Rapport Hijackthis - Cause re-démarrages intempestifs

VdeLab · le 1 juillet 2008

Bonjour à tous,

depuis qq semaines (une ou deux) je trouve que mon PC redémarre sans raison beaucoup trop souvent. IL y a aussi certaines phase où il est très lents...

J'ai donc suivi la pré-procédure de désinfection avec Antivir (qui a trouvé 6 virus/troyen) et voici le rapport hijackthis à la suite de tout cela.

Merci d'avance pour votre aide et votre temps,

Cordialement

Vdelab

****************

Logfile of HijackThis v1.99.1

Scan saved at 07:40:16, on 01/07/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

C:\Program Files\Avast4\aswUpdSv.exe

C:\Program Files\Avast4\ashServ.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Avast4\ashMaiSv.exe

C:\Program Files\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Avast4\ashDisp.exe

C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe

C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Utilitaires_PC\PrintScreen\PrintScreen.exe

C:\WINDOWS\system32\devldr32.exe

C:\Program Files\Vista_Menu\VistaStartMenu.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Desktop Sidebar\dsidebar.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\PROGRA~1\MICROS~3\rapimgr.exe

C:\Program Files\Adobe\Acrobat writer\Distillr\acrotray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

C:\Program Files\GigaTribe\gigatribe.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

E:\Utilitaires\cleanup_securite\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

http://www.avast.com/fre/faq-red-circle.html

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

*.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat writer\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} -

C:\Program Files\Desktop Sidebar\sbhelp.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program

Files\Utilitaire_securite\Spybot\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} -

C:\Program Files\Adobe\Acrobat writer\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Spb Wallet - {2913D3DD-9363-4C21-B205-C19A584A0674} - C:\Program Files\Spb

Wallet\SpbWalletToolbar.dll

O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} -

C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand201013011.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program

Files\Adobe\Acrobat writer\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program

Files\Acronis\TrueImage\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program

Files\Acronis\TrueImage\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers

communs\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software

Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program

Files\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iM Sniffer] "C:\Program Files\IM Sniffer\IMSniffer.exe" -start

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program

Files\Utilitaires_PC\PrintScreen\PrintScreen.exe /nosplash

O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista_Menu\VistaStartMenu.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [sIDEBAR] "C:\Program Files\Desktop Sidebar\dsidebar.exe"

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft

ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Program Files\Copernic Desktop Search

2\DesktopSearchService.exe" /tray

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"

-autorun

O4 - Startup: GigaTribe.lnk = C:\Program Files\GigaTribe\gigatribe.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader

8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat

writer\Distillr\acrotray.exe

O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program

Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital

Imaging\bin\hpqtra08.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader

8.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

- C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80}

- C:\Program Files\Desktop Sidebar\sbhelp.dll

O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar -

{09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -

C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -

C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... -

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)

O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsupdate/...eb_site.cab?117

5965340296

O16 - DPF: {D5D30A68-E230-49D9-B4D5-BF7532692945} (CDiscountObj Class) -

https://clients.cdiscount.com/ediag/activex/CDiscount.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5CB08976-916D-4D87-B0D2-18F0D6B83E87}:

NameServer = 192.168.1.1

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program

Files\Fichiers communs\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} -

C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: senscfg32 - C:\WINDOWS\SYSTEM32\senscfg32.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program

Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program

Files\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program

Files\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program

Files\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) -

Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program

Files\Canon\CAL\CALMAIN.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program

Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: VTingWinIe - Unknown owner - C:\WINDOWS\system32\drivers\svchost.exe

(file missing)

************************

thorgal · le 1 juillet 2008

Bonjour,

Tu devrais utiliser la version 2.0.2. Ton pc semble être infecté, mais je ne m'y connais pas trop. Re-propose un log Hijackthis avec la version que je viens de te proposer.

Cordialement...

VdeLab · le 1 juillet 2008

Bonsoir,

suite à la remarque de thorgal, voici un nouveau log Hijackthis, avec la version plus récente...

Merci à tous...

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:23:27, on 01/07/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

C:\Program Files\Avast4\aswUpdSv.exe

C:\Program Files\Avast4\ashServ.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Avast4\ashMaiSv.exe

C:\Program Files\Avast4\ashWebSv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Avast4\ashDisp.exe

C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe

C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Utilitaires_PC\PrintScreen\PrintScreen.exe

C:\WINDOWS\system32\devldr32.exe

C:\Program Files\Vista_Menu\VistaStartMenu.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Desktop Sidebar\dsidebar.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\PROGRA~1\MICROS~3\rapimgr.exe

C:\Program Files\Adobe\Acrobat writer\Distillr\acrotray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\GigaTribe\gigatribe.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

http://www.avast.com/fre/faq-red-circle.html

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

*.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat writer\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} -

C:\Program Files\Desktop Sidebar\sbhelp.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program

Files\Utilitaire_securite\Spybot\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} -

C:\Program Files\Adobe\Acrobat writer\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Spb Wallet - {2913D3DD-9363-4C21-B205-C19A584A0674} - C:\Program Files\Spb

Wallet\SpbWalletToolbar.dll

O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} -

C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand201013011.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program

Files\Adobe\Acrobat writer\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program

Files\Acronis\TrueImage\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program

Files\Acronis\TrueImage\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers

communs\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software

Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program

Files\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iM Sniffer] "C:\Program Files\IM Sniffer\IMSniffer.exe" -start

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program

Files\Utilitaires_PC\PrintScreen\PrintScreen.exe /nosplash

O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista_Menu\VistaStartMenu.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [sIDEBAR] "C:\Program Files\Desktop Sidebar\dsidebar.exe"

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft

ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Program Files\Copernic Desktop Search

2\DesktopSearchService.exe" /tray

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"

-autorun

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE

LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE

RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default

user')

O4 - Startup: GigaTribe.lnk = C:\Program Files\GigaTribe\gigatribe.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader

8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat

writer\Distillr\acrotray.exe

O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program

Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital

Imaging\bin\hpqtra08.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader

8.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

- C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80}

- C:\Program Files\Desktop Sidebar\sbhelp.dll

O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar -

{09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -

C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -

C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... -

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)

O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsupdate/...eb_site.cab?117

5965340296

O16 - DPF: {D5D30A68-E230-49D9-B4D5-BF7532692945} (CDiscountObj Class) -

https://clients.cdiscount.com/ediag/activex/CDiscount.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5CB08976-916D-4D87-B0D2-18F0D6B83E87}:

NameServer = 192.168.1.1

O20 - Winlogon Notify: senscfg32 - C:\WINDOWS\SYSTEM32\senscfg32.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program

Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program

Files\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program

Files\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program

Files\Avast4\ashWebSv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) -

Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program

Files\Canon\CAL\CALMAIN.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program

Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: VTingWinIe - Unknown owner - C:\WINDOWS\system32\drivers\svchost.exe

(file missing)

--

End of file - 9710 bytes

Falkra · le 1 juillet 2008

Télécharge SmitFraudFix de S!Ri sur le bureau :
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
Note: si tu as une version de SmitfraudFix, ne l'utilise pas, élimine là et télécharge la dernière version.
Double-clique sur smitfraudfix.exe
Choisis l'option 1 pour créer un rapport des fichiers responsables de l'infection.
Poste le rapport sur le forum dans ta prochaine réponse. (si tu ne le trouves pas, il est dans "C:\rapport.txt")

Si process.exe est détecté par ton antivirus ou un autre logiciel, n'en tiens pas compte (choisis d'ignorer) et ne bloque pas le fichier, il sert à terminer des processus, d'où l'alerte émise par ces antivirus qui y voient un danger potentiel. (doc).

VdeLab · le 2 juillet 2008

Bonsoir,

voici le rapport Smitfraudfix:

je ne connaissais pas cet outils... quel différences avec Hijack?

Abientot,

********************************

SmitFraudFix v2.328

Rapport fait à 19:32:07,31, 02/07/2008

Executé à partir de C:\Program Files\Mozilla Firefox\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Le type du système de fichiers est NTFS

Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

C:\Program Files\Avast4\aswUpdSv.exe

C:\Program Files\Avast4\ashServ.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Avast4\ashMaiSv.exe

C:\Program Files\Avast4\ashWebSv.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Avast4\ashDisp.exe

C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe

C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Utilitaires_PC\PrintScreen\PrintScreen.exe

C:\Program Files\Vista_Menu\VistaStartMenu.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Desktop Sidebar\dsidebar.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Adobe\Acrobat writer\Distillr\acrotray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\GigaTribe\gigatribe.exe

C:\PROGRA~1\MICROS~3\rapimgr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\SmitfraudFix\Policies.exe

C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Vincent

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Vincent\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Vincent\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix