Aller au contenu

fchantel

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    9

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par fchantel

  1. fchantel
    ok, le fichier est viré avec unlocker après redémarrage du PC. et...................... magie............. ça à l'air de fonctionner parfaitement. ma fenêtre Norton m'indiquant le virus ne s'est pas ouverte au démarrage du navigateur, j'ai même récupéré des sites internet qui étaient bloqués. Un grand merci pour toutes ces manipulations, je te confirme la bonne tenue du micro demain.
  2. fchantel
    voici le résultat concernant le lien "virus total" Fichier Frederic.exe reçu le 2009.05.08 22:39:12 (CET)Antivirus Version Dernière mise à jour Résultat a-squared 4.0.0.101 2009.05.08 Trojan.Kobcka!IK AhnLab-V3 5.0.0.2 2009.05.08 Win-Trojan/Agent.21026 AntiVir 7.9.0.166 2009.05.08 - Antiy-AVL 2.0.3.1 2009.05.08 Trojan/Win32.Agent Authentium 5.1.2.4 2009.05.08 - Avast 4.8.1335.0 2009.05.08 - AVG 8.5.0.327 2009.05.08 Agent2.FJA BitDefender 7.2 2009.05.08 Trojan.Dropper.Kobcka.FG CAT-QuickHeal 10.00 2009.05.08 Trojan.Kobcka.a ClamAV 0.94.1 2009.05.08 Trojan.Kobcka-23 Comodo 1157 2009.05.08 Unclassified Malware DrWeb 5.0.0.12182 2009.05.08 Trojan.DownLoad.33158 eSafe 7.0.17.0 2009.05.07 - eTrust-Vet 31.6.6496 2009.05.08 - F-Prot 4.4.4.56 2009.05.08 - F-Secure 8.0.14470.0 2009.05.08 - Fortinet 3.117.0.0 2009.05.08 PossibleThreat GData 19 2009.05.08 Trojan.Dropper.Kobcka.FG Ikarus T3.1.1.49.0 2009.05.08 Trojan.Kobcka K7AntiVirus 7.10.729 2009.05.08 - Kaspersky 7.0.0.125 2009.05.08 - McAfee 5609 2009.05.08 Generic Dropper!o McAfee+Artemis 5609 2009.05.08 Generic Dropper!o McAfee-GW-Edition 6.7.6 2009.05.08 - Microsoft 1.4602 2009.05.08 Trojan:Win32/Meredrop NOD32 4063 2009.05.08 Win32/Wigon.KI Norman 6.01.05 2009.05.08 - nProtect 2009.1.8.0 2009.05.08 Trojan/W32.Agent.21027 Panda 10.0.0.14 2009.05.08 Generic Trojan PCTools 4.4.2.0 2009.05.07 - Prevx 3.0 2009.05.08 High Risk Cloaked Malware Prevx1 V2 2009.05.08 High Risk Cloaked Malware Rising 21.28.41.00 2009.05.08 Trojan.DL.Win32.Mnless.dag Sophos 4.41.0 2009.05.08 Mal/Pushdo-A Sunbelt 3.2.1858.2 2009.05.08 - Symantec 1.4.4.12 2009.05.08 Downloader TheHacker 6.3.4.1.323 2009.05.08 Trojan/Agent.ccvk TrendMicro 8.950.0.1092 2009.05.08 - VBA32 3.12.10.4 2009.05.07 Trojan.Win32.Agent.ccvq ViRobot 2009.5.8.1725 2009.05.08 - VirusBuster 4.6.5.0 2009.05.08 - Information additionnelle File size: 21027 bytes MD5...: 79849a7147fa13e077e46f295f6dd4f1 SHA1..: d5fd76ee89b747211542c7eacb067b065efdc4bc SHA256: fc80927942646fccf0aeb54c939b45bf3e49d40a2bd5a6ae0969fcdeaa022cda SHA512: d95b4597481a906981c0d85de6f563c89928e23c5ac87768c9d15ed04735f70b<BR>2d61ecefb9dba6af6a4ff76c42c7024f70662ac58799e1f263ed72cdb5fceb17 ssdeep: 384:buQgxvoHNOcTeX79Y3ieHOtWZsfKb54fVK5ma01zFHJgORxBNKEOH0Q0fAE:<BR>bdgxvoBeXbehsfqUVKwjZFHhBktUQiAE<BR> PEiD..: - TrID..: File type identification<BR>Win32 Executable Generic (42.3%)<BR>Win32 Dynamic Link Library (generic) (37.6%)<BR>Generic Win/DOS Executable (9.9%)<BR>DOS Executable Generic (9.9%)<BR>VXD Driver (0.1%) PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1150<BR>timedatestamp.....: 0x49f1da16 (Fri Apr 24 15:26:14 2009)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0xa1c 0xa20 6.43 2fd72f3d92f884c5bbd1d69734f6e03f<BR>.data 0x2000 0x44c 0x44e 4.88 2eebcd5154f8a41b909072ea4f94c285<BR>.rsrc 0x3000 0x3e20 0x3e23 7.98 2f5656ebb2a94483fa4a4472d31f9060<BR><BR>( 2 imports ) <BR>> KERNEL32.dll: CreateThread, ExitProcess, ExitThread, GetLastError, GetModuleHandleA, GetSystemInfo, GetVersionExA, LocalAlloc, WaitForSingleObject<BR>> USER32.dll: BlockInput, CharUpperA, CreateDialogParamA, CreateWindowExA, DefWindowProcA, DispatchMessageA, EndDialog, EndPaint, FindWindowA, GetAsyncKeyState, GetClassInfoExA, GetMessageA, GetSystemMetrics, GetTopWindow, LoadCursorA, LoadIconA, MessageBoxA, RegisterWindowMessageA, SetDlgItemInt, SetFocus, SetWindowTextA, ShowWindow, TranslateMessage, UpdateWindow<BR><BR>( 0 exports ) <BR> PDFiD.: - RDS...: NSRL Reference Data Set<BR>- <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=55EC549E2342F835520B002F51673A002AA1761E''>http://info.prevx.com/aboutprogramtext.asp?PX5=55EC549E2342F835520B002F51673A002AA1761E''>http://info.prevx.com/aboutprogramtext.asp?PX5=55EC549E2342F835520B002F51673A002AA1761E''>http://info.prevx.com/aboutprogramtext.asp?PX5=55EC549E2342F835520B002F51673A002AA1761E' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=55EC549E2342F835520B002F51673A002AA1761E</a>'>http://info.prevx.com/aboutprogramtext.asp?PX5=55EC549E2342F835520B002F51673A002AA1761E</a>'>http://info.prevx.com/aboutprogramtext.asp?PX5=55EC549E2342F835520B002F51673A002AA1761E</a>'>http://info.prevx.com/aboutprogramtext.asp?PX5=55EC549E2342F835520B002F51673A002AA1761E</a> Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=55EC549E2342F835520B002F51673A002AA1761E' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=55EC549E2342F835520B002F51673A002AA1761E</a> Antivirus Version Dernière mise à jour Résultat a-squared 4.0.0.101 2009.05.08 Trojan.Kobcka!IK AhnLab-V3 5.0.0.2 2009.05.08 Win-Trojan/Agent.21026 AntiVir 7.9.0.166 2009.05.08 - Antiy-AVL 2.0.3.1 2009.05.08 Trojan/Win32.Agent Authentium 5.1.2.4 2009.05.08 - Avast 4.8.1335.0 2009.05.08 - AVG 8.5.0.327 2009.05.08 Agent2.FJA BitDefender 7.2 2009.05.08 Trojan.Dropper.Kobcka.FG CAT-QuickHeal 10.00 2009.05.08 Trojan.Kobcka.a ClamAV 0.94.1 2009.05.08 Trojan.Kobcka-23 Comodo 1157 2009.05.08 Unclassified Malware DrWeb 5.0.0.12182 2009.05.08 Trojan.DownLoad.33158 eSafe 7.0.17.0 2009.05.07 - eTrust-Vet 31.6.6496 2009.05.08 - F-Prot 4.4.4.56 2009.05.08 - F-Secure 8.0.14470.0 2009.05.08 - Fortinet 3.117.0.0 2009.05.08 PossibleThreat GData 19 2009.05.08 Trojan.Dropper.Kobcka.FG Ikarus T3.1.1.49.0 2009.05.08 Trojan.Kobcka K7AntiVirus 7.10.729 2009.05.08 - Kaspersky 7.0.0.125 2009.05.08 - McAfee 5609 2009.05.08 Generic Dropper!o McAfee+Artemis 5609 2009.05.08 Generic Dropper!o McAfee-GW-Edition 6.7.6 2009.05.08 - Microsoft 1.4602 2009.05.08 Trojan:Win32/Meredrop NOD32 4063 2009.05.08 Win32/Wigon.KI Norman 6.01.05 2009.05.08 - nProtect 2009.1.8.0 2009.05.08 Trojan/W32.Agent.21027 Panda 10.0.0.14 2009.05.08 Generic Trojan PCTools 4.4.2.0 2009.05.07 - Prevx 3.0 2009.05.08 High Risk Cloaked Malware Prevx1 V2 2009.05.08 High Risk Cloaked Malware Rising 21.28.41.00 2009.05.08 Trojan.DL.Win32.Mnless.dag Sophos 4.41.0 2009.05.08 Mal/Pushdo-A Sunbelt 3.2.1858.2 2009.05.08 - Symantec 1.4.4.12 2009.05.08 Downloader TheHacker 6.3.4.1.323 2009.05.08 Trojan/Agent.ccvk TrendMicro 8.950.0.1092 2009.05.08 - VBA32 3.12.10.4 2009.05.07 Trojan.Win32.Agent.ccvq ViRobot 2009.5.8.1725 2009.05.08 - VirusBuster 4.6.5.0 2009.05.08 - Information additionnelle File size: 21027 bytes MD5...: 79849a7147fa13e077e46f295f6dd4f1 SHA1..: d5fd76ee89b747211542c7eacb067b065efdc4bc SHA256: fc80927942646fccf0aeb54c939b45bf3e49d40a2bd5a6ae0969fcdeaa022cda SHA512: d95b4597481a906981c0d85de6f563c89928e23c5ac87768c9d15ed04735f70b<BR>2d61ecefb9dba6af6a4ff76c42c7024f70662ac58799e1f263ed72cdb5fceb17 ssdeep: 384:buQgxvoHNOcTeX79Y3ieHOtWZsfKb54fVK5ma01zFHJgORxBNKEOH0Q0fAE:<BR>bdgxvoBeXbehsfqUVKwjZFHhBktUQiAE<BR> PEiD..: - TrID..: File type identification<BR>Win32 Executable Generic (42.3%)<BR>Win32 Dynamic Link Library (generic) (37.6%)<BR>Generic Win/DOS Executable (9.9%)<BR>DOS Executable Generic (9.9%)<BR>VXD Driver (0.1%) PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x1150<BR>timedatestamp.....: 0x49f1da16 (Fri Apr 24 15:26:14 2009)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0xa1c 0xa20 6.43 2fd72f3d92f884c5bbd1d69734f6e03f<BR>.data 0x2000 0x44c 0x44e 4.88 2eebcd5154f8a41b909072ea4f94c285<BR>.rsrc 0x3000 0x3e20 0x3e23 7.98 2f5656ebb2a94483fa4a4472d31f9060<BR><BR>( 2 imports ) <BR>> KERNEL32.dll: CreateThread, ExitProcess, ExitThread, GetLastError, GetModuleHandleA, GetSystemInfo, GetVersionExA, LocalAlloc, WaitForSingleObject<BR>> USER32.dll: BlockInput, CharUpperA, CreateDialogParamA, CreateWindowExA, DefWindowProcA, DispatchMessageA, EndDialog, EndPaint, FindWindowA, GetAsyncKeyState, GetClassInfoExA, GetMessageA, GetSystemMetrics, GetTopWindow, LoadCursorA, LoadIconA, MessageBoxA, RegisterWindowMessageA, SetDlgItemInt, SetFocus, SetWindowTextA, ShowWindow, TranslateMessage, UpdateWindow<BR><BR>( 0 exports ) <BR> PDFiD.: - RDS...: NSRL Reference Data Set<BR>- <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=55EC549E2342F835520B002F51673A002AA1761E' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=55EC549E2342F835520B002F51673A002AA1761E</a> Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=55EC549E2342F835520B002F51673A002AA1761E' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=55EC549E2342F835520B002F51673A002AA1761E</a>
  3. fchantel
    voici le résultat de bitdefender: Fichier analysé Statut C:\Documents and Settings\Frederic\Frederic.exe Infecté par: Trojan.Dropper.Kobcka.FG C:\Documents and Settings\Frederic\Frederic.exe Echec de la désinfection C:\Documents and Settings\Frederic\Frederic.exe Echec de la suppression C:\Images\top\kmd171gu_en.exe=>(Instyler o)=>(Instyler Module 1) Infecté par: Trojan.Generic.577977 C:\Images\top\kmd171gu_en.exe=>(Instyler o)=>(Instyler Module 1) Infecté par: Trojan.Generic.577977 C:\Images\top\kmd171gu_en.exe=>(Instyler o)=>(Instyler Module 1) Supprimé C:\Images\top\kmd171gu_en.exe=>(Instyler o) Echec de la mise à jour C:\Images\top\kmd171gu_en.exe=>(Instyler o)=>(Instyler Module 3)=>(ZIP Sfx s)=>cd_clint.dll Détecté avec: Adware.Cydoor.4 C:\Images\top\kmd171gu_en.exe=>(Instyler o)=>(Instyler Module 3)=>(ZIP Sfx s)=>cd_clint.dll Supprimé C:\Images\top\kmd171gu_en.exe=>(Instyler o)=>(Instyler Module 3)=>(ZIP Sfx s) Mis à jour C:\Images\top\kmd171gu_en.exe=>(Instyler o)=>(Instyler Module 3)=>(ZIP Sfx s)=>cd_htm.dll Détecté avec: Adware.CyDoor C:\Images\top\kmd171gu_en.exe=>(Instyler o)=>(Instyler Module 3)=>(ZIP Sfx s)=>cd_htm.dll Supprimé C:\Images\top\kmd171gu_en.exe=>(Instyler o)=>(Instyler Module 3)=>(ZIP Sfx s) Mis à jour C:\Images\top\kmd171gu_en.exe=>(Instyler o)=>(Instyler Module 3) Echec de la mise à jour C:\Logiciels\A trier\getrt430.exe=>wise0033 Détecté avec: Spyware.3640 C:\Logiciels\A trier\getrt430.exe=>wise0033 Supprimé C:\Logiciels\A trier\getrt430.exe Echec de la mise à jour C:\Logiciels\A trier\getrt430.exe=>wise0037 Détecté avec: Application.Conducent.Timesink.C C:\Logiciels\A trier\getrt430.exe=>wise0037 Echec de la désinfection C:\Logiciels\A trier\getrt430.exe=>wise0037 Supprimé C:\Logiciels\A trier\getrt430.exe Echec de la mise à jour C:\System Volume Information\_restore{A0F9BB12-32D8-4B90-A228-3F9E29993DDD}\RP758\A0155683.exe=>wise0102 Détecté avec: Adware.Tsadvert.E C:\System Volume Information\_restore{A0F9BB12-32D8-4B90-A228-3F9E29993DDD}\RP758\A0155683.exe=>wise0102 Supprimé C:\System Volume Information\_restore{A0F9BB12-32D8-4B90-A228-3F9E29993DDD}\RP758\A0155683.exe Echec de la mise à jour C:\System Volume Information\_restore{A0F9BB12-32D8-4B90-A228-3F9E29993DDD}\RP758\A0155683.exe=>wise0103 Détecté avec: Spyware.3640 C:\System Volume Information\_restore{A0F9BB12-32D8-4B90-A228-3F9E29993DDD}\RP758\A0155683.exe=>wise0103 Supprimé C:\System Volume Information\_restore{A0F9BB12-32D8-4B90-A228-3F9E29993DDD}\RP758\A0155683.exe Echec de la mise à jour
  4. fchantel
    j'utilise Firefox comme navigateur, puis-je tout de même faire ce scan avec ce lien?
  5. fchantel
    oui, je pense à votre étape 6. le nom du virus détecté par Norton est Hacktool.rootkit directory: c:/ windows/system32/drivers/netsik.sys, celle ci est variable.
  6. fchantel
    voici le résultat du scan complet MBAM Malwarebytes' Anti-Malware 1.36 Version de la base de données: 2090 Windows 5.1.2600 Service Pack 2 08/05/2009 11:46:48 mbam-log-2009-05-08 (11-46-48).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 192041 Temps écoulé: 1 hour(s), 27 minute(s), 7 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 2 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 2 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amd64si (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati64si (Rootkit.Agent) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\System Volume Information\_restore{A0F9BB12-32D8-4B90-A228-3F9E29993DDD}\RP760\A0155735.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{A0F9BB12-32D8-4B90-A228-3F9E29993DDD}\RP763\A0155786.sys (Rootkit.Agent) -> Quarantined and deleted successfully. et celui de Hijackthis après avoir rebooté Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:50:59, on 08/05/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\ALCMTR.EXE C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\Program Files\Saitek\Software\Profiler.exe C:\Program Files\Saitek\Software\SaiMfd.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Photo Viewer\album.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Documents and Settings\Frederic\Frederic.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe O4 - HKLM\..\Run: [saiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [PhotoViewer] C:\Program Files\Photo Viewer\album.exe O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1036 O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [Frederic] C:\Documents and Settings\Frederic\Frederic.exe /i O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: ChkDisk.dll O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: ILTZEQY - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Frederic\LOCALS~1\Temp\ILTZEQY.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (file missing) -- End of file - 7530 bytes le pb n'a pas l'air résolu, j'ai encore eu un virus Rookit détecté par Norton merci à nouveau pour votre aide
  7. fchantel
    voici le nouveau scan Hijack this après redémarrage Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:56:42, on 08/05/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\ALCMTR.EXE C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\Program Files\Saitek\Software\Profiler.exe C:\Program Files\Saitek\Software\SaiMfd.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Photo Viewer\album.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Frederic\Frederic.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe O4 - HKLM\..\Run: [saiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [PhotoViewer] C:\Program Files\Photo Viewer\album.exe O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1036 O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [Frederic] C:\Documents and Settings\Frederic\Frederic.exe /i O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: ChkDisk.dll O4 - Startup: ChkDisk.lnk = ? O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: ILTZEQY - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Frederic\LOCALS~1\Temp\ILTZEQY.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (file missing) -- End of file - 8278 bytes
  8. fchantel
    Merci pour votre aide: voici le rapport de MBAM: j'ai donc supprimé les fichiers infectés Malwarebytes' Anti-Malware 1.36 Version de la base de données: 2090 Windows 5.1.2600 Service Pack 2 08/05/2009 09:47:37 mbam-log-2009-05-08 (09-47-37).txt Type de recherche: Examen rapide Eléments examinés: 93951 Temps écoulé: 10 minute(s), 27 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 1 Clé(s) du Registre infectée(s): 22 Valeur(s) du Registre infectée(s): 2 Elément(s) de données du Registre infecté(s): 2 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 140 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): C:\WINDOWS\system32\autochk.dll (Trojan.FakeAlert) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\ib15_1.cbrowserhelper (Spyware.Sters) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ib4.cbrowserhelper (Spyware.Sters) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{0a51d436-5c4d-4a56-98d1-fcda488ce240} (Spyware.Sters) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3022c80a-5a86-4161-94c8-4c7c8c4553f2} (Spyware.Sters) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{14a5f3e7-b235-4d98-9264-5c67d2657bc4} (Spyware.Sters) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{590ffb84-6a29-4797-9c0e-b15df2c4cdcb} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1e6ce4cd-161b-4847-b8bf-e2ef72299d69} (Spyware.Sters) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{deceaaa2-370a-49bb-9362-68c3a58ddc62} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amd64si (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ati64si (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ksi32sk (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\port135sik (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\securentm (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acpi32 (Rootkit.Spamtool) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i386si (Rootkit.Spamtool) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\systemntmi (Rootkit.Spamtool) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ws2_32sik (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nicsk32 (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netsik (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fips32cup (Rootkit.Agent) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Dropper) -> Data: digiwet.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): C:\WINDOWS\system32\drv32dta (Stolen.Data) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Documents and Settings\Frederic\Local Settings\Temp\pdfupd.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Frederic\Local Settings\Temp\wJQs.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Frederic\Local Settings\Temporary Internet Files\Content.IE5\P7ZB51SA\load[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Frederic\Local Settings\Temporary Internet Files\Content.IE5\QL9IZAL0\load[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\klg.tmp (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070106_104651.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070107_112909.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070108_185017.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070109_170313.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070110_184619.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070111_103536.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070111_222854.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070112_095923.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070113_093834.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070113_224051.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070114_094458.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070116_194822.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070117_193101.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070118_093644.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070118_141620.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070119_093850.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070119_184308.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070123_180142.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070124_093719.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070124_191007.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070125_175354.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070126_143242.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070127_101814.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070128_085413.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070130_190536.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070131_094943.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070201_143912.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070206_171033.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070207_094628.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070207_182450.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070208_093738.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070211_101444.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070212_145435.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070215_095246.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070215_200707.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070216_151251.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070217_082721.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070217_175656.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070217_180841.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070217_181320.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070217_182140.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070217_182648.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070217_182945.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070217_183617.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070217_190352.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070218_114825.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070218_115241.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070218_120346.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070218_121354.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070218_133906.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070218_184039.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070218_184623.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070218_185316.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070218_190122.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070218_191028.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070218_191939.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070218_220514.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070218_222130.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070218_224607.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070219_214216.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070219_214824.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070219_215321.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070219_221612.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070219_222333.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070219_222920.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070219_223453.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070220_224134.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070221_094608.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070221_182358.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070221_183756.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070222_102803.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070222_195556.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070226_210354.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070226_210800.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070226_211459.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070227_113607.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070228_223620.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070301_101418.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070301_193616.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070302_184659.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070304_103408.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070304_174424.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070305_182525.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070306_202023.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070307_085350.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070307_101446.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070307_184155.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070308_080910.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070309_090408.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070310_122546.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070311_071753.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070312_191119.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070313_154332.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070314_202238.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070315_101347.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070316_220416.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070324_141255.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070324_144329.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070324_221140.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070325_103806.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070326_095223.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070326_185552.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070327_195211.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070328_084406.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drv32dta\pstore_070329_101030.txt (Stolen.Data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\autochk.dll (Trojan.Agent) -> Delete on reboot. C:\Documents and Settings\NetworkService\protect.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Frederic\protect.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\LocalService\protect.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Frederic\Local Settings\Temp\BN3.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Frederic\Local Settings\Temp\BN4.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Frederic\Local Settings\Temp\BN5.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Frederic\Local Settings\Temp\BN6.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\wpv441240565622.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Frederic\Local Settings\Temp\BN2F.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Frederic\Local Settings\Temp\BN34.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Frederic\Local Settings\Temp\BN46.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Frederic\Local Settings\Temp\BN47.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Frederic\Local Settings\Temp\BN55.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Frederic\Local Settings\Temp\BN60.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Frederic\Local Settings\Temp\BN61.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Frederic\Local Settings\Temp\BN6E.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Frederic\Local Settings\Temp\BN6F.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Frederic\Local Settings\Temp\BN72.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Frederic\Local Settings\Temp\BN87.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Frederic\Local Settings\Temp\BN8E.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Frederic\Local Settings\Temp\BN9A.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Frederic\Local Settings\Temp\BNA7.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Frederic\Local Settings\Temp\BNB2.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Frederic\Local Settings\Temp\BNBD.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Frederic\Local Settings\Temp\BNC9.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\cina.ini (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\digiwet.dll (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\Frederic\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot. C:\Documents and Settings\Frederic\Local Settings\Temp\msb.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  9. fchantel
    Bonjour, depuis quelques temps, Norton antivirus détecte plusieurs fois par jour un virus Rookit, je n'arrive pas à m'en débarrasser. j'ai donc effectuer un premier rapport hijack this, supprimer les fichiers infecter mais cela n'a rien changer. je vous remercie de m'aider, voici le dernier scan avec Hijack this: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:29:15, on 08/05/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\ALCMTR.EXE C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\Program Files\Saitek\Software\Profiler.exe C:\Program Files\Saitek\Software\SaiMfd.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Photo Viewer\album.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TomTom HOME 2\HOMERunner.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Documents and Settings\Frederic\Frederic.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe O4 - HKLM\..\Run: [saiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [PhotoViewer] C:\Program Files\Photo Viewer\album.exe O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1036 O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16 O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [Frederic] C:\Documents and Settings\Frederic\Frederic.exe /i O4 - HKCU\..\Run: [autochk] rundll32.exe C:\DOCUME~1\NETWOR~1\protect.dll,_IWMPEvents@16 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: ChkDisk.dll O4 - Startup: ChkDisk.lnk = ? O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: ILTZEQY - Sysinternals - www.sysinternals.com - C:\DOCUME~1\Frederic\LOCALS~1\Temp\ILTZEQY.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (file missing) -- End of file - 8568 bytes
×
×
  • Créer...