missing) O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Software Distribution (SoftwareDistribution32) - Unknown owner - C:\WINDOWS\Rootdistribution32.exe (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing) O24 - Desktop Component 0: (no name) - http://www.glenatbd.com/dyn/glenat/upload/...ran/224-800.jpg -- End of file - 8475 bytes encore merci...
-
Bonjour, Encore un sujet mainte fois évoqué, mais je sollicite votre aide pour l'interprétation de mon rapport HijackThis. En effet, depuis qq semaines je suis gené par des pop up intempestifs (differents sujets: "votre PC est infecté télécharger tel ou tel logiciel.." "sites sur des smileys"... "sites de rencontres" sites de poker".. etc...). Voici le rapport HijackThis: gfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:31:48, on 12/06/08 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\vssvc.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\bwin\bwinPoker.exe C:\Documents and Settings\rolle\Bureau\iexplore.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\rolle\Local Settings\Temporary Internet Files\Content.IE5\3UUZSQD0\HiJackThis[1].exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2240318D-8863-42FD-A671-520D33A940D4} - (no file) O2 - BHO: {a8a0714b-b4ec-f048-dca4-d844f5f4df84} - {48fd4f5f-448d-4acd-840f-ce4bb4170a8a} - C:\WINDOWS\system32\zqbdba.dll O2 - BHO: (no name) - {6CAB59B4-55A3-4737-9FD5-B93C6430BF77} - C:\WINDOWS\system32\igoqbpao.dll O2 - BHO: (no name) - {73979496-E597-4F79-A630-523290FD5113} - C:\WINDOWS\system32\awtqpPgf.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {ADA12CEB-64E9-494A-B404-D0ECF3065519} - C:\WINDOWS\system32\cbXoPgfd.dll (file missing) O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file) O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [iSUSPM Startup] c:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe O4 - HKLM\..\Run: [{7C-C3-37-79-DW}] C:\windows\system32\rswnw64m.exe DWmmm01 O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\lcntlsdl.exe DWmmm01 O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe O4 - HKLM\..\Run: [6c37c3d6] rundll32.exe "C:\WINDOWS\system32\ebscehti.dll",b O4 - HKCU\..\Run: [alpha] c:\z_Drivers\svchost.exe O4 - HKCU\..\Run: [CDriver] c:\z_Drivers\svchost.exe O4 - HKCU\..\Run: [DDriver] c:\z_Drivers\svchost.exe O4 - HKCU\..\Run: [beta] c:\z_Drivers\svchost.exe O4 - HKCU\..\Run: [gamma] c:\z_Drivers\svchost.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [ccleaner] "C:\Documents and Settings\rolle\Bureau\CCleaner\ccleaner.exe" /AUTO O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKLM\..\Policies\Explorer\Run: [CDriver] c:\z_Drivers\svchost.exe O4 - HKLM\..\Policies\Explorer\Run: [DDriver] c:\z_Drivers\svchost.exe O4 - HKLM\..\Policies\Explorer\Run: [alpha] c:\z_Drivers\svchost.exe O4 - HKLM\..\Policies\Explorer\Run: [beta] c:\z_Drivers\svchost.exe O4 - HKLM\..\Policies\Explorer\Run: [gamma] c:\z_Drivers\svchost.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [systemDriverLoad] (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [systemDriver] (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [FDriver] (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [ADriver] (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [CDriver] c:\z_Drivers\svchost.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DDriver] c:\z_Drivers\svchost.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [alpha] c:\z_Drivers\svchost.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [beta] c:\z_Drivers\svchost.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [gamma] c:\z_Drivers\svchost.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\lcntlsdl.exe O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rswnw64m.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - AppInit_DLLs: zqbdba.dll O20 - Winlogon Notify: cbXoPgfd - cbXoPgfd.dll (file missing) O23 - Service: COM+ System Executer (DComEx) - Unknown owner - C:\WINDOWS\System32\SoftwareDistribution32\mmc.exe (file missing) O23 - Service: MS Software Shadow Download Provider (dnlsvc) - Unknown owner - C:\DOCUME~1\rolle\LOCALS~1\Temp\dnlsvc.exe (file missing) O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Software Distribution (SoftwareDistribution32) - Unknown owner - C:\WINDOWS\Rootdistribution32.exe (file missing) O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing) O24 - Desktop Component 0: (no name) - http://www.glenatbd.com/dyn/glenat/upload/...ran/224-800.jpg -- End of file - 9706 bytes MERCI POUR VOTRE AIDE