Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

"Virus" p1.htm p2.htm p3.htm

augustin.blanc
 Partager

Messages recommandés

augustin.blanc Junior Member

augustin.blanc

Posté(e)
Posté(e)

Bonjour à tous,

 

je fais appel à vous aujourd'hui parce que depuis maintenant plusieurs jours mon PC ouvre tout seul des pages IE qui pointent sur

- C:\WINDOWS\p1.htm

- C:\WINDOWS\p2.htm

- C:\WINDOWS\p3.htm

 

Ces pages sont bloquées par IE mais c'est penible... il s'en ouvre à peu prêt une toutes les 30 secondes.

 

J'ai scanner avec AVAST (je sais... ça ne me protège pas :P) avec Anti-Malware mais rien n'y fait.

 

Je vous poste le rapport HijackThis et suis à l'écoute de tous vos bons conseils... merci d'avance :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:53:50, on 02/02/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

C:\Apps\Powercinema\PCMService.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Logitech\iTouch\iTouch.exe

C:\Program Files\HP Wireless Adapter\HPWLAN.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\LSHPRN.EXE

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Nike+ Utility\Nike+ Utility.exe

C:\Program Files\HP Wireless Printer Adapter\ConnectMgr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

D:\Commun\Logiciels\HiJackThis.exe

C:\WINDOWS\system32\HPZinw12.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hotmail.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O1 - Hosts: HP3EC661 HP001CC43EC661

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w

O4 - HKLM\..\Run: [HPWireless] "C:\Program Files\HP Wireless Adapter\HPWLAN.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [PrinterSecurityLayer] C:\WINDOWS\system32\LSHPRN.EXE

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Nike+ Utility.lnk = C:\Program Files\Nike+ Utility\Nike+ Utility.exe

O4 - Global Startup: Redémarrer le gestionnaire de connexion.lnk = ?

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

 

--

End of file - 10065 bytes

angelique Devil Member !

angelique

Posté(e)
Posté(e)

• Tu relances Hijackthis " do a system scan only" , tu coches uniquement les lignes ci dessous et tu clic Fixchecked::

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w

 

==> clic Fixchecked

 

• Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

ou la:

http://sdfix.net/SDFix.exe

 

Double clique sur SDFix.exe et choisis Install pour l'extraire en c:\SDFix.

 

Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

 

Redémarre en mode Sans Échec : au redémarrage, tapote immédiatement la touche F8 , ça peut être F5 sur certains PC de "grande surface"; tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.

 

mode_sans_echec_01.gif

 

 

 

* Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.

*si le fix se referme immediatement , ne fonctionne pas , copie colle la ligne ci dessous dans executer et relance RunThis.bat

 

%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe

 

* Appuie sur Y pour commencer le processus de nettoyage.

* Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.

* Appuie sur une touche pour redémarrer le PC.

* Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.(laisse le s'executer sans rien toucher!!)

* Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.

* Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.(ne touche à rien!!laisse le faire)

* Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

* Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forumavec un nouveau rapport Hijackthis

augustin.blanc Junior Member

augustin.blanc

Posté(e)
  • Auteur
Posté(e)

Merci Angélique de t'occuper de mon cas.

 

J'ai fait ce que tu avais dit... voilà le rapport SDFix :

 

S
DFix: Ver
s
ion 1.240

Run by Admini
s
trateur on 02/02/2009 at 19:40

 

Micro
s
oft Window
s
XP [ver
s
ion 5.1.2600]

Running From: C:\
S
DFix

 

Chec
k
ing
S
ervice
s
:

 

 

Re
s
toring Default
S
ecurity Value
s

Re
s
toring Default Ho
s
t
s
File

 

Rebooting

 

 

Chec
k
ing File
s
:

 

No Trojan File
s
Found

 

 

 

 

 

 

Removing Temp File
s

 

AD
S
Chec
k
:

 

 

 

Final Chec
k
:

 

catchme 0.3.1361.2 W2
K
/XP/Vi
s
ta - root
k
it/
s
tealth malware detector by Gmer,

Root
k
it
s
can 2009-02-02 20:05:18

Window
s
5.1.2600
S
ervice Pac
k
3 NTF
S

 

s
canning hidden proce
s
s
e
s
...

 

s
canning hidden
s
ervice
s
&
s
y
s
tem hive ...

 

[H
K
EY_LOCAL_MACHINE\
S
Y
S
TEM\CurrentControl
S
et\
S
ervice
s
\
s
ptd\Cfg]

"
s
1"=dword:2df9c43f

"
s
2"=dword:110480d0

"h0"=dword:00000001

 

[H
K
EY_LOCAL_MACHINE\
S
Y
S
TEM\CurrentControl
S
et\
S
ervice
s
\
s
ptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Program File
s
\DAEMON Tool
s
Lite\"

"h0"=dword:00000000

"
k
hjeh"=hex:4a,92,98,a3,c0,c5,69,ff,20,69,4e,b8,20,61,13,b8,a4,b0,fc,33,27,..

 

[H
K
EY_LOCAL_MACHINE\
S
Y
S
TEM\CurrentControl
S
et\
S
ervice
s
\
s
ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,49,54,91,60,87,ae,9e,0c,61,e7,1e,31,77,07,96,1d,7f,..

"
k
hjeh"=hex:28,7a,6c,b4,db,f9,cb,7a,2d,c1,61,2a,ae,8c,b5,2a,0d,28,61,b8,61,..

 

[H
K
EY_LOCAL_MACHINE\
S
Y
S
TEM\CurrentControl
S
et\
S
ervice
s
\
s
ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"
k
hjeh"=hex:59,75,31,09,eb,f9,4c,d6,dc,e8,28,e0,13,70,f1,d8,bd,08,67,75,ee,..

[H
K
EY_LOCAL_MACHINE\
S
Y
S
TEM\Control
S
et002\
S
ervice
s
\
s
ptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Program File
s
\DAEMON Tool
s
Lite\"

"h0"=dword:00000000

"
k
hjeh"=hex:4a,92,98,a3,c0,c5,69,ff,20,69,4e,b8,20,61,13,b8,a4,b0,fc,33,27,..

 

[H
K
EY_LOCAL_MACHINE\
S
Y
S
TEM\Control
S
et002\
S
ervice
s
\
s
ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,49,54,91,60,87,ae,9e,0c,61,e7,1e,31,77,07,96,1d,7f,..

"
k
hjeh"=hex:28,7a,6c,b4,db,f9,cb,7a,2d,c1,61,2a,ae,8c,b5,2a,0d,28,61,b8,61,..

 

[H
K
EY_LOCAL_MACHINE\
S
Y
S
TEM\Control
S
et002\
S
ervice
s
\
s
ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"
k
hjeh"=hex:59,75,31,09,eb,f9,4c,d6,dc,e8,28,e0,13,70,f1,d8,bd,08,67,75,ee,..

[H
K
EY_LOCAL_MACHINE\
S
Y
S
TEM\Control
S
et003\
S
ervice
s
\
s
ptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"p0"="C:\Program File
s
\DAEMON Tool
s
Lite\"

"h0"=dword:00000000

"
k
hjeh"=hex:4a,92,98,a3,c0,c5,69,ff,20,69,4e,b8,20,61,13,b8,a4,b0,fc,33,27,..

 

[H
K
EY_LOCAL_MACHINE\
S
Y
S
TEM\Control
S
et003\
S
ervice
s
\
s
ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,49,54,91,60,87,ae,9e,0c,61,e7,1e,31,77,07,96,1d,7f,..

"
k
hjeh"=hex:28,7a,6c,b4,db,f9,cb,7a,2d,c1,61,2a,ae,8c,b5,2a,0d,28,61,b8,61,..

 

[H
K
EY_LOCAL_MACHINE\
S
Y
S
TEM\Control
S
et003\
S
ervice
s
\
s
ptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"
k
hjeh"=hex:59,75,31,09,eb,f9,4c,d6,dc,e8,28,e0,13,70,f1,d8,bd,08,67,75,ee,..

 

s
canning hidden regi
s
try entrie
s
...

 

s
canning hidden file
s
...

 

s
can completed
s
ucce
s
s
fully

hidden proce
s
s
e
s
: 0

hidden
s
ervice
s
: 0

hidden file
s
: 0

 

 

Remaining
S
ervice
s
:

 

 

 

 

Authorized Application
K
ey Export:

 

[H
K
EY_LOCAL_MACHINE\
s
y
s
tem\currentcontrol
s
et\
s
ervice
s
\
s
haredacce
s
s
\parameter
s
\firewallpolicy\
s
tandardprofile\authorizedapplication
s
\li
s
t]

"%ProgramFile
s
%\\AOL 9.0\\aol.exe"="%ProgramFile
s
%\\AOL 9.0\\aol.exe:*:Enabled:AOL"

"%ProgramFile
s
%\\UBI
S
OFT\\
S
plinter Cell Pandora Tomorrow\\logo_ubi.exe"="%ProgramFile
s
%\\UBI
S
OFT\\
S
plinter Cell Pandora Tomorrow\\logo_ubi.exe:*:Enabled:
S
PLINTER CELL PANDORA"

"%ProgramFile
s
%\\UBI
S
OFT\\
S
plinter Cell Pandora Tomorrow\\pandora.exe"="%ProgramFile
s
%\\UBI
S
OFT\\
S
plinter Cell Pandora Tomorrow\\pandora.exe:*:Enabled:PANDORA"

"%windir%\\
s
y
s
tem32\\
s
e
s
s
mgr.exe"="%windir%\\
s
y
s
tem32\\
s
e
s
s
mgr.exe:*:enabled:@xp
s
p2re
s
.dll,-22019"

"C:\\APP
S
\\Inventime\\my.exe"="C:\\APP
S
\\Inventime\\my.exe:*:Enabled:INVENTIME"

"\\\\Augu
s
tin-laptop\\Lecteur CD\\
s
etup\\hpznet01.exe"="\\\\Augu
s
tin-laptop\\Lecteur CD\\
s
etup\\hpznet01.exe:*:Enabled:hpznet01.exe"

"\\\\Augu
s
tin-laptop\\Lecteur CD\\
s
etup\\hponicif
s
01.exe"="\\\\Augu
s
tin-laptop\\Lecteur CD\\
s
etup\\hponicif
s
01.exe:*:Enabled:hponicif
s
01.exe"

"C:\\Program File
s
\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program File
s
\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"

"C:\\Program File
s
\\HP\\Digital Imaging\\bin\\hpq
s
te08.exe"="C:\\Program File
s
\\HP\\Digital Imaging\\bin\\hpq
s
te08.exe:*:Enabled:hpq
s
te08.exe"

"C:\\Program File
s
\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program File
s
\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"

"C:\\Program File
s
\\HP\\Digital Imaging\\bin\\hpo
s
fx08.exe"="C:\\Program File
s
\\HP\\Digital Imaging\\bin\\hpo
s
fx08.exe:*:Enabled:hpo
s
fx08.exe"

"C:\\Program File
s
\\HP\\Digital Imaging\\bin\\hpo
s
id01.exe"="C:\\Program File
s
\\HP\\Digital Imaging\\bin\\hpo
s
id01.exe:*:Enabled:hpo
s
id01.exe"

"C:\\Program File
s
\\HP\\Digital Imaging\\bin\\hpq
s
cnvw.exe"="C:\\Program File
s
\\HP\\Digital Imaging\\bin\\hpq
s
cnvw.exe:*:Enabled:hpq
s
cnvw.exe"

"C:\\Program File
s
\\HP\\Digital Imaging\\bin\\hpq
k
ygrp.exe"="C:\\Program File
s
\\HP\\Digital Imaging\\bin\\hpq
k
ygrp.exe:*:Enabled:hpq
k
ygrp.exe"

"C:\\Program File
s
\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program File
s
\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"

"C:\\Program File
s
\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program File
s
\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"

"C:\\Program File
s
\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program File
s
\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"

"C:\\Program File
s
\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program File
s
\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"

"C:\\Program File
s
\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program File
s
\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"

"C:\\Program File
s
\\HP\\Digital Imaging\\bin\\hpoew
s
01.exe"="C:\\Program File
s
\\HP\\Digital Imaging\\bin\\hpoew
s
01.exe:*:Enabled:hpoew
s
01.exe"

"C:\\Program File
s
\\HP\\Digital Imaging\\bin\\hpqnr
s
08.exe"="C:\\Program File
s
\\HP\\Digital Imaging\\bin\\hpqnr
s
08.exe:*:Enabled:hpqnr
s
08.exe"

"%windir%\\Networ
k
Diagno
s
tic\\xpnetdiag.exe"="%windir%\\Networ
k
Diagno
s
tic\\xpnetdiag.exe:*:Enabled:@xp
s
p3re
s
.dll,-20000"

"C:\\Program File
s
\\eMule\\emule.exe"="C:\\Program File
s
\\eMule\\emule.exe:*:Enabled:eMule"

"C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\66exmdn
k
44.exe"="C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\66exmdn
k
44.exe:*:Di
s
abled:66exmdn
k
44"

"C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\36exmdn
k
44.exe"="C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\36exmdn
k
44.exe:*:Di
s
abled:36exmdn
k
44"

"C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\9exmdn
k
44a.exe"="C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\9exmdn
k
44a.exe:*:Di
s
abled:9exmdn
k
44a"

"C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\78exmdn
k
44b.exe"="C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\78exmdn
k
44b.exe:*:Di
s
abled:78exmdn
k
44b"

"C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\19exmdn
k
45a.exe"="C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\19exmdn
k
45a.exe:*:Di
s
abled:19exmdn
k
45a"

"C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\4exmdn
k
45a.exe"="C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\4exmdn
k
45a.exe:*:Di
s
abled:4exmdn
k
45a"

"C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\38exmdn
k
45a.exe"="C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\38exmdn
k
45a.exe:*:Di
s
abled:38exmdn
k
45a"

"C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\33exmdn
k
45a.exe"="C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\33exmdn
k
45a.exe:*:Di
s
abled:33exmdn
k
45a"

"C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\26exmdn
k
45a.exe"="C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\26exmdn
k
45a.exe:*:Di
s
abled:26exmdn
k
45a"

"C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\14exmdn
k
45a.exe"="C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\14exmdn
k
45a.exe:*:Di
s
abled:14exmdn
k
45a"

"C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\47exmdn
k
46.exe"="C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\47exmdn
k
46.exe:*:Di
s
abled:47exmdn
k
46"

"C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\91exmdn
k
46.exe"="C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\91exmdn
k
46.exe:*:Di
s
abled:91exmdn
k
46"

"C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\95exmdn
k
46.exe"="C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\95exmdn
k
46.exe:*:Di
s
abled:95exmdn
k
46"

"C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\77exmdn
k
46.exe"="C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\77exmdn
k
46.exe:*:Di
s
abled:77exmdn
k
46"

"C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\37exmdn
k
46.exe"="C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\37exmdn
k
46.exe:*:Di
s
abled:37exmdn
k
46"

"C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\63exmdn
k
46.exe"="C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\63exmdn
k
46.exe:*:Di
s
abled:63exmdn
k
46"

"C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\68exmdn
k
46.exe"="C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\68exmdn
k
46.exe:*:Di
s
abled:68exmdn
k
46"

"C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\65exmdn
k
50.exe"="C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\65exmdn
k
50.exe:*:Di
s
abled:65exmdn
k
50"

"C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\49exmdn
k
50.exe"="C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\49exmdn
k
50.exe:*:Di
s
abled:49exmdn
k
50"

"C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\93exmdn
k
50.exe"="C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\93exmdn
k
50.exe:*:Di
s
abled:93exmdn
k
50"

"C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\29exmdn
k
54.exe"="C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\29exmdn
k
54.exe:*:Di
s
abled:29exmdn
k
54"

"C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\87exmdn
k
54.exe"="C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\87exmdn
k
54.exe:*:Di
s
abled:87exmdn
k
54"

"C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\10exmdn
k
54.exe"="C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\10exmdn
k
54.exe:*:Di
s
abled:10exmdn
k
54"

"C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\67exmdn
k
54.exe"="C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\67exmdn
k
54.exe:*:Di
s
abled:67exmdn
k
54"

"C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\42exmdn
k
54.exe"="C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\42exmdn
k
54.exe:*:Di
s
abled:42exmdn
k
54"

"C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\8exmdn
k
54.exe"="C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\8exmdn
k
54.exe:*:Di
s
abled:8exmdn
k
54"

"C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\56exmdn
k
54.exe"="C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\56exmdn
k
54.exe:*:Di
s
abled:56exmdn
k
54"

"C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\92exmdn
k
54.exe"="C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\92exmdn
k
54.exe:*:Di
s
abled:92exmdn
k
54"

"C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\90exmdn
k
54.exe"="C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\90exmdn
k
54.exe:*:Di
s
abled:90exmdn
k
54"

"C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\78exmdn
k
54.exe"="C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\78exmdn
k
54.exe:*:Di
s
abled:78exmdn
k
54"

"C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\0exmdn
k
56.exe"="C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\0exmdn
k
56.exe:*:Di
s
abled:0exmdn
k
56"

"C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\69exmdn
k
56.exe"="C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\69exmdn
k
56.exe:*:Di
s
abled:69exmdn
k
56"

"C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\95exmdn
k
56.exe"="C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\95exmdn
k
56.exe:*:Di
s
abled:95exmdn
k
56"

"C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\16exmdn
k
56.exe"="C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\16exmdn
k
56.exe:*:Di
s
abled:16exmdn
k
56"

"C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\92exmdn
k
56.exe"="C:\\Document
s
and
S
etting
s
\\delphine\\Local
S
etting
s
\\Temp\\92exmdn
k
56.exe:*:Di
s
abled:92exmdn
k
56"

"C:\\Program File
s
\\AirPort\\APAgent.exe"="C:\\Program File
s
\\AirPort\\APAgent.exe:*:Enabled:APAgent"

"C:\\Program File
s
\\Bonjour\\mDN
S
Re
s
ponder.exe"="C:\\Program File
s
\\Bonjour\\mDN
S
Re
s
ponder.exe:*:Enabled:Bonjour"

"C:\\Program File
s
\\iTune
s
\\iTune
s
.exe"="C:\\Program File
s
\\iTune
s
\\iTune
s
.exe:*:Enabled:iTune
s
"

"C:\\Program File
s
\\Window
s
Live\\Me
s
s
enger\\m
s
nm
s
gr.exe"="C:\\Program File
s
\\Window
s
Live\\Me
s
s
enger\\m
s
nm
s
gr.exe:*:Enabled:Window
s
Live Me
s
s
enger"

"C:\\Program File
s
\\Window
s
Live\\Me
s
s
enger\\livecall.exe"="C:\\Program File
s
\\Window
s
Live\\Me
s
s
enger\\livecall.exe:*:Enabled:Window
s
Live Me
s
s
enger (Phone)"

 

[H
K
EY_LOCAL_MACHINE\
s
y
s
tem\currentcontrol
s
et\
s
ervice
s
\
s
haredacce
s
s
\parameter
s
\firewallpolicy\domainprofile\authorizedapplication
s
\li
s
t]

"%windir%\\
s
y
s
tem32\\
s
e
s
s
mgr.exe"="%windir%\\
s
y
s
tem32\\
s
e
s
s
mgr.exe:*:enabled:@xp
s
p2re
s
.dll,-22019"

"%windir%\\Networ
k
Diagno
s
tic\\xpnetdiag.exe"="%windir%\\Networ
k
Diagno
s
tic\\xpnetdiag.exe:*:Enabled:@xp
s
p3re
s
.dll,-20000"

"C:\\Program File
s
\\Window
s
Live\\Me
s
s
enger\\m
s
nm
s
gr.exe"="C:\\Program File
s
\\Window
s
Live\\Me
s
s
enger\\m
s
nm
s
gr.exe:*:Enabled:Window
s
Live Me
s
s
enger"

"C:\\Program File
s
\\Window
s
Live\\Me
s
s
enger\\livecall.exe"="C:\\Program File
s
\\Window
s
Live\\Me
s
s
enger\\livecall.exe:*:Enabled:Window
s
Live Me
s
s
enger (Phone)"

 

Remaining File
s
:

 

 

 

File
s
with Hidden Attribute
s
:

 

Wed 2 Feb 2005 215 A.
S
HR --- "C:\BOOT.BA
K
"

Wed 28 Dec 2005 56 ..
S
HR --- "C:\WINDOW
S
\
s
y
s
tem32\36784046CF.
s
y
s
"

S
at 26 Jan 2008 6,219,320 A..H. --- "C:\Bac
k
up Gho
s
t\Program File
s
\Pica
s
a2\
s
etup.exe"

S
un 4 Mar 2007 468,787 ..
S
H. --- "C:\Bac
k
up Gho
s
t\WINDOW
S
\
s
y
s
tem32\qrqru.ba
k
1"

Mon 12 Mar 2007 616,448 A.
S
H. --- "C:\Bac
k
up Gho
s
t\WINDOW
S
\Temp\hrbadm0i.TMP"

S
un 6 Apr 2008 4,348 ..
S
H. --- "C:\Document
s
and
S
etting
s
\All U
s
er
s
\DRM\DRMv1.ba
k
"

Thu 29 Jan 2009 9,934,392 A..H. --- "C:\Program File
s
\Google\Pica
s
a3\
s
etup.exe"

Tue 23 Oct 2007 584 A..H. --- "C:\Program File
s
\InterActual\InterActual Player\iti50.tmp"

S
at 8 Jul 2006 4,348 A.
S
H. --- "C:\Bac
k
up Gho
s
t\Document
s
and
S
etting
s
\All U
s
er
s
\DRM\DRMv1.ba
k
"

Mon 13 Nov 2006 0 A.
S
H. --- "C:\Bac
k
up Gho
s
t\Document
s
and
S
etting
s
\All U
s
er
s
\DRM\Cache\Indiv01.tmp"

S
un 30
S
ep 2007 0 A..H. --- "C:\Bac
k
up Gho
s
t\WINDOW
S
\
S
oftwareDi
s
tribution\Download\12bb35ec2265dce083ec92c86f1e1ffc\BIT5.tmp"

S
un 30
S
ep 2007 0 A..H. --- "C:\Bac
k
up Gho
s
t\WINDOW
S
\
S
oftwareDi
s
tribution\Download\1db9e52f9e862450a2af87f2f5a16dbc\BIT4.tmp"

S
un 30
S
ep 2007 0 A..H. --- "C:\Bac
k
up Gho
s
t\WINDOW
S
\
S
oftwareDi
s
tribution\Download\2beb5c1d00b4ac7c5cbc5be7194a21c2\BIT2.tmp"

Mon 31 Dec 2007 0 A..H. --- "C:\Bac
k
up Gho
s
t\WINDOW
S
\
S
oftwareDi
s
tribution\Download\3baf18ad8b1aef3a4fc43c15f7b3a2c9\BIT2.tmp"

Mon 31 Dec 2007 0 A..H. --- "C:\Bac
k
up Gho
s
t\WINDOW
S
\
S
oftwareDi
s
tribution\Download\771350e502329b319ea4189fe126f571\BIT1.tmp"

S
un 30
S
ep 2007 0 A..H. --- "C:\Bac
k
up Gho
s
t\WINDOW
S
\
S
oftwareDi
s
tribution\Download\925da4180c37428c7fc37822f170a5da\BIT3.tmp"

S
un 30
S
ep 2007 0 A..H. --- "C:\Bac
k
up Gho
s
t\WINDOW
S
\
S
oftwareDi
s
tribution\Download\cf7ced0e70c80a1e476f1abf49afecb1\BIT1.tmp"

 

Fini
s
hed!

 

et le rapport HijackThis

 

 

Logfile of Trend Micro Hijac
k
Thi
s
v2.0.2

S
can
s
aved at 20:16:33, on 02/02/2009

Platform: Window
s
XP
S
P3 (WinNT 5.01.2600)

M
S
IE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running proce
s
s
e
s
:

C:\WINDOW
S
\
S
y
s
tem32\
s
m
s
s
.exe

C:\WINDOW
S
\
s
y
s
tem32\winlogon.exe

C:\WINDOW
S
\
s
y
s
tem32\
s
ervice
s
.exe

C:\WINDOW
S
\
s
y
s
tem32\l
s
a
s
s
.exe

C:\WINDOW
S
\
s
y
s
tem32\
s
vcho
s
t.exe

C:\WINDOW
S
\
S
y
s
tem32\
s
vcho
s
t.exe

C:\WINDOW
S
\Explorer.EXE

C:\Program File
s
\Alwil
S
oftware\Ava
s
t4\a
s
wUpd
S
v.exe

C:\Program File
s
\Alwil
S
oftware\Ava
s
t4\a
s
h
S
erv.exe

C:\WINDOW
S
\
s
y
s
tem32\
s
pool
s
v.exe

C:\Program File
s
\Fichier
s
commun
s
\Apple\Mobile Device
S
upport\bin\AppleMobileDevice
S
ervice.exe

C:\Program File
s
\Gri
s
oft\AVG Anti-
S
pyware 7.5\guard.exe

C:\Program File
s
\Bonjour\mDN
S
Re
s
ponder.exe

C:\WINDOW
S
\
s
y
s
tem32\
s
l
s
erv.exe

C:\WINDOW
S
\
s
y
s
tem32\
s
vcho
s
t.exe

C:\Program File
s
\Alwil
S
oftware\Ava
s
t4\a
s
hMai
S
v.exe

C:\Program File
s
\Alwil
S
oftware\Ava
s
t4\a
s
hWeb
S
v.exe

C:\WINDOW
S
\
s
y
s
tem32\notepad.exe

C:\WINDOW
S
\
s
y
s
tem32\VTTimer.exe

C:\WINDOW
S
\
S
OUNDMAN.EXE

C:\Program File
s
\Java\j2re1.4.2_05\bin\ju
s
ched.exe

C:\App
s
\Powercinema\PCM
S
ervice.exe

C:\Program File
s
\HP\HP
S
oftware Update\HPWu
S
chd2.exe

C:\PROGRA~1\ALWIL
S
~1\Ava
s
t4\a
s
hDi
s
p.exe

C:\Program File
s
\Logitech\iTouch\iTouch.exe

C:\Program File
s
\HP Wirele
s
s
Adapter\HPWLAN.exe

C:\Program File
s
\iTune
s
\iTune
s
Helper.exe

C:\WINDOW
S
\
s
y
s
tem32\L
S
HPRN.EXE

C:\Program File
s
\Window
s
Live\Me
s
s
enger\M
s
nM
s
gr.Exe

C:\WINDOW
S
\
s
y
s
tem32\ctfmon.exe

C:\Program File
s
\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program File
s
\Ni
k
e+ Utility\Ni
k
e+ Utility.exe

C:\Program File
s
\HP Wirele
s
s
Printer Adapter\ConnectMgr.exe

C:\Program File
s
\iPod\bin\iPod
S
ervice.exe

C:\Program File
s
\HP\Digital Imaging\bin\hpqnr
s
08.exe

C:\Program File
s
\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program File
s
\HP\Digital Imaging\bin\hpq
S
TE08.exe

C:\Program File
s
\Internet Explorer\iexplore.exe

C:\Program File
s
\Fichier
s
commun
s
\Micro
s
oft
S
hared\Window
s
Live\WLLoginProxy.exe

C:\Program File
s
\Internet Explorer\iexplore.exe

C:\Program File
s
\Trend Micro\Hijac
k
Thi
s
\Hijac
k
Thi
s
.exe

C:\WINDOW
S
\
s
y
s
tem32\HPZinw12.exe

 

R0 - H
K
CU\
S
oftware\Micro
s
oft\Internet Explorer\Main,
S
tart Page =

R1 - H
K
LM\
S
oftware\Micro
s
oft\Internet Explorer\Main,Default_Page_URL =

R1 - H
K
LM\
S
oftware\Micro
s
oft\Internet Explorer\Main,Default_
S
earch_URL =

R1 - H
K
LM\
S
oftware\Micro
s
oft\Internet Explorer\Main,
S
earch Page =

R0 - H
K
LM\
S
oftware\Micro
s
oft\Internet Explorer\Main,
S
tart Page =

R1 - H
K
CU\
S
oftware\Micro
s
oft\Internet Connection Wizard,
S
hellNext =

R1 - H
K
CU\
S
oftware\Micro
s
oft\Internet Explorer\Main,Window Title = Pac
k
ard Bell

R1 - H
K
CU\
S
oftware\Micro
s
oft\Window
s
\CurrentVer
s
ion\Internet
S
etting
s
,ProxyOverride = *.local

R0 - H
K
CU\
S
oftware\Micro
s
oft\Internet Explorer\Toolbar,Lin
k
s
FolderName = Lien
s

O2 - BHO: AcroIEHlprObj Cla
s
s
- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program File
s
\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Programme d'aide de l'A
s
s
i
s
tant de connexion Window
s
Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program File
s
\Fichier
s
commun
s
\Micro
s
oft
S
hared\Window
s
Live\Window
s
LiveLogin.dll

O2 - BHO:
S
T - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program File
s
\M
S
N App
s
\
S
T\01.03.0000.1005\en-xu\
s
tmain.dll

O2 - BHO: M
S
NToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program File
s
\M
S
N App
s
\M
S
N Toolbar\M
S
N Toolbar\01.02.5000.1021\fr\m
s
ntb.dll

O3 - Toolbar: M
S
N - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program File
s
\M
S
N App
s
\M
S
N Toolbar\M
S
N Toolbar\01.02.5000.1021\fr\m
s
ntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program File
s
\Yahoo!\Companion\In
s
tall
s
\cpn\yt.dll

O4 - H
K
LM\..\Run: [iMJPMIG8.1] "C:\WINDOW
S
\IME\imjp8_1\IMJPMIG.EXE" /
S
poil /RemAdvDef /Migration32

O4 - H
K
LM\..\Run: [PHIME2002A
S
ync] C:\WINDOW
S
\
s
y
s
tem32\IME\TINTLGNT\TINT
S
ETP.EXE /
S
YNC

O4 - H
K
LM\..\Run: [PHIME2002A] C:\WINDOW
S
\
s
y
s
tem32\IME\TINTLGNT\TINT
S
ETP.EXE /IMEName

O4 - H
K
LM\..\Run: [VTTimer] VTTimer.exe

O4 - H
K
LM\..\Run: [
s
oundMan]
S
OUNDMAN.EXE

O4 - H
K
LM\..\Run: [
s
unJavaUpdate
S
ched] C:\Program File
s
\Java\j2re1.4.2_05\bin\ju
s
ched.exe

O4 - H
K
LM\..\Run: [PCM
S
ervice] "c:\App
s
\Powercinema\PCM
S
ervice.exe"

O4 - H
K
LM\..\Run: [ANIWZC
S
2
S
ervice] C:\Program File
s
\ANI\ANIWZC
S
2
S
ervice\WZC
S
LDR2.exe

O4 - H
K
LM\..\Run: [HP
S
oftware Update] C:\Program File
s
\HP\HP
S
oftware Update\HPWu
S
chd2.exe

O4 - H
K
LM\..\Run: [ava
s
t!] C:\PROGRA~1\ALWIL
S
~1\Ava
s
t4\a
s
hDi
s
p.exe

O4 - H
K
LM\..\Run: [zBrow
s
er Launcher] C:\Program File
s
\Logitech\iTouch\iTouch.exe

O4 - H
K
LM\..\Run: [HPWirele
s
s
] "C:\Program File
s
\HP Wirele
s
s
Adapter\HPWLAN.exe"

O4 - H
K
LM\..\Run: [Quic
k
Time Ta
s
k
] "C:\Program File
s
\Quic
k
Time\qtta
s
k
.exe" -atboottime

O4 - H
K
LM\..\Run: [iTune
s
Helper] "C:\Program File
s
\iTune
s
\iTune
s
Helper.exe"

O4 - H
K
LM\..\Run: [Printer
S
ecurityLayer] C:\WINDOW
S
\
s
y
s
tem32\L
S
HPRN.EXE

O4 - H
K
CU\..\Run: [M
s
nM
s
gr] "C:\Program File
s
\Window
s
Live\Me
s
s
enger\M
s
nM
s
gr.Exe" /bac
k
ground

O4 - H
K
CU\..\Run: [ctfmon.exe] C:\WINDOW
S
\
s
y
s
tem32\ctfmon.exe

O4 - H
K
U
S
\
S
-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOW
S
\
s
y
s
tem32\CTFMON.EXE (U
s
er '
S
ERVICE LOCAL')

O4 - H
K
U
S
\
S
-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOW
S
\
s
y
s
tem32\CTFMON.EXE (U
s
er '
S
ERVICE R
É
S
EAU')

O4 - H
K
U
S
\
S
-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOW
S
\
s
y
s
tem32\CTFMON.EXE (U
s
er '
S
Y
S
TEM')

O4 - H
K
U
S
\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOW
S
\
s
y
s
tem32\CTFMON.EXE (U
s
er 'Default u
s
er')

O4 - Global
S
tartup: D
é
marrage rapide de HP Photo
s
mart Premier.ln
k
= C:\Program File
s
\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global
S
tartup: HP Digital Imaging Monitor.ln
k
= C:\Program File
s
\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global
S
tartup: Ni
k
e+ Utility.ln
k
= C:\Program File
s
\Ni
k
e+ Utility\Ni
k
e+ Utility.exe

O4 - Global
S
tartup: Red
é
marrer le ge
s
tionnaire de connexion.ln
k
= ?

O6 - H
K
LM\
S
oftware\Policie
s
\Micro
s
oft\Internet Explorer\Re
s
triction
s
pre
s
ent

O8 - Extra context menu item: Add to Google Photo
s
S
creen
s
a&ver - re
s
://C:\WINDOW
S
\
s
y
s
tem32\GPhoto
s
.
s
cr/200

O8 - Extra context menu item: E&xporter ver
s
Micro
s
oft Excel - re
s
://C:\PROGRA~1\MICRO
S
~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program File
s
\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O9 - Extra 'Tool
s
' menuitem: Con
s
ole Java (
S
un) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program File
s
\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program File
s
\Bonjour\ExplorerPlugin.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOW
S
\bdo
s
candel.exe

O9 - Extra 'Tool
s
' menuitem: Unin
s
tall BitDefender Online
S
canner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOW
S
\bdo
s
candel.exe

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICRO
S
~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOW
S
\
s
y
s
tem32\
S
hdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOW
S
\Networ
k
Diagno
s
tic\xpnetdiag.exe

O9 - Extra 'Tool
s
' menuitem: @xp
s
p3re
s
.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOW
S
\Networ
k
Diagno
s
tic\xpnetdiag.exe

O9 - Extra button: Me
s
s
enger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program File
s
\Me
s
s
enger\m
s
m
s
g
s
.exe

O9 - Extra 'Tool
s
' menuitem: Window
s
Me
s
s
enger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program File
s
\Me
s
s
enger\m
s
m
s
g
s
.exe

O14 - IERE
S
ET.INF:
S
TART_PAGE_URL=file://C:\APP
S
\IE\offline\fr.htm

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (M
S
N Photo Upload Tool) -

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BD
S
CANONLINE Control) -

O20 - AppInit_DLL
s
: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 -
S
ervice: ANIWZC
S
d
S
ervice (ANIWZC
S
d
S
ervice) - Alpha Networ
k
s
Inc. - C:\Program File
s
\ANI\ANIWZC
S
2
S
ervice\ANIWZC
S
d
S
.exe

O23 -
S
ervice: Apple Mobile Device - Apple Inc. - C:\Program File
s
\Fichier
s
commun
s
\Apple\Mobile Device
S
upport\bin\AppleMobileDevice
S
ervice.exe

O23 -
S
ervice: ava
s
t! iAV
S
4 Control
S
ervice (a
s
wUpd
S
v) - ALWIL
S
oftware - C:\Program File
s
\Alwil
S
oftware\Ava
s
t4\a
s
wUpd
S
v.exe

O23 -
S
ervice: ava
s
t! Antiviru
s
- ALWIL
S
oftware - C:\Program File
s
\Alwil
S
oftware\Ava
s
t4\a
s
h
S
erv.exe

O23 -
S
ervice: ava
s
t! Mail
S
canner - ALWIL
S
oftware - C:\Program File
s
\Alwil
S
oftware\Ava
s
t4\a
s
hMai
S
v.exe

O23 -
S
ervice: ava
s
t! Web
S
canner - ALWIL
S
oftware - C:\Program File
s
\Alwil
S
oftware\Ava
s
t4\a
s
hWeb
S
v.exe

O23 -
S
ervice: AVG Anti-
S
pyware Guard - GRI
S
OFT
s
.r.o. - C:\Program File
s
\Gri
s
oft\AVG Anti-
S
pyware 7.5\guard.exe

O23 -
S
ervice:
S
ervice Bonjour (Bonjour
S
ervice) - Apple Inc. - C:\Program File
s
\Bonjour\mDN
S
Re
s
ponder.exe

O23 -
S
ervice: GoogleDe
s
k
topManager - Google - C:\Program File
s
\Google\Google De
s
k
top
S
earch\GoogleDe
s
k
top.exe

O23 -
S
ervice: Google Updater
S
ervice (gu
s
vc) - Google - C:\Program File
s
\Google\Common\Google Updater\GoogleUpdater
S
ervice.exe

O23 -
S
ervice: HP Port Re
s
olver - Hewlett-Pac
k
ard Company - C:\WINDOW
S
\
s
y
s
tem32\
s
pool\driver
s
\w32x86\3\HPBPRO.EXE

O23 -
S
ervice: HP
S
tatu
s
S
erver - Hewlett-Pac
k
ard Company - C:\WINDOW
S
\
s
y
s
tem32\
s
pool\driver
s
\w32x86\3\HPBOID.EXE

O23 -
S
ervice: In
s
tallDriver Table Manager (IDriverT) - Macrovi
s
ion Corporation - C:\Program File
s
\Fichier
s
commun
s
\In
s
tall
S
hield\Driver\11\Intel 32\IDriverT.exe

O23 -
S
ervice:
S
ervice de l
iPod (iPod
S
ervice) - Apple Inc. - C:\Program File
s
\iPod\bin\iPod
S
ervice.exe

O23 -
S
ervice: My
s
qlInventime - Un
k
nown owner - c:\my
s
ql\bin\my
s
qld-nt.exe

O23 -
S
ervice: Pml Driver HPZ12 - HP - C:\WINDOW
S
\
s
y
s
tem32\HPZipm12.exe

O23 -
S
ervice:
S
martLin
k
S
ervice (
S
L
S
ervice) - - C:\WINDOW
S
\
S
Y
S
TEM32\
s
l
s
erv.exe

 

--

End of file - 9948 byte
s

 

 

Pour l'instant, les pages s'ouvrent toujours toutes seules

angelique Devil Member !

angelique

Posté(e)
Posté(e)

Mouai et t'as sality en plus : http://www.threatexpert.com/files/lshprn.exe.html

 

tu es plus sérieusement infecté que cela ne laissait parraitre :P

 

• relance Hijackthis "do a system scan only" , coche uniquement les lignes ci dessous et clic Fixchecked:

 

O4 - HKLM\..\Run: [PrinterSecurityLayer] C:\WINDOWS\system32\LSHPRN.EXE

 

==> clic Fixchecked

 

• Télécharge OTMoveIt3 de OldTimer

http://oldtimer.geekstogo.com/OTMoveIt3.exe

 

* Enregistre-le sur ton bureau

* Double-clique sur OTMoveIt3.exe pour le lancer (l'extension peut ne pas apparaître)

* Copie-colle l'entièreté de ceci ci dessous dans la partie "Paste Instructions for Items to be Moved" (en-dessous de la barre jaune) :

 

:processes
explorer.exe

:files
C:\WINDOWS\system32\LSHPRN.EXE
C:\WINDOWS\system\smvss.exe

:commands
[emptytemp]

 

 

* Clique sur le bouton rouge Moveit! pour lancer le nettoyage, accepte le redemarrage

* Copie-colle dans ta prochaine réponse le contenu du fichier texte qui s'affiche (le rapport)

--> Un rapport sera généré dans le dossier C:\ _OTMoveIt\MovedFiles avec la date et l'heure du passage de l'outil (mmddyyyy_hhmmss.log)

 

• Télécharge combofix.exe (par sUBs), renome le dans la fenetre de telechargement par COlaf et sauvegarde le sur ton bureau ,pas ailleurs!!!

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

http://www.forospyware.com/sUBs/ComboFix.exe

http://subs.geekstogo.com/ComboFix.exe

 

* Double-clique combofix.exe, accepte le CluF qui s'affiche, afin de l'exécuter et suis les instructions.

* Lorsque l'analyse sera complétée, un rapport apparaîtra que tu me posteras.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

 

tuto:: http://www.bleepingcomputer.com/combofix/f...iliser-combofix

 

• Puis tu vas utiliser AVPTool de kaspersky

 

Télécharge la dernière version de AVP Tool et enregistre-le sur ton bureau.

Installe-le en double-cliquant sur Setup_7.0.0.xxx.

 

ftp://ftp.kaspersky.com/devbuilds/AVPTool....2009_06-50.exe

 

Si ta suite de sécurité rouspète, désactive-là un instant pour installer l'outil de désinfection de Kaspersky.

 

Redémarre le pc en mode sans échec:

Redémarre en mode Sans Échec : au redémarrage, tapote immédiatement la touche F8 ; tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.

 

 

Ouvre le dossier jaune de Kaspersky sur le bureau: double-clic sur le K rouge setup, coche TOUTES les cases puis clique sur Scan.

 

A la fin si des objets sont découverts, clique sur Neutralize all.Si la solution DESINFECT est proposé , choisi la!!

 

Clique sur Reports/Save to file --> nomme le fichier texte "Rapport kav" et colle ce rapport dans ta réponse prochaine avec le rapport ComboFix(COlaF)

 

Ferme l'outil, on le désinstallera plus tard selon le rapport, il ne doit pas rester sur le pc car il évolue tous les jours!

 

=== je ne te lirais que vers 18h30 , 'cause TAF===

augustin.blanc Junior Member

augustin.blanc

Posté(e)
  • Auteur
Posté(e)

Rapport OTMoveIT

 

Error: Unable to interpret <proce
s
s
e
s
> in the current context!

Error: Unable to interpret <explorer.exe> in the current context!

========== FILE
S
==========

C:\WINDOW
S
\
s
y
s
tem32\L
S
HPRN.EXE moved
s
ucce
s
s
fully.

File/Folder C:\WINDOW
S
\
s
y
s
tem\
s
mv
s
s
.exe not found.

========== COMMAND
S
==========

File delete failed. C:\DOCUME~1\delphine\LOCAL
S
~1\Temp\~DF35A6.tmp
s
cheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\delphine\LOCAL
S
~1\Temp\~DF59EA.tmp
s
cheduled to be deleted on reboot.

U
s
er'
s
Temp folder emptied.

U
s
er'
s
Temporary Internet File
s
folder emptied.

U
s
er'
s
Internet Explorer cache folder emptied.

Local
S
ervice Temp folder emptied.

File delete failed. C:\Document
s
and
S
etting
s
\Local
S
ervice\Local
S
etting
s
\Temporary Internet File
s
\Content.IE5\index.dat
s
cheduled to be deleted on reboot.

Local
S
ervice Temporary Internet File
s
folder emptied.

File delete failed. C:\WINDOW
S
\temp\_ava
s
t4_\Web
s
hloc
k
.txt
s
cheduled to be deleted on reboot.

File delete failed. C:\WINDOW
S
\temp\Perflib_Perfdata_71c.dat
s
cheduled to be deleted on reboot.

Window
s
Temp folder emptied.

Java cache emptied.

Temp folder
s
emptied.

 

OTMoveIt3 by OldTimer - Ver
s
ion 1.0.8.0 log created on 02032009_201122

 

 

Rapport ComboFix

 

ComboFix 09-02-02.04 - delphine 2009-02-03 20:21:46.1 - NTF
S
x86

Micro
s
oft Window
s
XP
É
dition familiale 5.1.2600.3.1252.1.1036.18.447.123 [GMT 1:00]

Lanc
é
depui
s
: c:\document
s
and
s
etting
s
\delphine\Bureau\COlaf.exe

AV: ava
s
t! antiviru
s
4.8.1296 [VP
S
090203-0] *On-acce
s
s
s
canning di
s
abled* (Updated)

* Un nouveau point de re
s
tauration a
é
t
é
cr
é
é

.

 

((((((((((((((((((((((((((((( Fichier
s
cr
é
é
s
du 2009-01-03 au 2009-02-03 ))))))))))))))))))))))))))))))))))))

.

 

2009-02-03 20:11 . 2009-02-03 20:11 <REP> d-------- C:\_OTMoveIt

2009-02-02 19:38 . 2009-02-02 19:38 579,584 --a------ c:\window
s
\
s
y
s
tem32\dllcache\u
s
er32.dll

2009-02-02 19:37 . 2009-02-02 19:37 <REP> d-------- c:\window
s
\ERUNT

2009-02-02 19:36 . 2005-02-02 20:18 <REP> d-------- c:\document
s
and
s
etting
s
\Admini
s
trateur\WINDOW
S

2009-02-02 19:36 . 2004-08-16 17:55 <REP> d--h----- c:\document
s
and
s
etting
s
\Admini
s
trateur\Voi
s
inage r
é
s
eau

2009-02-02 19:36 . 2004-08-16 17:55 <REP> d--h----- c:\document
s
and
s
etting
s
\Admini
s
trateur\Voi
s
inage d'impre
s
s
ion

2009-02-02 19:36 . 2004-08-16 17:55 <REP> d--h----- c:\document
s
and
s
etting
s
\Admini
s
trateur\Mod
è
le
s

2009-02-02 19:36 . 2004-08-16 18:19 <REP> dr------- c:\document
s
and
s
etting
s
\Admini
s
trateur\Me
s
document
s

2009-02-02 19:36 . 2004-08-16 17:55 <REP> dr------- c:\document
s
and
s
etting
s
\Admini
s
trateur\Menu D
é
marrer

2009-02-02 19:36 . 2005-02-02 20:28 <REP> dr------- c:\document
s
and
s
etting
s
\Admini
s
trateur\Favori
s

2009-02-02 19:36 . 2009-02-02 19:38 <REP> dr------- c:\document
s
and
s
etting
s
\Admini
s
trateur\Bureau

2009-02-02 19:36 . 2005-02-02 20:28 <REP> d-------- c:\document
s
and
s
etting
s
\Admini
s
trateur\Application Data\You've Got Picture
s
S
creen
s
aver

2009-02-02 19:36 . 2005-02-02 20:31 <REP> d-------- c:\document
s
and
s
etting
s
\Admini
s
trateur\Application Data\
S
ymantec

2009-02-02 19:36 . 2009-02-02 19:36 <REP> d-------- c:\document
s
and
s
etting
s
\Admini
s
trateur

2009-02-02 19:32 . 2009-02-02 20:09 <REP> d-------- C:\
S
DFix

2009-02-01 12:49 . 2009-02-01 12:49 <REP> d-------- c:\window
s
\
s
y
s
tem32\fr

2009-02-01 12:49 . 2009-02-01 12:49 <REP> d-------- c:\window
s
\
s
y
s
tem32\bit
s

2009-02-01 12:49 . 2009-02-01 12:50 <REP> d-------- c:\window
s
\l2
s
chema
s

2009-02-01 12:42 . 2009-02-01 12:51 <REP> d-------- c:\window
s
\
S
ervicePac
k
File
s

2009-02-01 12:31 . 2009-02-01 12:31 <REP> d-------- c:\window
s
\EHome

2009-01-25 19:43 . 2009-01-14 16:11 38,496 --a------ c:\window
s
\
s
y
s
tem32\driver
s
\mbam
s
wi
s
s
army.
s
y
s

2009-01-25 18:30 . 2009-02-03 07:37 4,321 --a------ c:\window
s
\p3.htm

2009-01-25 18:28 . 2009-02-03 07:35 4,299 --a------ c:\window
s
\p2.htm

2009-01-25 18:26 . 2009-02-03 07:33 4,321 --a------ c:\window
s
\p1.htm

2009-01-10 11:08 . 2009-01-10 11:08 <REP> d-------- c:\program file
s
\Free Audio Pac
k

2009-01-10 11:01 . 2009-01-10 11:01 <REP> d-------- c:\document
s
and
s
etting
s
\All U
s
er
s
\Application Data\TEMP

2009-01-10 11:01 . 2009-01-10 11:01 398 --a------ c:\window
s
\AudioConverter.INI

2009-01-10 08:55 . 2009-01-10 10:46 <REP> d-------- C:\AudioConverter

2009-01-10 08:54 . 2009-01-10 08:54 <REP> d-------- c:\program file
s
\ea
s
etech

2009-01-10 08:39 . 2009-01-10 08:39 <REP> d-------- c:\program file
s
\iPod

2009-01-10 08:38 . 2009-01-10 08:39 <REP> d-------- c:\program file
s
\iTune
s

2009-01-10 08:38 . 2009-01-10 08:39 <REP> d-------- c:\document
s
and
s
etting
s
\All U
s
er
s
\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2009-01-10 08:35 . 2009-01-10 08:36 <REP> d-------- c:\program file
s
\Quic
k
Time

2009-01-05 23:33 . 2009-01-05 23:33 3,751,995 --a------ c:\window
s
\
s
y
s
tem32\GPhoto
s
.
s
cr

2009-01-03 09:36 . 2009-01-03 09:36 <REP> d-------- c:\window
s
\
s
y
s
tem32\IO
S
UB
S
Y
S

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-30 14:00 --------- d-----w c:\program file
s
\eMule

2009-01-25 18:43 --------- d-----w c:\program file
s
\Malwarebyte
s
' Anti-Malware

2009-01-14 15:11 15,504 ----a-w c:\window
s
\
s
y
s
tem32\driver
s
\mbam.
s
y
s

2009-01-10 07:35 --------- d-----w c:\program file
s
\Fichier
s
commun
s
\Apple

2009-01-03 08:36 --------- d-----w c:\program file
s
\Google

2008-12-11 10:57 333,952 ----a-w c:\window
s
\
s
y
s
tem32\driver
s
\
s
rv.
s
y
s

2005-12-28 18:42 56 --
s
h--r c:\window
s
\
s
y
s
tem32\36784046CF.
s
y
s

.

 

((((((((((((((((((((((((((((((((( Point
s
de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* le
s
é
l
é
ment
s
vide
s
& le
s
é
l
é
ment
s
initiaux l
é
gitime
s
ne
s
ont pa
s
li
s
t
é
s

REGEDIT4

 

[H
K
EY_CURRENT_U
S
ER\
S
OFTWARE\Micro
s
oft\Window
s
\CurrentVer
s
ion\Run]

"M
s
nM
s
gr"="c:\program file
s
\Window
s
Live\Me
s
s
enger\M
s
nM
s
gr.Exe" [2007-10-18 5724184]

"ctfmon.exe"="c:\window
s
\
s
y
s
tem32\ctfmon.exe" [2008-04-14 15360]

 

[H
K
EY_LOCAL_MACHINE\
S
OFTWARE\Micro
s
oft\Window
s
\CurrentVer
s
ion\Run]

"IMJPMIG8.1"="c:\window
s
\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]

"PHIME2002A
S
ync"="c:\window
s
\
s
y
s
tem32\IME\TINTLGNT\TINT
S
ETP.EXE" [2004-08-05 455168]

"PHIME2002A"="c:\window
s
\
s
y
s
tem32\IME\TINTLGNT\TINT
S
ETP.EXE" [2004-08-05 455168]

"
S
unJavaUpdate
S
ched"="c:\program file
s
\Java\j2re1.4.2_05\bin\ju
s
ched.exe" [2004-06-03 32881]

"PCM
S
ervice"="c:\app
s
\Powercinema\PCM
S
ervice.exe" [2004-10-08 81920]

"ANIWZC
S
2
S
ervice"="c:\program file
s
\ANI\ANIWZC
S
2
S
ervice\WZC
S
LDR2.exe" [2005-10-19 49152]

"HP
S
oftware Update"="c:\program file
s
\HP\HP
S
oftware Update\HPWu
S
chd2.exe" [2006-02-19 49152]

"ava
s
t!"="c:\progra~1\ALWIL
S
~1\Ava
s
t4\a
s
hDi
s
p.exe" [2008-11-26 81000]

"zBrow
s
er Launcher"="c:\program file
s
\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]

"HPWirele
s
s
"="c:\program file
s
\HP Wirele
s
s
Adapter\HPWLAN.exe" [2006-10-04 618496]

"Quic
k
Time Ta
s
k
"="c:\program file
s
\Quic
k
Time\qtta
s
k
.exe" [2008-11-04 413696]

"iTune
s
Helper"="c:\program file
s
\iTune
s
\iTune
s
Helper.exe" [2008-11-20 290088]

"VTTimer"="VTTimer.exe" [2004-03-26 c:\window
s
\
s
y
s
tem32\VTTimer.exe]

"
S
oundMan"="
S
OUNDMAN.EXE" [2004-05-14 c:\window
s
\
S
OUNDMAN.EXE]

 

[H
K
EY_U
S
ER
S
\.DEFAULT\
S
oftware\Micro
s
oft\Window
s
\CurrentVer
s
ion\Run]

"CTFMON.EXE"="c:\window
s
\
s
y
s
tem32\CTFMON.EXE" [2008-04-14 15360]

 

c:\document
s
and
s
etting
s
\All U
s
er
s
\Menu D
marrer\Programme
s
\D
marrage\

D
marrage rapide de HP Photo
s
mart Premier.ln
k
- c:\program file
s
\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 73728]

HP Digital Imaging Monitor.ln
k
- c:\program file
s
\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]

Ni
k
e+ Utility.ln
k
- c:\program file
s
\Ni
k
e+ Utility\Ni
k
e+ Utility.exe [2008-04-30 1228800]

Red
marrer le ge
s
tionnaire de connexion.ln
k
- c:\program file
s
\HP Wirele
s
s
Printer Adapter\ConnectMgr.exe [2008-06-08 1122304]

 

[H
K
EY_LOCAL_MACHINE\
s
oftware\micro
s
oft\
s
hared tool
s
\m
s
config\
s
tartupreg\!AVG Anti-
S
pyware]

--a------ 2007-06-11 10:25 6731312 c:\program file
s
\Gri
s
oft\AVG Anti-
S
pyware 7.5\avga
s
.exe

 

[H
K
EY_LOCAL_MACHINE\
s
oftware\micro
s
oft\
s
hared tool
s
\m
s
config\
s
tartupreg\AirPort Ba
s
e
S
tation Agent]

--a------ 2008-05-20 14:17 737280 c:\program file
s
\AirPort\APAgent.exe

 

[H
K
EY_LOCAL_MACHINE\
s
oftware\micro
s
oft\
s
hared tool
s
\m
s
config\
s
tartupreg\DAEMON Tool
s
Lite]

--a------ 2008-03-21 09:30 486856 c:\program file
s
\DAEMON Tool
s
Lite\daemon.exe

 

[H
K
EY_LOCAL_MACHINE\
s
oftware\micro
s
oft\
s
hared tool
s
\m
s
config\
s
tartupreg\Google De
s
k
top
S
earch]

--a------ 2007-08-12 10:21 1838592 c:\program file
s
\Google\Google De
s
k
top
S
earch\GoogleDe
s
k
top.exe

 

[H
K
EY_LOCAL_MACHINE\
s
oftware\micro
s
oft\
s
ecurity center\Monitoring\
S
ymantecAntiViru
s
]

"Di
s
ableMonitoring"=dword:00000001

 

[H
K
EY_LOCAL_MACHINE\
s
oftware\micro
s
oft\
s
ecurity center\Monitoring\
S
ymantecFirewall]

"Di
s
ableMonitoring"=dword:00000001

 

[H
K
LM\~\
s
ervice
s
\
s
haredacce
s
s
\parameter
s
\firewallpolicy\
s
tandardprofile\AuthorizedApplication
s
\Li
s
t]

"%ProgramFile
s
%\\AOL 9.0\\aol.exe"=

"%ProgramFile
s
%\\UBI
S
OFT\\
S
plinter Cell Pandora Tomorrow\\logo_ubi.exe"=

"%ProgramFile
s
%\\UBI
S
OFT\\
S
plinter Cell Pandora Tomorrow\\pandora.exe"=

"%windir%\\
s
y
s
tem32\\
s
e
s
s
mgr.exe"=

"c:\\APP
S
\\Inventime\\my.exe"=

"\\\\Augu
s
tin-laptop\\Lecteur CD\\
s
etup\\hpznet01.exe"=

"\\\\Augu
s
tin-laptop\\Lecteur CD\\
s
etup\\hponicif
s
01.exe"=

"c:\\Program File
s
\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program File
s
\\HP\\Digital Imaging\\bin\\hpq
s
te08.exe"=

"c:\\Program File
s
\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program File
s
\\HP\\Digital Imaging\\bin\\hpo
s
fx08.exe"=

"c:\\Program File
s
\\HP\\Digital Imaging\\bin\\hpo
s
id01.exe"=

"c:\\Program File
s
\\HP\\Digital Imaging\\bin\\hpq
s
cnvw.exe"=

"c:\\Program File
s
\\HP\\Digital Imaging\\bin\\hpq
k
ygrp.exe"=

"c:\\Program File
s
\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program File
s
\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program File
s
\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program File
s
\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program File
s
\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program File
s
\\HP\\Digital Imaging\\bin\\hpoew
s
01.exe"=

"c:\\Program File
s
\\HP\\Digital Imaging\\bin\\hpqnr
s
08.exe"=

"%windir%\\Networ
k
Diagno
s
tic\\xpnetdiag.exe"=

"c:\\Program File
s
\\eMule\\emule.exe"=

"c:\\Program File
s
\\AirPort\\APAgent.exe"=

"c:\\Program File
s
\\Bonjour\\mDN
S
Re
s
ponder.exe"=

"c:\\Program File
s
\\iTune
s
\\iTune
s
.exe"=

"c:\\Program File
s
\\Window
s
Live\\Me
s
s
enger\\m
s
nm
s
gr.exe"=

"c:\\Program File
s
\\Window
s
Live\\Me
s
s
enger\\livecall.exe"=

 

[H
K
LM\~\
s
ervice
s
\
s
haredacce
s
s
\parameter
s
\firewallpolicy\
s
tandardprofile\GloballyOpenPort
s
\Li
s
t]

"5353:UDP"= 5353:UDP:Bonjour

"2766:UDP"= 2766:UDP:Window
s
Media Format
S
D
K
(iexplore.exe)

"2767:UDP"= 2767:UDP:Window
s
Media Format
S
D
K
(iexplore.exe)

"2780:UDP"= 2780:UDP:Window
s
Media Format
S
D
K
(iexplore.exe)

 

R1 a
s
w
S
P;ava
s
t!
S
elf Protection;c:\window
s
\
s
y
s
tem32\driver
s
\a
s
w
S
P.
s
y
s
[2009-01-10 111184]

R2 a
s
wF
s
Bl
k
;a
s
wF
s
Bl
k
;c:\window
s
\
s
y
s
tem32\driver
s
\a
s
wF
s
Bl
k
.
s
y
s
[2009-01-10 20560]

R2 HPEAPP
k
t;Realte
k
EAPP
k
t Protocol(HP);c:\window
s
\
s
y
s
tem32\driver
s
\HPEAPP
k
t.
s
y
s
[2008-06-08 68864]

R3 hpnuh
s
t;HP NU
S
B Ho
s
t;c:\window
s
\
s
y
s
tem32\driver
s
\hpnuh
s
t.
s
y
s
[2008-06-08 10752]

R3 HPNUHUB;HP NU
S
B Hub;c:\window
s
\
s
y
s
tem32\driver
s
\hpnuhub.
s
y
s
[2008-06-08 37120]

R3 LCcfltr;Logitech U
S
B Filter Driver;c:\window
s
\
s
y
s
tem32\driver
s
\LCcfltr.
s
y
s
[2008-03-29 14095]

R3 RTLWU
S
B;Wirele
s
s
Adapter;c:\window
s
\
s
y
s
tem32\driver
s
\hpl8187.
s
y
s
[2008-06-08 189440]

R3
S
jyP
k
t;
S
jyP
k
t;c:\window
s
\
s
y
s
tem32\driver
s
\
S
jyP
k
t.
s
y
s
[2008-06-08 13532]

S
3 fbxu
s
b;Carte r
é
s
eau virtuelle FreeBox U
S
B;c:\window
s
\
s
y
s
tem32\driver
s
\fbxu
s
b32.
s
y
s
[2005-10-26 21344]

S
3 HPNUCMP;HP NU
S
B Compo
s
ite;c:\window
s
\
s
y
s
tem32\driver
s
\hpnucmp.
s
y
s
[2008-06-08 11648]

.

Contenu du do
s
s
ier 'T
â
che
s
planifi
é
e
s
'

 

2009-02-02 c:\window
s
\Ta
s
k
s
\Apple
S
oftwareUpdate.job

- c:\program file
s
\Apple
S
oftware Update\
S
oftwareUpdate.exe [2008-07-30 11:34]

 

2005-08-15 c:\window
s
\Ta
s
k
s
\Rappel d'enregi
s
trement 2.job

- c:\window
s
\
s
y
s
tem32\OOBE\oobebaln.exe [2008-04-14 03:34]

 

2005-08-15 c:\window
s
\Ta
s
k
s
\Rappel d'enregi
s
trement 3.job

- c:\window
s
\
s
y
s
tem32\OOBE\oobebaln.exe [2008-04-14 03:34]

 

2009-02-03 c:\window
s
\Ta
s
k
s
\RegCure Program Chec
k
.job

- c:\program file
s
\RegCure\RegCure.exe [2008-04-21 22:21]

 

2009-01-29 c:\window
s
\Ta
s
k
s
\RegCure.job

- c:\program file
s
\RegCure\RegCure.exe [2008-04-21 22:21]

.

- - - - ORPHELIN
S
S
UPPRIME
S
- - - -

 

M
S
Config
S
tartUp-Pica
s
a Media Detector - c:\program file
s
\Pica
s
a2\Pica
s
aMediaDetector.exe

 

 

.

------- Examen
s
uppl
é
mentaire -------

.

u
S
tart Page = hxxp://www.google.fr/

uDefault_
S
earch_URL = hxxp://www.google.com/ie

u
S
earchMigratedDefaultURL = hxxp://
s
earch.yahoo.com/
s
earch?p={
s
earchTerm
s
}&ei=utf-8&fr=b1ie7

uInternet Connection Wizard,
S
hellNext = hxxp://www.hotmail.com/

uInternet
S
etting
s
,ProxyOverride = *.local

u
S
earchURL,(Default) = hxxp://www.google.com/
s
earch?q=%
s

IE: Add to Google Photo
s
S
creen
s
a&ver - c:\window
s
\
s
y
s
tem32\GPhoto
s
.
s
cr/200

IE: E&xporter ver
s
Micro
s
oft Excel - c:\progra~1\MICRO
S
~3\OFFICE11\EXCEL.EXE/3000

DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/
s
can_fr/
s
can8/o
s
can8.cab

.

 

**************************************************************************

 

catchme 0.3.1367 W2
K
/XP/Vi
s
ta - root
k
it/
s
tealth malware detector by Gmer,

Root
k
it
s
can 2009-02-03 20:27:38

Window
s
5.1.2600
S
ervice Pac
k
3 NTF
S

 

Recherche de proce
s
s
u
s
cach
é
s
...

 

Recherche d'
é
l
é
ment
s
en d
é
marrage automatique cach
é
s
...

 

Recherche de fichier
s
cach
é
s
...

 

S
can termin
é
avec
s
ucc
è
s

Fichier
s
cach
é
s
: 0

 

**************************************************************************

 

[H
K
EY_LOCAL_MACHINE\
S
y
s
tem\Control
S
et001\
S
ervice
s
\My
s
qlInventime]

"ImagePath"="c:\my
s
ql\bin\my
s
qld-nt My
s
qlInventime"

.

--------------------- CLE
S
DE REGI
S
TRE BLOQUEE
S
---------------------

 

[H
K
EY_LOCAL_MACHINE\
s
oftware\Micro
s
oft\Window
s
\CurrentVer
s
ion\In
s
taller\U
s
erData\Local
S
y
s
tem\Component
s
\
Ø
|
ÿ
ÿ
ÿ
ÿ
|
ù
9~*]

"C040211900063D11C8EF10054038389C"="C?\\WINDOW
S
\\
s
y
s
tem32\\FM20ENU.DLL"

.

------------------------ Autre
s
proce
s
s
u
s
actif
s
------------------------

.

c:\program file
s
\Alwil
S
oftware\Ava
s
t4\a
s
wUpd
S
v.exe

c:\program file
s
\Alwil
S
oftware\Ava
s
t4\a
s
h
S
erv.exe

c:\program file
s
\Fichier
s
commun
s
\Apple\Mobile Device
S
upport\bin\AppleMobileDevice
S
ervice.exe

c:\program file
s
\Gri
s
oft\AVG Anti-
S
pyware 7.5\guard.exe

c:\program file
s
\Bonjour\mDN
S
Re
s
ponder.exe

c:\window
s
\
s
y
s
tem32\wdfmgr.exe

c:\program file
s
\Alwil
S
oftware\Ava
s
t4\a
s
hMai
S
v.exe

c:\program file
s
\Alwil
S
oftware\Ava
s
t4\a
s
hWeb
S
v.exe

c:\program file
s
\HP\Digital Imaging\bin\hpqnr
s
08.exe

c:\program file
s
\iPod\bin\iPod
S
ervice.exe

c:\program file
s
\HP\Digital Imaging\bin\hpqimzone.exe

c:\program file
s
\HP\Digital Imaging\bin\hpq
s
te08.exe

.

**************************************************************************

.

Heure de fin: 2009-02-03 20:32:55 - La machine a red
é
marr
é

ComboFix-quarantined-file
s
.txt 2009-02-03 19:32:51

 

Avant-CF: 5
 
262
 
278
 
656 octet
s
libre
s

Apr
è
s
-CF: 5,191,585,792 octet
s
libre
s

 

206 --- E O F --- 2009-02-03 05:11:31

 

 

j'ai pas sauvé le rapport Kapersky... il a enlevé un ver qui trainait dans un webserver.exe si mes souvenirs sont bons

 

En tout cas, les fenêtres ne s'ouvrent plus... par contre j'ai une erreur au démarrage que je vais essayer de traiter ce soir.

 

Merci beaucoup pour ton aide Angélique.

 

Augustin

angelique Devil Member !

angelique

Posté(e)
Posté(e)

je poste du TAF rapidement \o_

 

• bon si t'avais que ça avec avptool c'est plutot bien, desinstalle avptool en mode sans echec du coup.

 

 

•* Double-clique sur OTMoveIt3.exe pour le lancer (l'extension peut ne pas apparaître)

* Copie-colle l'entièreté de ceci ci dessous dans la partie "Paste Instructions for Items to be Moved" (en-dessous de la barre jaune) :ne selectionne qu'à partie de :processes jusqu'à [emptytemp]

-------------------------

 

:processes

explorer.exe

 

:files

c:\windows\p3.htm

c:\windows\p2.htm

c:\windows\p1.htm

C:\SDFix

 

:commands

[emptytemp]

 

 

 

--------------------------------

 

 

*cllique sur le bouton rouge Moveit! pour lancer le nettoyage, accepte le redemarrage

* Copie-colle dans ta prochaine réponse le contenu du fichier texte qui s'affiche (le rapport)

--> Un rapport sera généré dans le dossier C:\ _OTMoveIt\MovedFiles avec la date et l'heure du passage de l'outil (mmddyyyy_hhmmss.log)

 

 

 

 

•va sur ce site : http://virusscan.jotti.org/

 

et fait analyser ce fichier : c:\windows\system32\drivers\SjyPkt.sys

 

 

• vire avast via ajout\supp de programmes , un redemarrage sera demandé

 

» passe leur outils en plus apres desinstallation: http://www.avast.com/fre/avast-uninstall-utility.html

 

 

• installe antivir via ce lien en FR ou en US au choix:

 

en US: http://dlce.antivir.com/down/windows/antiv...n_winu_en_h.exe

en FR: http://dlce.antivir.com/down/windows/antiv...n_winu_fr_h.exe

 

tuto antivir:

http://www.malekal.com/tutorial_antivir.php

 

consulte la video de comment doivent etre cochées les cases:

http://www.malekal.com/fichiers/antivir/Co...tionAntivir.avi

 

• quelle est ton erreur au demarrage ??? fichier manquant ,??? reposte un nouveau rapport HijackThis aussi

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...